Attacks and Vulnerabilities
Industries
News
Zero Trust

Pentagon contracts to Booz Allen Hamilton development of Thunderdome zero trust prototype

January 26, 2022
Pentagon contracts to Booz Allen Hamilton development of Thunderdome zero trust prototype

The Defense Information Systems Agency (DISA) announced on Tuesday that it has awarded a US$6.8 million contract to Booz Allen Hamilton for a Thunderdome zero trust prototype. The six-month prototype will work on delivering a zero-trust security model that aligns with U.S. President Joe Biden’s executive order to improve the nation’s cybersecurity posture, the Department of Defense (DOD) Chief Information Officer’s (DODCIO) Digital Modernization Strategy, and DISA’s Strategic Plan

As part of the modernization, Thunderdome will streamline the DOD’s endpoint security solution set, enhance security posture as investments in cloud technologies continue, and implement new security capabilities. Thunderdome is also working on incorporating greater cybersecurity centered around data protection and integrating with existing endpoint and identity initiatives aligned to zero trust.

DISA is an agency that works towards planning, engineering, ​​acquiring, testing, fielding, operating and assuring information-sharing capabilities, command and control solutions and a global enterprise infrastructure to support DOD and national-level leadership.

The Thunderdome prototype is expected to provide DISA with the cybersecurity infrastructure to improve the cybersecurity posture of the U.S. and improve user access to cloud-hosted applications by enabling dynamic, adaptable security from the user to the data and application edge

Last year, the DISA decided to phase out the Joint Regional Security Stacks (JRSS), based upon both independent and baseline reviews, and transition to a new zero trust security and network architecture. DISA is actively developing a department-wide strategy where mission partners will transition from current cybersecurity solutions, such as JRSS to Thunderdome or other zero trust implementations. 

DISA had in May last year delivered its initial DOD zero trust reference architecture to help the U.S. military maintain information superiority on the digital battlefield. 

DISA is conducting a six-month prototype, which will contribute to scalability of Thunderdome across DOD and the overall implementation strategy to transition JRSS users to an enterprise-wide offering of Thunderdome.

During the six months, the agency will work towards operationally testing how to implement DISA’s Zero Trust Reference Architecture, published in March 2020 for the DOD, by taking advantage of commercial technologies, such as secure access service edge (SASE) and software-defined wide area networks (SD-WAN). SASE technology will be used to supplement the current perimeter defense function and allow for direct internet access for DOD applications, regardless of the hosting environment.

“Thunderdome reflects a substantial shift to a next generation cybersecurity and network architecture for DOD,” Chris Barnhurst, DISA deputy director, said in a media statement. “Rooted in identity and enhanced security controls, Thunderdome fundamentally changes our classic network-centric defense-in-depth security model to one centered on the protection of data and will ultimately provide the department with a more secure operating environment through the adoption of zero trust principles.”

“Over the course of the next six months, we plan to produce a working prototype that is scalable across the department,” said Jason Martin, director of DISA’s digital capabilities and security center.

Zero trust operates as a set of guiding principles for workflow, system design, and operations that can be used to improve the security posture of any classification or sensitivity level. Transitioning to zero trust architecture is a journey concerning how an organization evaluates risk in its mission and cannot simply be accomplished with a wholesale replacement of technology. Organizations should seek to incrementally implement zero trust principles, process changes, and technology solutions that protect their data assets and business functions by use case. 

The scope of the DOD’s zero-trust reference architecture effort is specifically to determine capabilities and integrations that can be used to successfully advance the DOD Information Network (DODIN) into an interoperable zero trust end state. The architecture focused on data-centric design while maintaining loose coupling across services to maximize interoperability. 

With an enhanced security set of capabilities, “Thunderdome will greatly help to defend and guard our systems against sophisticated adversaries. Thunderdome will modernize DISA’s cybersecurity infrastructure to significantly improve our security posture as well as improve user access to cloud hosted applications by enabling dynamic, adaptable security from the user to the data and application edge,” according to the DISA statement.

Last week, the Biden administration released a National Security Memorandum (NSM) that works on bolstering the cybersecurity of national security systems, DoD, and the intelligence community systems, building on last year’s Executive Order.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates