WASHINGTON — The Defense Information Systems Agency extended its Thunderdome cybersecurity contract with Booz Allen Hamilton, citing lessons learned from the Russia-Ukraine war and the need to better secure the Pentagon’s communication system for secrets.
The addition of six months to the deal accounts for the inclusion of the Secure Internet Protocol Router Network, or SIPRNet, in the zero-trust program and the “complete development, testing and deployment planning for the original unclassified prototype,” DISA said in an announcement July 28.
SIPRNet is a communications network used by the Defense Department to transmit classified information across the world. DISA, the Pentagon’s top IT office, described the framework as “antiquated” and in need of updating.
The agency awarded Booz Allen a $6.8 million contract in January to develop a Thunderdome prototype, its approach to zero-trust cyber protections. Folding in SIPRNet is a significant evolution. The extension lengthens the pilot to a full year, with completion now expected at the start of 2023.
“With this additional time, we can conduct operational and security testing that was not originally planned for in the initial pilot,” Jason Martin, director of DISA’s Digital Capabilities and Security Center, said in a statement. “It will also permit us the necessary time to strategize on the best way to transition current Joint Regional Security Stacks users who will be moving to Thunderdome.”
The Pentagon in 2021 decided to sunset Joint Regional Security Stacks — meant to reduce cyberattack surface and consolidate classified entry points — in favor of the zero-trust Thunderdome approach, C4ISRNET previously reported.
The six-month add-on comes amid Russia’s invasion of Ukraine, which was preceded by cyberattacks that jeopardized command and control and forced offline government websites. Ukrainian networks continue to be buffeted, with hackers often targeting the defense, financial and telecommunications sectors.
Such attacks, DISA said in its announcement, highlight the importance of SIPRNet and the Pentagon’s need for a modernized, classified network with steadfast data protections. Defense Department systems are under constant attack, as is the defense industrial base.
“DISA has made clear that we will not forget that the ‘fight’ is fought on SIPRNet,” said Christopher Barnhurst, the agency’s deputy director. “While we have been working on developing a zero trust prototype for the unclassified network, we realized early on that we must develop one, in tandem, for the classified side. This extension will enable us to produce the necessary prototypes that will get us to a true zero trust concept.”
SIPRNet is already undergoing several other renovations. The secure network was among those accessed by Chelsea Manning, the former U.S. Army intelligence analyst who provided thousands of military and diplomatic documents to WikiLeaks.
Zero trust is an approach to cybersecurity that assumes networks are always at risk and, thus, continuous validation of users and devices is necessary. The model is often likened to “never trust, always verify.”
President Joe Biden last year ordered federal agencies to move toward zero trust and to produce the requisite plans. His executive order included several other cybersecurity provisions, as well. The Biden administration followed up in January with a memorandum focused on improving the cybersecurity of Defense Department and intelligence community systems.
“Thunderdome will be a completely comprehensive and holistic approach to how the network operates,” DISA said, “a major shift from the current architecture.”
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its NNSA — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.