The Defense Information Systems Agency (DISA) is currently working through its acquisition strategy to go into full production of its Thunderdome zero trust security initiative within the next 30 to 60 days, DISA Director Lt. Gen Robert Skinner said today at the AFCEA TechNet Cyber conference in Baltimore, Md.
DISA, a Department of Defense (DoD) agency, officially completed the prototype for Thunderdome a few months ago, after onboarding about 1,600 users to test out the new system. The prototype successfully proved that commercial technologies can improve both security and network performance.
Following the prototype pilot’s success, Skinner said that he has tasked Jason Miller, the director of DISA’s Digital Capabilities and Security Center, to work through the acquisition strategy “to be able to go full production here in the next 30, 60 days.”
“Thunderdome is more than just a pilot,” Skinner explained. “It’s what’s happening at the client, it’s what’s happening in the data analytics, looking across the entirety of the zero trust framework – those seven pillars or five depending on which [zero trust model] you subscribe to.”
DISA’s Thunderdome represents a collection of technologies that are integrated with – but not dependent upon – each other into a zero trust ecosystem. The successful prototype included technologies such as Secure Access Service Edge (SASE), Software Defined-Wide Area Networks/Customer Edge Security Stack (CESS), and Application Security Stacks.
“Out of the 153-ish key activities identified in the DoD zero trust strategy, we’re at like 123 of those of what DISA is offering as a capability, which is huge,” Skinner said. “And we’re working hand-in-hand with the services because we’re all coalescing around the same time offs, we’re all coalescing around the same technology, all coalescing around the same processes.”
Thunderdome’s success is a big step toward meeting the DoD Chief Information Officer (CIO) John Sherman’s zero-trust targets.
Skinner added that there is “a lot of momentum” within the department to reach or drive toward Sherman’s goal to have zero trust deployed across a majority of DoD enterprise systems by 2027.
“That’s an ambitious goal,” Sherman said last year of his zero trust goal. “But the adversary capability we’re facing leaves us no choice but to move at that level of pace.”