Information Systems Security

The Information Systems Security Program (Cyber Security & Analytics) is a major procurement initiative managed by the Defense Information Systems Agency (DISA) under the Department of Defense (DoD) budget. Its primary goal is to deliver optimized cyber infrastructure solutions that support global mission operations and the warfighter by enhancing communications security and resilience. The program focuses on providing strategic, innovative, and superior cyber infrastructure to DoD missions. It ensures enterprise services support a joint information assurance model for secure collaboration and risk management across both classified and unclassified networks.

Cyber Analytics is a key component of this program, aimed at building and deploying department-level cyber analytics tools to improve DoD cyber information sharing and enable agile, adaptive responses to threats against the DoD Information Networks (DoDIN). This includes the procurement and deployment of EndaceProbes, which offer full packet capture and network/application performance monitoring. By expanding the number of deployed probes, DISA enhances its ability to record network history, solve cybersecurity issues, and support incident response. The program plans to increase the number of deployed probes over time to strengthen network monitoring and incident response capabilities.

Enterprise Perimeter Defenses serve as the primary cyber defense layer between the Internet and the Non-Classified Internet Protocol Router Network (NIPRNet), focusing on network protection against web and email attacks. The program includes technical refreshes of web content filtering and firewall assets at DISA-owned Internet Access Points (IAPs), in alignment with legislative requirements. The legacy Sharkseer capability, which previously detected and mitigated persistent threats, is being phased out in favor of modernized perimeter defenses. Sharkseer will remain in sustainment until a replacement solution is implemented.

Perimeter Modernization (SIPR REL) is another critical objective, providing secure access to the Secret Internet Protocol Router Network (SIPRNet) for Five Eye partners. SIPR REL enables the sharing of classified defense and intelligence information among allied nations, supporting the Secretary of Defense's priority to reestablish deterrence by defending the homeland. Funding supports the procurement of network switches and F5 hardware/software to enhance authentication and sustain secure access at multiple sites.

Endpoint Security is designed to develop and deliver administrative reporting and a common operational picture for DoDIN endpoints. The program supports the procurement of Comply 2 Connect (C2C) licensing, which enables DISA to aggregate endpoint compliance data and ensure cyber commands are protecting DoD endpoints by quarantining non-compliant devices. This function is critical for limiting risks and maintaining the integrity of DoD networks as endpoint security capabilities transition to sustainment.

Thunderdome represents DISA's implementation of Zero-Trust Architecture, which continually validates user credentials and modernizes cybersecurity infrastructure. The program accelerates the deployment of Software Defined Wide Area Network (SD-WAN) units, which are essential for enabling Zero Trust compliance and supporting DoDNet Migration efforts. SD-WANs simplify user access, leverage cloud capabilities, and eliminate the need for traditional VPNs, providing dynamic and adaptable security. The program continues to expand SD-WAN deployment, with bulk purchasing discounts reducing unit costs.