The achievement is a major milestone for DISA’s Thunderdome initiative, which offers a suite of IT and cybersecurity technologies that various agencies across the Defense Department can use as their zero-trust solution. DISA’s validation of Thunderdome comes more than two years ahead of the Pentagon’s deadline to implement target levels of zero trust by the end of fiscal 2027.

“It is a stellar machine system and environment, and there’s a lot of DOD field activities and agencies that are depending on that solution as its [zero-trust] solution,” Resnick said Wednesday during the Defense Acquisition University’s annual Zero Trust Symposium.

Zero trust is a cybersecurity framework that assumes networks are already compromised by adversaries, as opposed to the perimeter-based standards traditionally employed by the DOD. Rather than establishing a protective cybersecurity boundary over its networks, zero trust requires the Pentagon to integrate new capabilities that can constantly monitor and authenticate its networks and users as they move through them.

The DOD’s 2022 Zero Trust Strategy outlined a minimum set of 91 capability outcomes that agencies and components must meet to achieve “target levels” of zero trust no later than Sept. 30, 2027. The strategy also provided an additional 61 activities that are required to meet what the Pentagon considers “advanced levels.”

Resnick said DISA’s Thunderdome achieved a “perfect 152 out of 152,” meaning the solution is the second to hit all of the department’s ZT capability outcomes. The Navy’s cloud-based Microsoft Office 365 platform — known as Flank Speed — was the first zero-trust solution to achieve advanced levels, and met all 152 requirements earlier this year.

“Thunderdome is the Defense Information Systems Agency’s (DISA) comprehensive ZT solution,” Chris Pymm, Thunderdome portfolio manager at DISA, told DefenseScoop in a statement. “Recently, the Department of Defense DOD CIO purple team has validated that Thunderdome provides advanced level ZT across all 152 activities in DOD’s ZT model. What’s more, organizations can leverage DISA’s Thunderdome procurement vehicle to meet their integration ZT needs.”

According to the agency, the Thunderdome solution leverages enterprise identity credential and access management (ICAM); commercial secure access service edge capabilities; and software-defined wide area networking and security tools.

In 2022, DISA awarded Booz Allen Hamilton a $6.8 million other transaction agreement to prototype Thunderdome, which was later extended to include the Pentagon’s classified Secure Internet Protocol Router Network (SIPRNet). Following 18 months of development, the company received a follow-on production contract in 2023 to transition the solution into full deployment. 

The award is structured as an indefinite delivery/indefinite quantity (IDIQ)-like award to allow for other Pentagon agencies and departments to leverage the OTA over a five-year period. The contract has a total ceiling of $1.86 billion.

Pymm said that Thunderdome “will complete the DISA terrain in June of this year.” The effort’s zero-trust capabilities will be scaled to defense agencies and field activities via the broader migration of users to its new modernized network, known as DODNet, he added.

In fiscal 2025, Thunderdome will be fielded to the Defense Contract Management Agency, Defense Contract Audit Agency, Defense Logistics Agencies, Defense Media Activity, Defense Finance Accounting Service and the Defense Microelectronics Activity.

Moving forward, DISA plans to deploy the capability to the following agencies and organizations in fiscal 2026: Defense Threat Reduction Agency, Joint Staff’s J-6 directorate, Defense Advanced Research Projects Agency, Missile Defense Agency and Defense Manpower Data Center.

Updated on April 2, 2025, at 5:25 PM: This story has been updated to include more information from DISA about plans for Thunderdome and statements from Chris Pymm, Thunderdome portfolio manager.

The post DISA’s Thunderdome achieves advanced zero-trust goals appeared first on DefenseScoop.

The Thunderdome cybersecurity initiative aims to help the Department of Defense move toward a zero-trust architecture.

Zero trust is a concept and framework that assumes networks are already compromised and require constant monitoring and authentication to protect critical information. The Pentagon’s strategy aims to fully implement zero trust by 2027.

Last year, DISA announced a $6.8 million other transaction agreement with Booz Allen Hamilton for Thunderdome prototyping. After 18 months of work on that phase of the program, the agency on Friday announced that it awarded the company a follow-on production deal with a one-year base period and four one-year option periods, which could run from August 2023 through August 2028.

“This award has been structured as an indefinite delivery/indefinite quantity (IDIQ)-like award so other DOD agencies and military departments can leverage the OTA over the five-year period of performance,” a DISA spokesperson told DefenseScoop on Monday.

The total agreement ceiling is $1.86 billion.

“Awarding this Thunderdome production agreement is an important step on our zero-trust journey and furthers DISA’s mission to provide warfighters with a more secure operating environment,” Lt. Gen. Robert Skinner, DISA director and commander of the Joint Force Headquarters-Department of Defense Information Network, said in a statement. “While DISA leverages these capabilities on our cyber terrain, this full-scale production agreement can be used to assist the military services and other DOD components in implementing key zero-trust activities.”

