IG: DOD has dropped the ball on IPv6 transition
Report says the department needs to make a priority of enabling IPv6, which is seen as essential to handling all the new Internet-connected devices coming online.
The Defense Department has fallen behind in its adoption of IPv6 and needs to make it a priority for reasons of cybersecurity and for supporting its plans for future operations, according to a report from the DOD Inspector General.
In a summary of the report, the full version of which is tagged as “For Official Use Only,” the IG’s office said DOD has lacked a clear plan and the coordinated effort necessary for moving to the new Internet protocols and needs to “reinitiate” its migration efforts.
The report notes that DOD did meet a federal mandate to enable IPv6 on its network backbone in 2008, but its IT leaders—the DOD CIO’s office and U.S. Cyber Command, working with the Defense Information Systems Agency—have since failed to meet federal and DOD requirements for transitioning the defense enterprise network.
IPv6, the next generation of Internet protocols, is seen as essential to accommodating all the new devices coming online, including, smartphones, tablets, sensors and other Internet-of-Things devices—all of which also are being adopted by the military. It is being widely adopted by carriers such as Comcast, AT&T, Verizon Wireless and Time Warner Cable, making it available to an increasing number of users, and usage is gradually growing.
A big reason for IPv6 adoption is that the number of available addresses under its predecessor, IPv4, is quickly disappearing. IPv4 addresses are 32 bits long, which means the number of unique addresses tops out at around 4.3 billion (though network administrators stretch that number with tricks such as Network Address Translation.) The Internet Corporation for Assigned Names and Numbers, which coordinates the Domain Name System, said earlier this year that it had begun distributing the last blocks of IPv4 addresses to the five regional Internet registries around the world. IPv6 addresses are 128 bits long, which provides a virtually unlimited number of addresses (the official number is 340 undecillion, or 340 trillion trillion trillion).
The IG’s report summary, released Dec. 1, said DOD’s IT leadership has not made IPv6 migration a priority. “As a result, DOD is not realizing the potential benefits of IPv6, including to battlefield operations,” the report said. “Furthermore, the delay in migration could increase DOD’s costs and its vulnerabilities to adversaries.”
The IG noted that a group of DOD IPv6 representatives agreed earlier this year to begin a limited deployment in October and to subsequently analyze the results with an eye toward expanding the deployment.
The report also recommended that the CIO’s office:
- Establish a departmentwide IPv6 transition office and working groups.
- Coordinate with the Cyber Command, DISA, the Army Information Systems and Engineering Command, High Performance Computing Modernization Program and other test and evaluation components to make sure test results and lessons learned are integrated into further migration efforts.
- Coordinate with the Cyber Command and DISA to develop new transition milestones, roles and responsibilities, as well as enforcement mechanisms.
- Monitor the status of IPv6 milestones and report any delays to the deputy secretary of Defense.