With 40 out of 60 planned sites slated for fiscal year (FY) 2024 now operational, the Defense Information Systems Agency (DISA) is aiming for full deployment of its Thunderdome zero trust network initiative by FY 2027, according to a senior agency official.
Chris Pymm, DISA’s zero trust portfolio manager, explained during a Federal News Network webinar on Sept. 10 that Thunderdome has been deployed to approximately 40 of the 60 planned sites for FY 2024, and that the rollout will accelerate next year as additional defense agencies are integrated into the system and build-out activities continue.
With FY 2024 coming to a close on September 30, the clock is ticking for DISA to meet its initial target of deploying Thunderdome to 60 sites. The larger Department of Defense (DoD) zero trust goal is set for FY 2027, and DISA is on track to meet that deadline, Pymm said.
“For DISA, we’ll complete the network access aspect of zero trust by next year. We’ll then move on to enablement technologies that control access based on user identity and device,” Pymm said. “We’re working with a deadline of FY 2027, and while the network implementation is progressing, we’re currently in the planning phase for application access.”
DISA’s deployment plan includes sites with the U.S. Coast Guard, the U.S. Southern Command, and DISA’s network consolidation effort.
In January 2022, DISA awarded Booz Allen Hamilton a $6.8 million contract to develop a Thunderdome prototype – a zero trust security solution in line with President Biden’s 2021 cybersecurity executive order. After 18 months of development, including nine months on the prototype, Booz Allen Hamilton received a follow-on production agreement to transition Thunderdome into full deployment. The initial rollout began in 2023, with Thunderdome installed at 15 sites.
The project consists of four components — customer security stacks, software-defined wide area networking, secure access service edge capability, and application security stacks.
“We need to address each terrain because zero trust’s effectiveness depends on how it’s applied across different environments,” Pymm said, adding that DISA is not only “planning for zero trust” but also focusing on its “physical implementation.”
“This involves identifying applications and determining the best approach based on their location, whether in the cloud or on-premises. So, next year will be a significant step in our migration, leading towards our broader goals for the Department,” Pymm said.
