TECHNET CYBER 2022: Despite having already awarded a contract for its zero-trust security and network architecture program, DISA officials said today there remains room for other companies, and even foreign countries, to potentially participate in the effort.
With the Thunderdome program, DISA wants to move away from a siloed defense-in-depth security model and toward integrating security from the end user all the way to data being accessed. The agency awarded Booz Allen Hamilton a $6.8 million prototype contract for the effort in January.
“There are countless opportunities for other companies to participate,” Julian Breyer, senior enterprise and security architect for DISA, said today at the AFCEA TechNet Cyber 2022 conference. “We have a lot of adjacent efforts that are going to link up with Thunderdome.”
Some of those efforts include on the endpoint and device management front, container security, API security and identity, credential and access management, or ICAM, which Breyer said lays the foundation for everything the agency and DoD does.
“We don’t think we collectively exhausted all of the different deltas we will want to go after in the future and our working picture is constantly evolving,” Breyer said. “And so the more you [industry] talk to us, the more solutions we see and the more interesting technologies we see, the more we can refine our picture and figure out what the zero-trust architecture eventually should look like for the department.”
RELATED: DISA Has 14 Ways It Wants Industry To Help It Move ‘Into The Future’
Drew Malloy, technical director for DISA’s cyber development directorate, said the agency could also talk to allied Five Eyes nations (Australia, Canada, New Zealand and the United Kingdom) moving forward with Thunderdome as well, though no conversations have taken place yet.
“We’ve been working a lot with the DoD [chief information officer], who has stood up a zero-trust portfolio management office that’s going to do a lot of the collaboration across the department for what people are doing with zero trust,” Malloy said. “We’ve also partnered a lot with the intelligence community. And so as far as reaching out to kind of the multinational world and the federal space, we haven’t yet, but that’s something that’s kind of on the roadmap for us to get to.”
In March, DISA Director Lt. Gen. Robert Skinner told Breaking Defense Thunderdome would be a way to reimagine how the agency looks at networks in the future as DISA positions itself as being data-centric rather than hardware-focused.
Over the next few months, DISA plans to produce a working prototype of Thunderdome that will have “four or five” services provided under the effort, Skinner told Breaking Defense, including Secure Access Service Edge, application security stacks and cloud defensive cyber operations.
DISA Pacific Field Command in Hawaii is likely to be prioritized as among the first to use Thunderdome because DISA’s “other focus has to continue to be on the Pacific and making sure that we are taking care of the strategic priority of the department which continues to be the Indo-Pacific and what’s happening out there in relation to China,” Skinner said.