Thunderdome will contribute to zero trust by offering network access tools and segmentation technologies paired with identity and endpoint cybersecurity capabilities, according to a DISA release.

Last summer, the agency extended the prototyping effort so that it could include the Secure Internet Protocol Router Network (SIPRNet), which is used globally by the Pentagon and the U.S. military to transmit secret information. The intent was to take a more comprehensive and holistic approach to how the network operates. The new capability’s “secure access service edge” is expected to integrate with DISA’s Cloud Defensive Cyber Operations, Enterprise Comply to Connect, and Identity, Credential, and Access Management (ICAM) solutions.

“The experience gained in partnership with industry as we implemented the prototype solution over the last 18 months has been invaluable, and we believe this award positions the department to meet critical zero trust adoption timelines in support of our warfighters,” DISA Deputy Director Christopher Barnhurst said in a statement. “We look forward to accelerating implementation activities and partnering across the department to expand access to the zero-trust capabilities Thunderdome provides.”

In a statement to DefenseScoop, Imran Umar, a vice president at Booz Allen Hamilton spearheading the company’s zero-trust practice, said the Thunderdome prototype “was composed of innovative technologies to demonstrate, with real users, that they will work together to deliver the tenets of zero trust on both classified and unclassified networks. We look forward to our continued partnership with DISA to take this solution into full production.”

Kelly Rozumalski, a senior vice president leading the company’s national cyber defense business, said: “Our team successfully demonstrated the use of commercial technologies to help meet many of DoD’s zero trust implementation goals, and our internal zero trust investments helped accelerate our ability to bring innovative solutions to complex challenges.”

Updated on July 31, 2023 at 6:30 PM: This story has been updated to include comments from Booz Allen Hamilton executives and additional information from DISA about the other transaction agreement.

The post DISA awards production deal for Thunderdome zero-trust initiative appeared first on DefenseScoop.

With a six-month base period and six-month option period, the total estimated dollar value for this contract is more than $1.8 million. 

In a recently published short-term Limited Sources Justification document, Defense Department officials wrote that re-competing the original requirement for the work and going with a vendor other than Booz Allen Hamilton would cause months-long delays for the CDAO and force the government to pay duplicate costs of an estimated $3 million.

“The creation of the [CDAO] and the reorganization involved with [its creation] impacted the original contract,” Kathleen Clark, the office’s spokesperson, told DefenseScoop on Thursday.

In December 2021, Deputy Defense Secretary Kathleen Hicks issued a memo establishing the CDAO to strategically advance data, artificial intelligence and associated digital solutions across DOD’s vast enterprise. That significant bureaucratic shakeup merged several of the department’s technology-pushing components — Advana, Office of the Chief Data Officer, Defense Digital Service, and Joint Artificial Intelligence Center (JAIC) — under the new office. 

The CDAO reached initial operational capacity in February and officially transitioned to full operational capacity in late November.

Work that was previously led by Booz Allen Hamilton for a CDAO component before the merger will now continue under this recently approved sole-source justification. 

In the justification document, federal officials wrote that this broad “reorganization has required [the CDAO] to integrate the capabilities, personnel, over 25 acquisition portfolios and governance of its constituent organizations, while concurrently sustaining momentum on priority projects that align to” the office’s mission. 

As the hefty restructuring continues to unfold, DOD officials recently determined that more time was needed to complete about 25% of work required under a task order that was already in progress for data strategy and data policy development; data council and data working group support; and the making of dashboards for DOD business health analysis and performance.

Clark did not get into much deeper specifics on those efforts, but said that this extension would essentially enable the office to “continue the completion of the DOD Data and AI Strategy document undergoing DOD-wide review, developing Data and AI policy documents under development, the submission of the Annual DOD Chief Data Officer report to Congress in staffing with the military services, and developing Principal Staff Assistant (PSA) dashboards and use cases to support the business health performance measurements as directed by the Deputy Secretary of Defense.”

This sole-source action, she added, is also intended to enable the CDAO “to complete its acquisition portfolios review,” as well as requirements stated as part of its long-term acquisition strategy.

In the justification document, DOD officials wrote that Booz Allen Hamilton has the Top Secret cleared-staff, training and technical acumen to meet the CDAO’s demands for this ongoing work that the company had been leading. They also noted that a notice of intent to sole source was issued on SAM.gov in late November — and closed on Dec. 10 with no response. 

A spokesperson from Booz Allen Hamilton declined DefenseScoop’s request for more information.

