Washington, D.C. — Senator Ted Budd (R-NC) has led a letter with his colleagues on the Senate Armed Services Subcommittee on Cybersecurity related to the Department of Defense’s Thunderdome initiative.
The letter was co-signed by Senators Mike Rounds (R-SD), Joe Manchin (D-WV), and Jacky Rosen (D-NV).
Read the full text of the letter:
The implementation of zero trust principles and architecture across the Department of Defense (DoD) Information Network is essential to safeguarding sensitive data and critical systems throughout the enterprise.
Zero trust architecture – a cutting-edge security principle that assumes the network is already compromised and implements processes that continuously validate the user, device, application and data in a controlled manner – allows our network defenders to stay ahead of increasingly emboldened cyber adversaries like China and Russia.
DoD’s Thunderdome initiative, which brings modern, commercial digital trust technologies to the Department, is integral in helping DoD implement key components of the Department’s Zero Trust Strategy. As the Senate Armed Services Committee (SASC) noted in their Committee Report accompanying the Fiscal Year 2024 National Defense Authorization Act, Thunderdome “can act as a model for zero trust implementation across the Department of Defense.”
Earlier this year, during the SASC Subcommittee on Cybersecurity hearing titled, “Enterprise Cybersecurity to Protect the Department of Defense Information Networks,” you both testified that the Thunderdome prototype was a success and that you are working on an acquisition strategy to expand these capabilities across the enterprise.
On July 28, 2023, the Defense Information Systems Agency (DISA) announced the award of a follow-on production agreement for Thunderdome. Notably, that announcement said, “While DISA leverages these capabilities on our cyber terrain, this full-scale production agreement can be used to assist the military services and other DoD components in implementing key zero-trust activities.”
Deploying proven, scalable zero trust solutions enterprise-wide will ensure the resilience of the DoD Information Network that the warfighter depends upon. With an ambitious goal of achieving zero trust implementation DoD-wide by 2027, we would like to better understand your timeline, the progress made to date, resources budgeted, and how we can rapidly accelerate efforts to scale Thunderdome to meet zero trust implementation milestones.
To that end, please provide the following no later than November 10, 2023:
- A description of how the $117 million provided to DISA in Fiscal Year 2023 for Thunderdome was executed.
- A description of plans and activities in Fiscal Year 2024 to accelerate the deployment of Thunderdome to the military departments and DoD elements beyond DISA.
- An analysis of any non-resource-related challenges hindering the deployment of Thunderdome to the military departments and DoD elements beyond DISA.
- The total amount of funds included in the Fiscal Year 2024 President’s Budget for zero trust implementation across DoD, and for each military department individually.
- For each DoD budget account with zero trust implementation funding, the account information (appropriation, line item, and title), amount of zero trust implementation funding included, and details on how the funds will be executed.
- Additional details about other solutions the DODIN’s 46 combatant commands, services, DoD agencies and field activities are exploring to meet zero trust implementation requirements.
- An update on the status of the military department zero trust implementation plans required under Section 1528(d) of the National Defense Authorization Act for Fiscal Year 2022 (Public Law 117-81).
We appreciate your consideration of this request and look forward to your prompt reply. Please do not hesitate to contact us with any questions or concerns you may have.