DISA Completes Thunderdome Zero-Trust Project
The Defense Information Systems Agency (DISA) announced today the successful completion of its Thunderdome prototype, the agency’s solution for zero-trust cybersecurity. The agency will seek approval for a production other transaction agreement from the Office of the Undersecretary of Defense for Acquisition and Sustainment to offer Thunderdome across the department for at-scale deployment.
For the past 12 months, DISA has developed and implemented a zero-trust network access architecture, which will fortify the U.S. Defense Department’s networks and deter the growing threats posed by adversaries’ intent on undermining U.S. national security interests and international order, the agency said in a press release.
The release added that the Thunderdome prototype successfully proved that commercial technologies, including Secure Access Service Edge (SASE), Software Defined-Wide Area Networks/Customer Edge Security Stack (CESS) and Application Security Stacks, “can improve both security and network performance in an existing enterprise environment.”
Thunderdome is a set of technologies that are integrated with, but not dependent upon, each other.
According to Brian Hermann, Ph.D., DISA’s Cyber Security and Analytics Directorate director, DISA met the success criteria for the prototype, including the integration of SASE and CESS to enable conditional access to applications and resources based on user and device attributes, as well as the user’s geolocation and time of use, the release said.
DISA included about 1,500 test users at three locations to use Thunderdome’s remote and on-premises capabilities to perform their daily responsibilities. Results showed that Thunderdome increased network performance, and DISA independently validated its services improved security.
Beyond the security benefits of a zero-trust driven architecture and the additional data provided by Thunderdome, DISA’s prototype displayed increased network performance metrics for remote access. One of Thunderdome's greatest benefits is that its architecture has significantly simplified network administration through automation, which improves performance and increases efficiency. With Thunderdome, policies are defined once, and get applied to all relevant devices automatically, according to the press release.
Additionally, DISA recently began deploying some of the zero-trust technologies used for Thunderdome's unclassified prototype on its classified network.