The Defense Information Systems Agency (DISA) said it has signed a six-month contract with Booz Allen Hamilton [BAH] for the company to continue its work developing the new Thunderdome zero-trust security architecture, which now includes prototyping the system for the classified network.

With the extension, DISA’s Other Transaction Authority prototyping agreement with Booz Allen Hamilton for Thunderdome will now run for a full-year and is expected to be completed in January 2023.

DISA headquarters at Ft. Meade, Md. Photo: Army.

“This extension allows us additional time to better control the overall risk of deploying zero trust capabilities, prior to deployment,” Jason Martin, director of DISA’s Digital Capabilities and Security Center, said in a statement. “With this additional time, we can conduct operational and security testing that was not originally planned for in the initial pilot. It will also permit us the necessary time to strategize on the best way to transition current Joint Regional Security Stacks (JRSS) users who will be moving to Thunderdome.”

DISA awarded the initial six-month $6.8 million Thunderdome prototype deal to Booz Allen Hamilton in January, to include operationally testing the zero-trust architecture to ensure its scalability across the Pentagon (Defense Daily, Jan. 26).

“Thunderdome reflects a substantial shift to a next generation cybersecurity and network architecture for DoD,” Chris Barnhurst, DISA’s deputy director, said at the time of the original award. “Rooted in identity and enhanced security controls, Thunderdome fundamentally changes our classic network-centric defense-in-depth security model to one centered on the protection of data and will ultimately provide the department with a more secure operating environment through the adoption of zero trust principles.”

Along with completing development, testing and deployment planning for the original unclassified Thunderdome prototype, DISA said the effort will now be an “important part” of the ongoing redesign process for the classified Secure Internet Protocol Router Network (SIPRNet).

“DISA has made clear that we will not forget that the ‘fight’ is fought on SIPRNet,” Barnhurst said in a statement. “While we have been working on developing a zero trust prototype for the unclassified network, we realized early on that we must develop one, in tandem, for the classified side. This extension will enable us to produce the necessary prototypes that will get us to a true zero trust concept.”

Booz Allen Hamilton’s support of the Thunderdome prototyping effort has included implementing DISA’s Zero Trust Reference Architecture by leveraging commercial technologies such as Secure Access Service Edge (SASE) and Software Defined-Wide Area Networks (SD-WAN), the agency previously noted.

DISA has previously noted it’s working through a strategy to migrate users to Thunderdome from JRSS, following the Pentagon’s decision last year to pivot the latter program.