Pentagon Zero Trust Challenges Include Scalability, Interoperability
Testing, scaling and interoperability are the remaining impediments as DISA moves closer to completing its Thunderdome zero trust prototype.
As the Defense Information Systems Agency (DISA) moves closer to the Thunderdome project completion date in January 2023, remaining challenges include testing, scaling the capability from operational and technology perspectives and interoperability with other zero trust solutions.
“As a department, we have a pretty consistent track record of not agreeing on what one single solution is. So we wanted to operate with that as a design constraint in mind to say, ‘There are going to be other solutions out there. How do we make sure that we work well together?'” Drew Malloy, technical director for the Cyber Development Directorate at DISA, said during a Federal News Network panel Tuesday. “How do we interoperate … how do we make sure that we aren’t isolating ourselves and having to stand up duplicative systems in order to achieve the same goal?”
DISA awarded the $7 million Thunderdome zero trust prototype contract to Booz Allen Hamilton in January, initially setting a six-month project completion timeline. The war in Ukraine highlighted the need for the Defense Department (DOD) to develop a cybersecurity solution for a modernized classified network, which prompted DISA to extend the pilot by six more months to include a zero trust prototype for the DOD’s classified network, SIPRNet.
As DISA integrates these innovative solutions, the agency hopes to address concerns such as out-of-date data standards or solutions not working well with other third-party security systems.
“When you look at what we’re trying to do, from an end-to-end security mindset around zero trust, you really want to have those integrations out of the box with those security tools to make sure that everything is working in a consolidated fashion,” Malloy said. “And right now … we’re carrying some risks around the fact that some of these solutions aren’t working well together.”
Thunderdome’s ultimate goal is enabling military service members and civilian employees to access the services they need securely. Successful implementation includes figuring out how many sites DISA will have, how to manage them and what the provisioning or sustainment will look like.
DISA is also working on the messaging around how to engage both the user community, the security applications and data owners.
“We can put out a lot of these capabilities that … are centered around zero trust, but until folks adopt them, especially from an application perspective — talking about how do you look at what you do for access control currently and how can you take advantage of what’s being given to you by this SASE solution to make better decisions based off of the different parts of your application and or the data within your application,” Malloy said. “We’ve put a lot of enabling technologies out there, but we aren’t taking as much advantage of it as we can. So that’s part of our efforts as well.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
FDA Outlines Future Tech Priorities
FDA is advancing its tech capabilities with quantum computing, zero-trust architecture and modernized data sharing.
6m read -
How AI Will Shape the Future of Cancer Care
Cutting-edge technology is transforming health care, with solutions like artificial intelligence helping agencies like the National Cancer Institute (NCI) improve screening, diagnosis and treatment.
3m watch -
Navy’s New Playbook, Enterprise Services Boost Tech Acquisition
The Department of the Navy is leading the charge in innovation, speeding up the federal acquisition process to improve tech adoption and remain competitive in the evolving tech landscape.
3m watch -
GenAI Remains Top Focus for Public Sector IT Leaders
Federal leaders say generative AI is showing promise for efficiency in multiple use cases and sectors, including cancer research.
5m read