The secret Pentagon communications network will be upgraded by Booz Allen
WASHINGTON — The Defense Information Systems Agency has extended its Thunderdome cybersecurity contract with Booz Allen Hamilton, citing lessons learned from the Russian-Ukrainian war and the need to better secure the Pentagon’s communications system for secrets.
The six-month addition to the agreement explains the inclusion of the Secure Internet Protocol Router Network, or SIPRNet, in the Zero Trust Program and the “comprehensive planning for the development, testing and deployment of the original unclassified prototype “, said DISA in an announcement on July 28.
SIPRNet is a communications network used by the Department of Defense to transmit classified information around the world. DISA, the Pentagon’s main IT office, described the framework as “outdated” and in need of an update.
The agency awarded Booz Allen a $6.8 million contract in January to develop a prototype Thunderdome, its approach to zero-trust cyber protections. The folding into SIPRNet is a significant development. The extension lengthens the pilot to a full year, with completion now expected in early 2023.
“With this additional time, we can perform operational and security testing that was not originally planned in the initial pilot,” Jason Martin, director of DISA’s Digital Capabilities and Security Center, said in a statement. “It will also give us time to strategize on how best to transition current users of the Joint Regional Security Stacks who will be migrating to Thunderdome.”
In 2021, the Pentagon decided to phase out joint regional security stacks — intended to reduce the surface of cyberattacks and consolidate classified entry points — in favor of the zero-trust Thunderdome approach, C4ISRNET previously reported.
The six-month addition comes amid Russia’s invasion of Ukraine, which was preceded by cyberattacks that compromised command and control and forced government websites offline. Ukrainian networks continue to be rocked, with hackers often targeting defence, finance and telecommunications sectors.
Such attacks, DISA said in its announcement, underscore the importance of SIPRNet and the Pentagon’s need for a modernized, classified network with rock-solid data protections. Department of Defense systems are under constant attack, as is the defense industrial base.
“DISA has made it clear that we won’t forget that the ‘fight’ is on SIPRNet,” said Christopher Barnhurst, the agency’s deputy director. “While we were working on developing a zero-trust prototype for the unclassified network, we realized early on that we needed to develop one, in tandem, for the classified side. This extension will allow us to produce the necessary prototypes that will lead us to a true zero trust concept.
SIPRNet is already undergoing several other renovations. The secure network was among those accessed by Chelsea Manning, the former US Army intelligence analyst who provided thousands of military and diplomatic documents to WikiLeaks.
Zero trust is an approach to cybersecurity that assumes that networks are always at risk and therefore continuous validation of users and devices is required. The model is often equated with “never trust, always verify”.
Last year, President Joe Biden ordered federal agencies to move to zero trust and produce the required plans. His executive order also included several other cybersecurity provisions. The Biden administration followed in January with a memorandum focused on improving the cybersecurity of Department of Defense and intelligence community systems.
“Thunderdome will be a completely comprehensive and holistic approach to network operation,” DISA said, “a major departure from the current architecture.”
Colin Demarest is a reporter at C4ISRNET, where he covers military networking, cyber and IT. Colin previously covered the Department of Energy and its NNSA — namely the Cold War cleanup and the development of nuclear weapons — for a South Carolina daily. Colin is also an award-winning photographer.