Zero Trust Improves Both Cybersecurity and DISA

Thunderdome, the Defense Information Systems Agency’s zero-trust solution, may enhance cybersecurity while also transforming the way the agency does business.

The agency, which is commonly known as DISA, awarded a $6.8 million, six-month contract to Booz Allen Hamilton earlier this year to develop a prototypical Thunderdome solution. During the six-month effort, the agency will operationally test how to implement DISA’s Zero Trust Reference Architecture by taking advantage of commercial technologies such as secure access service edge and software defined-wide area networks. Thunderdome will also incorporate greater cybersecurity centered around data protection and integrate with existing endpoint and identity initiatives aligned to zero trust, according to a DISA press release announcing the contract award.

But while the Thunderdome effort will improve cybersecurity for the department, it also is enhancing departmental cooperation, says Jason Martin, director of DISA’s digital capabilities and security center and component acquisition executive. To begin formulating a zero-trust solution, DISA officials created cross-functional teams with members from across the agency, enhancing communication and collaboration.

“It’s a dynamic that’s changing the way DISA interacts and operates amongst itself. We’re building cross-functional teams from across the agency to do this, so though Thunderdome itself falls under me organically, we have representatives from every center and nearly every directorate in the agency to plan and implement Thunderdome as a capability,” Martin says. “That’s a big benefit in terms of helping us to do business in the future. It’s really moving us forward in terms of collaboration and execution on these large-scale, cross-cutting initiatives like Thunderdome.”

DISA officials tout the cross-functional approach as one that other departments and agencies might use to find their own answers to zero trust. While it’s too early in the process to compile a full list of lessons learned from Thunderdome, DISA officials indicate that other agencies might begin by being inclusive and open to partnerships, canvassing the entire organization and functional areas to “identify any and all touchpoints,” and starting small.

“One of the biggest successes for DISA was having a source selection team with representatives from across the department to help us decide on the right set of technologies,” DISA spokesperson Dillon McConnell states. “One of the main reasons we went for a pilot is that we are looking to learn from it, both good and bad.”

McConnell advises that adopting zero trust likely will not be quick. “Zero trust is really an architectural concept, not something you can buy. It requires fundamental redesigns of entire parts of the security architecture. It will take time.”

DISA officials also have met with numerous experts outside of the agency, including program executive officers and chief information officers. “As we look to pilot that, as we look to roll out areas of responsibility, or areas of operations, for example, we will work through each one of those in a coordinate manner,” Martin states. “But I would say that we have received, at large, very positive feedback from the department on DISA’s evolution and enhancement to the current architecture as part of that technology infusion and truly implementing zero-trust principles.”

Martin cannot yet provide an estimate for when Thunderdome will be fully operational. The prototype will help determine whether large-scale implementation is feasible. But he notes that once implemented, it will affect the entire department because it will be a part of the Defense Information Systems Network (DISN), which is the backbone of the Department of Defense Information Network (DODIN).

“It is a way to communicate through the zero trust-capable environment, and when you do share information, data, communications with DISA, you will certainly interact with Thunderdome as we replace our infrastructure and evolve our infrastructure,” he says. “That is where the DISN is going, and to communicate effectively, we’ll need to integrate across the department, or at least to interface touchpoints to do so.”

Martin oversees a broad array of DISA programs, including the Electromagnetic Battle Management (EMBM) system. The cloud-hosted, service-oriented architecture-based EMBM will provide a crucial, integrated suite of electromagnetic spectrum-related tools, services and data, including serving as a centralized platform for refined data about electromagnetic spectrum operations. EMBM is a modernization of the current Global Electromagnetic Spectrum Information System, which provides joint and global electromagnetic spectrum operations and planning.

“This further enhances those capabilities and is used for planning, information sharing and data analysis. The challenge for the Department of Defense is to ensure and maintain electromagnetic superiority by providing these joint capabilities,” Martin explains.

DISA used existing contract vehicles to develop an initial EMBM minimum viable capability, which is due for release by the fourth quarter of the 2022 fiscal year. The initial system will offer increased electromagnetic situational awareness and will include features suitable for fielding to an operational environment to support warfighters.

DISA officials expect to award a contract for the second version of the minimum viable capability by the third fiscal quarter of 2022. It will support joint electromagnetic spectrum planning and operations for joint task forces and will be deployed in an operationally representative environment within 12 months of award.

Modernizing cyber analytics capabilities also is a major priority for Martin’s team. DISA offers a cloud-based set of solutions that enables the collection of large amounts of data from across DODIN and provides the analytics and visualization tools to make sense of the data. The set of solutions is called Cyber Situational Awareness Analytical Capabilities (CSAAC) and is available on both the Nonsecure Internet Protocol Router Network and Secret Internet Protocol Router Network. By using CSAAC, network analysts and operators have a broader and more comprehensive view of DODIN activity.

The CSAAC is supported by DISA’s Big Data Platform, a DISA-developed open source solution that supports the data ingest, correlation and visualization infrastructure, according to a DISA webpage. The platform’s common architecture can be installed across hundreds of servers in several hours and enables data, visualizations and analytics from CSAAC to be shared with mission partners, to include cyber operators in other organizations, enterprise service users, cyber mission forces, cyber protection teams and other federal agencies.

The Big Data Platform environment includes open source and unclassified components. The open-source, shared infrastructure model provides the department with an increased return on investment and significantly reduces the amount of time it takes to make capabilities available.

Martin describes cyber analytics modernization as ever evolving. “We are really working through what cyber analytics of the future are going to look like for DISA and for Joint Forces Headquarters-DODIN,” he says. “The adversaries are changing on a daily basis, and we need to provide the platform to ensure we have the data at our fingertips to defend ourselves, to defend the DODIN.”