The Defense Information Security Agency is fleshing out plans for its Thunderdome program, which is aimed at helping the Pentagon implement a zero-trust cybersecurity model, a DISA official said Wednesday.
A meeting scheduled for next week could be pivotal.
“Monday we have an agencywide technical and direction-setting discussion … to ensure that we are building out … the most optimal way ahead,” Jason Martin, digital capabilities and security center director at DISA, told reporters on the sidelines of AFCEA’s TechNet Cyber conference.
“We’re going through a rack and stack of where we are, what the priorities are, and then what resources we need to align to put out a given MVP [minimum viable product] and associated capabilities,” he said.
DISA has already established a program office for Thunderdome.
Earlier this year the agency awarded the first contract for a Thunderdome security solution prototype to Booz Allen Hamilton, which was valued at $6.8 million.
DISA is leveraging Other Transaction Authority agreements (OTA) for the initiative. OTAs are intended to cut through bureaucratic red tape and help federal agencies such as the Pentagon acquire new technology faster.
“We’re moving forward with sitting down with the vendor on a daily basis to work through, you know, where are we going to go when, what are the milestones, what are the critical performance periods that we’re going to tackle,” Martin said.
“We’ve also started to build out what the prototype will look like for the year, which includes, you know, multiple parts of the agency, which I think will be really good at helping us understand also the various use cases across the agency [and] really what we need to support,” he said. “I think that will really help us build out a set of … parameters to help us get to that initial set of MVPs.”
Unlike some previous cybersecurity models, zero trust assumes that entities already operating inside a network can’t automatically be trusted. The model is already being adopted by organizations in the private sector.
In an executive order last year, the White House directed federal agencies to develop plans for implementing zero trust.
The directive was part of a larger push to modernize the U.S. government’s cybersecurity in the wake of cyberattacks that compromised federal agencies through the exploitation of software.
Thunderdome “will fundamentally change the way DISA operates,” Martin said. “It will fundamentally change the DISN [Defense Information Systems Network] and it will fundamentally change the way that DODIN [Department of Defense Information Network] interoperates with the DISN. So, I think those are all obviously critically important to what we’re trying to do across the department.”