Feds slacking in shift to next-generation IPv6

WASHINGTON--The federal government is hoping to shift all of its computers to run on the next-generation Internet by 2008, but so far only the Defense Department seems to be ready for the switch.

Two panels of government and industry leaders appeared before the House Government Reform Committee on Wednesday to discuss the governmentwide transition to the updated network, or Internet Protocol version 6, marking the first time the issue has bubbled up in Congress.

The 128-bit address space of IPv6 expands exponentially the number of IP addresses available to users and their wide array of electronic devices. Most American computers currently run IPv4. IPv6 is expected to improve on data routing, service and security. In a report released in May, the Government Accountability Office suggested that "various federal functions might benefit from IPv6-enabled applications," especially those that involve wireless sensors to track movement or tend to emergencies.

"I believe we all want the best Homeland Security systems, including cameras, sensors and first responder systems intelligently linked together," said Rep. Tom Davis, R-Va., who heads the committee.

"The government is not taking this opportunity seriously," Rep. Henry Waxman, D-Calif., said at the hearing. "We can take the lead in developing the Internet as we did 30 years ago, or we can wait for this evolution to pass us by and play catch-up."

In fact, many government computers already run IPv6-capable software, the GAO report said, which poses certain security risks.

"Not all IT managers are aware of the potential of a grave security threat to their systems by allowing unauthorized parties access to software using 'ghost' IPv6 addresses" hidden in IPv4 packets, testified Stan Barber, vice president of engineering operations for Verio, a Colorado-based Internet service provider.

GAO representatives testifying Wednesday urged government agencies to plan ahead for a transition to the network and to pinpoint major security risks that might arise along the way. The report found that, of the 22 agencies that responded, four had taken inventory of their equipment to see if it was IPv6 compliant, only one had a transition plan, and none had developed business cases or cost estimates for the shift.

"The government transition has been slow," said David Powner, the GAO's director of information technology management issues and one of the report's authors.

The White House's Office of Management and Budget is "about to take the first step and issue a policy memorandum" providing guidance to all federal agencies, testified Karen Evans, OMB's administrator for electronic government and information technology. All agencies must file an "inventory of IP-capable devices and technologies" by the first quarter of fiscal year 2006, Evans said, and by June 2008, all agencies must shift to IPv6. Evans said she could not estimate a cost for the venture before reviewing individual agency plans.

The officials did, however, note an exception: the Department of Defense, which recently submitted its transition plan. The department, which has been working on IPv6 for about a decade, hopes to use the network in part to track personnel in action around the globe. It decided in June 2003 to transition to IPv6 by 2008.

Davis said he was also "looking forward to receiving the Department of Commerce's report as soon as possible and seeing how IPv6 can help America's economy and America's exports."

Foreign countries are plowing ahead with the transition to IPv6, various panelists testified. Several countries in Asia, which houses only 9 percent of IPv4 addresses but more than half the world's population, have been particularly aggressive during the past several years.

But the panelists differed on the urgency of the situation at home.

John Curran, a founder of the American Registry for Internet Numbers, which manages and allocates IP addresses, said the United States need not worry about running out of IPv4 addresses before 2018, giving the government "ample time" to make the shift. "This is not a crisis," he said.

The government should undertake a "phased transition" that would "gradually lead to widespread use," said Jawad Khaki, a corporate vice president for Microsoft.

Alex Lightman, CEO of Charmed Technology and IPv6 Summit, took a far stronger stance, warning: "If we don't show leadership in the new Internet, we get a loss of millions of jobs and market share across thousands of companies."

[kieranmullen]

Why not use Internet 2?

Why doesnt the goverment use internet 2? Then they wouldnt have to worry about security issues "as much"

Kieran Mullen
Portland OR

[202578300049013666264380294439]

ipv6 security

The issue is more subtle. It is in the best interest for most government computers to have a presence on both the ipv4 and ipv6 networks, at least initially. Unless you have access to the ipv6 network, you can't access the ipv6 part of Internet2/Abilene.

When you're on 2 networks at the same time, you have twice as many virtual network interfaces. This can make firewall/nat rules considerably more tricky. If your department only has one or two computers and they aren't behind a nat, adding ipv6 connectivity takes 5 minutes. Anything more complicated will require considerable preparation.

[padrino121]

Not many following DoD plan

The Pentagon may have submitted a plan, an 03 DoD memo may state new systems procured must be IPv6 capable but that doesn't mean many are following it or even care about it.

I've worked on a number of government projects pushing the technology envelope and I have visibility into a number of others, in all IPv6 isn't even a consideration and most of the procurements don't include IPv6 capable components.