Learning from Ukraine, DISA extends Thunderdome to include classified SIPRNet


Flag of Ukraine on a computer binary codes falling from the top and fading away.

WASHINGTON: The Defense Information Systems Agency, following lessons from the war in Ukraine about the necessity of an up-to-date and secure classified networks, has extended its zero-trust Thunderdome prototype program by half a year.

DISA awarded Booz Allen Hamilton a $6.8 million contract for the network architecture program in January, and the company was expected to produce an initial prototype over the next six months — or this month. But in a Thursday announcement, DISA said it’s expanding the scope of the experiment to include the Pentagon’s classified Secure Internet Protocol Router Network (SIRPNet), and that the deadline has been pushed to January 2023.

“The onset of the war in Ukraine has highlighted the importance of SIPRNet and the need to ensure the U.S. Department of Defense (DOD) has a modernized classified network that will securely protect data,” DISA said in the July 28 press release. “SIPRNet is used by DOD and military services around the world to transmit classified information, up to and including, information classified as secret, however, the framework is antiquated and needs updating.”

The Thunderdome prototype is an important part of the SIPR redesign process and will provide SPIRNet with the security benefits of a zero trust architecture, according to the press release. The original announcement said Thunderdome would be a “scalable” prototype that could be applicable to the Pentagon’s “network architecture,” but didn’t mention SPIRNet.

Over the next six months, DISA will design and implement a SIPR zero-trust production solution that will better secure SIPRNet core infrastructure, providing the agency “with improved visibility to ensure that people cannot access documents that they do not have the need to see,” Thursday’s release said.

“While we have been working on developing a zero trust prototype for the unclassified network, we realized early on that we must develop one, in tandem, for the classified side,” Christopher Barnhurst, DISA deputy director, said. “This extension will enable us to produce the necessary prototypes that will get us to a true zero trust concept.”

Ukraine’s networks have been a target for hackers starting earlier this year, with cyberattacks going after government and bank websites with distributed denial-of-service (DDoS) attacks being attributed to Russia. A US defense official in February told reporters there were also indications Russia conducted cyber attacks against the Kakhova hydroelectric power plant as well.

RELATED: Learning From Ukraine Conflict, Info Security Agency Pushes Ahead On JADC2

The additional time will also allow the agency to conduct operational and security testing that was not originally planned for in the initial pilot and strategize how to transition the current Joint Regional Security Stacks users who will be moving to Thunderdome, Jason Martin, director of DISA’s Digital Capabilities and Security Center, said.

RELATED: Thunderdome Going Global? DISA Says Still Room For Industry, Allies In Zero-Trust Initiative

In a March interview with Breaking Defense, DISA Director Lt. Gen. Robert Skinner said Thunderdome is a key initiative for the agency and would be a way to “reimagine” how it looks at networks in the future.

The goal with the initial prototype timeline was to have equipment that DISA was purchasing for Thunderdome in hand at different locations, with DISA Pacific Field Command in Hawaii likely being prioritized.

Skinner said cross-functional teams had been established across DISA for the effort and the agency was working with other services like the Air Force to identify their needs.

He added there would be four or five services provided under the program, including Secure Access Service Edge, which he described as “a modern way of doing our virtual private networking” where people can access the network from any place, application security stacks and cloud defense cyber operations.

Back then, Skinner said there was potential for the pilot, if it met all requirements, to become the minimal viable product that can actually be scalable across DoD.

Source link


Please enter your comment!
Please enter your name here