DISA completes Thunderdome prototype, a step closer to achieving DoD’s zero-trust vision

WASHINGTON — The Defense Information Systems Agency (DISA) has finally produced a prototype of Thunderdome, its network architecture program after a months-long delay, taking a key step toward meeting the Pentagon’s zero-trust vision, the agency announced. 

“Thunderdome has confirmed its potential by laying a zero-trust technology foundation, but the work doesn’t end there,” Christopher Barnhurst, DISA deputy director, said in a statement. “To truly accomplish the department’s zero-trust goals, DISA’s next steps include changing the culture to implement policies and procedures to make use of zero-trust technologies and approaches in every program.”

Booz Allen Hamilton was awarded a $6.8 million prototype contract last January to develop a prototype for the zero-trust security model. The Defense Department’s chief information officer has outlined a broader goal for the department to meet “targeted” zero trust by fiscal 2027 — a set of minimal requirements DoD and its components need to achieve — and then a more “advanced” set of activities that provide the highest level of protection. Under the zero-trust concept, rather than letting users who pass security checks have free reign over data, there would be continual checks to make sure each user should be allowed to access different information — essentially refusing to ever fully “trust” users on the network.

RELATED: JWCC, Zero Trust, User Experience & A New Cyber Talent Strategy: DoD CIO Sets FY23 Priorities

“Additionally, DISA recently began deploying some of the zero-trust technologies used for Thunderdome’s unclassified prototype on its classified network,” according to the press release. “By doing so, Thunderdome’s tools can apply condition-based access controls to data on DISA’s classified enterprise network, making this network more secure.”

Beyond zero-trust benefits, the Thunderdome prototype architecture has “significantly simplified network administration through automation, which improves performance and increases efficiency,” according to the release. It says that the agency onboarded 1,500 test users at three locations to test out the prototype’s remote and on-premises capabilities to perform daily responsibilities.

A prototype for Thunderdome was initially expected to be completed around the middle of 2022, but in July DISA announced it would be delaying the network architecture program until January 2023 to include the Pentagon’s classified Secure Internet Protocol Router Network (SIPRNet). 

“The onset of the war in Ukraine has highlighted the importance of SIPRNet and the need to ensure the U.S. Department of Defense (DOD) has a modernized classified network that will securely protect data,” DISA said in a July 28, 2021 press release. “SIPRNet is used by DOD and military services around the world to transmit classified information, up to and including, information classified as secret, however, the framework is antiquated and needs updating.”

DISA Director Lt. Gen. Robert Skinner told Breaking Defense last March that Thunderdome would be a way to “reimagine” how the agency looks at networks in the future. 

At the time, Skinner said four or five services will be provided under the program, including Secure Access Service Edge (SASE), which he described as “a modern way of doing our virtual private networking” where people can access the network from any place, as well as application security stacks and cloud defense cyber operations.

According to the March 1 announcement, “DISA met the success criteria for the prototype including the integration of SASE and [Customer Edge Security Stack] to enable conditional access to applications and resources based on user and device attributes as well as the user’s geolocation and time of use.”

As for next steps with the prototype, the press release says DISA is looking to get approved for a production other transaction agreement to offer Thunderdome across the department for at-scale deployment.