Faced with the global threat landscape that the Defense Department (DoD) oversees, the head of the Defense Information Systems Agency’s (DISA) Thunderdome initiative said today it’s critical that the agency’s efforts to implement zero trust security architectures continue to evolve and succeed.

“Zero trust is an evolution,” Chris Pymm, the portfolio manager for DISA’s Thunderdome project, said during Palo Alto’s Public Sector Ignite 2023 conference on May 16 in Tysons, Va.  “Right now, we have a target on the wall with activities that need to be met across the seven pillars in this space, but I think that’s going to change over time.”

Pymm added, “If it doesn’t evolve, I don’t know that we’re going to be ready for the next adversary.”

The DoD’s push for zero trust over the last few years has allowed the department to change its approach to connecting warfighters, said Nathan Colodney, the Army’s Deputy Director of Cybersecurity, at today’s conference.

Just six months ago, DoD released its long-anticipated Zero Trust Strategy – which envisions an information enterprise secured by a fully implemented department-wide zero trust cybersecurity framework by 2027 that will reduce the attack surface, enable risk management, make data-sharing effective in partnership environments, and quickly contain and remediate adversary activities.

DISA’s Thunderdome project – which represents a collection of technologies that are integrated with each other into a zero trust ecosystem – is expected to go into full production any day now. The successful prototype of Thunderdome includes technologies such as Secure Access Service Edge, Software Defined-Wide Area Networks/Customer Edge Security Stack, and Application Security Stacks.

Colodney said that Thunderdome, and DoD’s zero trust push in general, allow for interoperability across the agency.

“When we talk about empowering the warfighter at the edge, empowering is able to communicate across DoD – not just within the Army,” Colodney said. “It’s being able to reach across to the Air Force, it’s being able to reach the Marine Corps, whomever can deliver the fire support or the kill power you need, has to be able to be linked. And that’s one thing zero trust will allow us to do.”

Colodney praised the department for initiating “an unprecedented cooperation” across the different military branches “to take on this monumental undertaking” and implement zero trust.

“The services have to talk to each other and agree on what they’re doing,” Colodney explained.

“We all have to start with what we have,” he said. “\We just can’t afford to go out and buy new stuff. We have to work with each other, we have to come to agreements, we have to look at DISA and say, DISA what do you have that can we build on and go from there. And that I think has been very successful today.”

When it comes to implementing the department’s zero trust strategy, there are concerns about attracting and retaining a qualified workforce – especially when considering the competition that the public sector faces against industry for that kind of talent.

John Davis, Palo Alto’s vice president of the Public Sector, said the key is to create values and culture within the workplace that contribute to the mission.

“Talent management is a very important issue for all of us, whether you’re government or private sector,” Davis said. “But to be honest with you, the reason I joined Palo Alto Networks more than anything else – great capabilities, but it was the culture and values of the company.”

“You build a culture, and you exemplify the values,” Davis explained. “If their mission really is attractive, people want to be there, they want to do that. They want to invest their own time, they love doing what they’re doing, they feel it’s an important contribution.”

“Our goal is to make each and every day safer and more secure than the day before,” he added, “I think that attracts people, and I think that it helps retain people with a mission like that and with a culture and values like that.”

Davis closed out the panel by offering two ways DoD can continue to focus on the mission, while at the same time being innovative in the cybersecurity arena: leveraging interoperability and automation “in much more effective and powerful ways.”

“We want to make things more simple,” Davis said. “And the industry can make things more simple for DoD and its mission by providing integrated solutions, either through the work that they do to integrate them themselves, or the work that they do with partners to bring integration solutions to DoD.”

Read More About
More Topics
Cate Burgan
Cate Burgan