Notably, though the CDAO met full operational capacity on Nov. 20, the approval notice states that the office is, at this point, “not fully formed and is still in the process of integrating its various offices.”

“Thus, the long-term needs for this requirement is unknown,” it added. “This sole source serves as a stop-gap measure to allow thorough market research to determine a sound procurement method.” 

Clark told DefenseScoop: “Every day we are maturing as an organization. The reorganization has been and is happening.”

The post CDAO extends timeframe for data strategy and dashboard development with Booz Allen Hamilton appeared first on DefenseScoop.

Bringing the classified network into the Thunderdome initiative — which is aimed at helping the Department of Defense move toward a zero trust architecture — is a major evolution for the program.

“The six-month extension is essential to allow DISA additional time to expand the Thunderdome pilot to include the Secure Internet Protocol Router Network and complete development, testing and deployment planning for the original unclassified prototype,” the agency said in a July 28 press release.

In January, DISA announced that it had awarded a $6.8 million Other Transaction agreement (OTA) to Booz Allen Hamilton for Thunderdome prototyping, with a six-month development timeline. The recently announced extension of the pilot will push the expected completion date to January 2023.

The agency said the ongoing Ukraine-Russia war — which began in February and has reportedly included cyberattacks from both sides — underscores the importance of securing systems like the SIPRNet, which is used globally by the Pentagon and the U.S. military to transmit secret information.

“While we have been working on developing a zero trust prototype for the unclassified network, we realized early on that we must develop one, in tandem, for the classified side. This extension will enable us to produce the necessary prototypes that will get us to a true zero trust concept,” DISA Deputy Director Christopher Barnhurst said in a press release July 28.

The SIPRNET framework “is antiquated and needs updating,” according to the release.

“Thunderdome will be a completely comprehensive and holistic approach to how the network operates — a major shift from the current architecture,” it added.

The new capability’s “secure access service edge” is expected to integrate with DISA’s Cloud Defensive Cyber Operations, Enterprise Comply to Connect, and Identity, Credential, and Access Management solutions.

“While Secure Internet Protocol Router Network is undergoing a number of modernization efforts led by DISA, the Thunderdome prototype is an important part of the SIPR redesign process and will provide SIPRNet with the security benefits of a zero trust architecture. During this extension period, DISA will design and implement a SIPR zero trust production solution that is focused on improving and better securing the SIPRNet core infrastructure. This will provide DISA with improved visibility to ensure that people cannot access documents that they do not have the need to see,” the agency said in the release.

In an executive order last year, the White House directed federal agencies to develop plans for implementing zero trust. The directive was part of a larger push to modernize the U.S. government’s cybersecurity in the wake of cyberattacks that compromised federal agencies through the exploitation of software.

Jason Martin, digital capabilities and security center director at DISA, told reporters in April at AFCEA’s TechNet Cyber conference in Baltimore, that Thunderdome will “fundamentally change” the Defense Information Systems Network (DISN) and the way that the Department of Defense Information Network (DODIN) interoperates with the DISN.

“I think those are all obviously critically important to what we’re trying to do across the department,” he said.

DISA is developing a departmentwide strategy for transitioning the DOD from today’s cybersecurity frameworks and tools to Thunderdome or other zero trust solutions.

The six-month extension of the OTA with Booz Allen Hamilton will give DISA additional time to work on the strategy; conduct operational and security testing beyond what was planned for in the initial Thunderdome pilot; and mitigate the overall risk of deploying zero trust capabilities, Martin said in the release.

Booz Allen Hamilton declined to comment.

The post DISA expanding Thunderdome cybersecurity project to include classified network appeared first on DefenseScoop.

The $6.8 million award, which has a six-month development timeline, is the first of what could be larger contracts on the DOD-wide program. Thunderdome is DISA’s implementation of the zero trust security model, which was mandated by the Biden administration’s Cyber Executive Order in May last year.

“Over the course of the next six months, we plan to produce a working prototype that is scalable across the department,” Jason Martin, director of DISA’s digital capabilities and security center, said in a press release. “During that time, we will do what DISA does best – build, test, validate and implement the premier cybersecurity solutions for the Department of Defense and warfighter around the world.”

The move to zero trust comes as the DOD shutters its Joint Regional Security Stack (JRSS) design in favor of more modern cybersecurity practices. The six-month prototype window is designed to give DISA time to see how it can scale Thunderdome across the department, the agency said.

“Successful deployment of Thunderdome as a new security model will achieve DoD’s overall goals to integrate network and security solutions in the cloud and to enhance protections of end-user devices,” DISA wrote in a press release announcing the award.

Booz Allen Hamilton declined to comment.

The post Booz Allen wins first prototype contract for DISA’s zero trust program appeared first on DefenseScoop.