As the Defense Information Systems Agency (DISA) prepares to take over securing the boundary of the Defense Department’s information networks, it has begun a pilot project to test a commercial product that could meet its requirements, the agency’s top official said this week.
A $5.9 million one-year contract for the pilot was awarded last summer to By Light Professional IT Services, LLC, to procure, harden, test and deploy a commercial product at the perimeter, DISA told Defense Daily in an email reply to a question about the pilot effort. That contract runs through Aug. 12, 2023.
“This commercial-off-the-shelf product will be evaluated along with our other systems at our internet access points to make sure we have maximum coverage against cyber threats and the money that we spend on cybersecurity tools is optimized,” DISA said.
Air Force Lt. Gen. Robert Skinner, director of DISA, told a Senate panel on Wednesday that the pilot effort will enable “full packet inspection of our boundary. And with the next six months, we’re doing to determine if the capability meets what the marketing says, as well as is it scalable, and it’s going to be another addition to the capabilities that we have at our boundary.”
Sens. Joe Manchin (D-W.Va.) and Mike Rounds (R-S.D.), the chairman and ranking member, respectively, of the Senate Armed Services Cybersecurity Subcommittee, raised concerns about reports that an NSA program that provides automated perimeter security to the DoD Information Network (DoDIN).
Skinner told the senators during a March 30 subcommittee hearing that DISA has “an amazing relationship with the National Security Agency” and the two agencies are partnering on perimeter network defense.
“As the Joint Force Headquarters DoDIN has stood up and as Cyber Command has stood up, we continue to evaluate the things that NSA is doing and the things that the department is doing and where it actually belongs,” Skinner said. As capabilities move from NSA to DoD, DISA is using a “conditions-based approach,” he said.
DISA told Defense Daily that “If the pilot is successful, we will conduct a cost analysis to see if deploying the capability to all DISA internet access points is appropriate.”
DISA declined to comment on the status of the NSA program due to operational security.