The head of cybersecurity at the Defense Information Systems Agency (DISA) offered several updates this week on how DISA is streamlining its “mountain” of data to enable the agency to automate its cybersecurity activities and make key progress in its Thunderdome zero trust security solution.
Brian Hermann, DISA’s director of cybersecurity and analytics, told reporters during AFCEA International’s TechNet Cyber event in Baltimore Tuesday that the defense agency is looking to leverage AI to automate 75 percent of its cyber activities.
Hermann said DISA is “not close at all” to meeting this 75 percent goal, and still has a “long way to go.” He emphasized that they have started the process with streamlining data.
“We had data in a number of different silos. And we’ve also artificially defined data that is cyber data versus data that is for network operations functions,” Hermann said. “It’s all cyber data, and it can be used for multiple purposes.”
“Our data analytics team has been creating a data lake architecture that allows us to have the data where it’s essentially created,” he added.
This new DISA project will put all the agency’s data in a “data lake” and make it possible to draw insights from multiple tools. Automating cyber capabilities will come after the data lake architecture is in place, Hermann said.
He noted that DISA sunset its legacy big data platform in March and that all of the data is now in the new data lake architecture.
“By and large, the move to this modern data lake approach – as opposed to our legacy big data platform … [we’re] getting faster results and better results without as much work,” the cyber and analytics lead said.
DISA’s Director of Emerging Technology and Chief Technology Officer, Steve Wallace, recently noted that data is a key component of the Pentagon’s zero trust strategy that is currently absent in its Thunderdome program.
DISA began work on Thunderdome in January 2022 when it awarded a $6.8 million contract to Booz Allen Hamilton for the execution of a prototype for a zero trust security solution that aligned with President Biden’s 2021 cybersecurity executive order.
Booz Allen Hamilton, following the completion of the prototype, was also awarded a follow-on production other transaction authority agreement as DISA transitioned Thunderdome from the prototyping to the production phase.
“The part that has been lacking thus far has been the data pillar,” Hermann said. “The data pillar really entails how do we establish what requirements should be there for access to a certain piece of data, and then how do we enforce that?”
“It’s a big problem across the Department of Defense … there’s a mountain of data there that has not been tagged or accessed and it’s a harder problem than we’ve seen in the Intelligence Community, for example, where they’ve done an excellent job of this,” he explained. “But their hierarchical approach to their structure says, ‘If I’m in this organization, I get access to this data,’ and it’s not quite that clean across the broader department.”
The cyber lead said that DISA is about 90 percent of the way there when it comes to meeting the Pentagon’s zero trust compliance mandate by 2027. Data is the final thing the agency needs to get a handle on.
“We are piloting with Steve Wallace’s group in emerging technologies a data tagging and access function to determine whether that becomes a key part of what we establish as knocking down those functions that need to happen in the data pillar,” Hermann said. “There’s 91 activities that the DoD CIO has established as the key things that need to be done by the end of ‘27.”
“We assess that our cocktail of all the tools that we have for zero trust address about 81 of those. The data pillar is the key weak point that we need to fill in,” Hermann said.
DISA has deployed its Thunderdome program to 40 sites and has plans to roll out its zero trust program to a total of 60 sites in fiscal year 2024. While he couldn’t give an exact number for how many sites they will deploy Thunderdome at in 2025, Hermann said DISA does expect to complete its network consolidation effort (DoDNet).
“We expect to complete the DoDNet sites for the [Zero Trust Network Access] functions of zero trust by the end of … 2025,” Hermann said. “That part of it puts us in great shape for achieving target state of zero trust [by 2027].”
