The Defense Information Systems Agency (DISA) is moving closer to completing its Thunderdome project – DISA’s zero trust security model – by the target date of January 2023, but the agency still faces the challenge of scaling it across Defense Department (DoD) networks, an agency official said.
Drew Malloy, technical director for DISA’s cybersecurity and analytics directorate, explained during an Oct. 18 Federal News Network event that Thunderdome is now in the operational assessment phase. The program will go through a red-teaming exercise before a fielding decision is made in January 2023.
Once the prototype moves past that phase, DISA can move on to addressing the challenge of scaling it across DoD networks, he said.
“The high-level strategy has remained relatively consistent, but we’ve looked at the actual implementations and what they’re going to look like,” Malloy said.
“How many different sites are we going to have? How are we going to manage those sites? What’s the provisioning going to look like? What’s the sustainment tail going to look like,” he said. “Things of that nature have been at top of our mind for how we push things out.”
One challenge in the process reflects that as a department, DISA has a track record of not agreeing on what one single solution is, he explained.
“So, we wanted to operate with that as a design constraint in mind to say, ‘there are going to be other solutions out there. How do we make sure that we work well together,” Malloy said.
“How do we interoperate? That comes down to things as basic as identity, credentials, and access management,” he continued. “And then, how do we federate that solution to make sure that there’s that consolidated view of identity within the department? And then moving to some of the capabilities within Thunderdome itself, how do we make sure that we aren’t isolating ourselves and/or having to stand up duplicative systems to achieve the same goal?”