Major Federal government IT and cybersecurity modernization plans – from the rapid deployment of zero trust architectures and 5G technologies to the adoption of IoT and smart infrastructures – depend upon a scalable, robust and agile network infrastructure as a foundation for such advances. The Federal government has committed to the full transition to IPv6 as its basis for network modernization, and in November 2020, the Office of Management and Budget (OMB) issued a policy that outlined the strategic intent for the government to deliver its information services, operate its networks, and access the services of others using only IPv6.
The General Services Administration (GSA) is hosting a half-day virtual IPv6 Summit on June 16 from noon EDT to 4 pm to give Federal agencies and industry the latest on USG policy and plans, progress, opportunities, and best practices for completing the transition to IPv6.
The IPv6 Summit is free to register and attend and is open to federal employees and industry.
The Summit features keynote addresses from Maria Roat, the acting Federal CIO, and Dr. Vint Cerf, Google’s Chief Internet Evangelist, also known as one of the “fathers of the internet”. The agenda includes a panel discussion on the Federal view, and several industry panels covering security issues, telecommunications, cloud service providers, and system integrator support. Agency-focused transition stories will center on practical experience from the Defense Department and the Internal Revenue Service, among others.
The event is hosted by the Federal CIO Council and Federal officials with deep experience in IPv6 transition efforts, including: Tom Santucci, Director of IT Modernization in GSA’s Office of Government-wide Policy; Doug Montgomery, NIST USGv6 Program Manager; Carol Bales, Senior Policy Analyst in the Office of the Federal CIO; and Ron Bewtra, Chief Technology Officer (CTO) at the Department of Justice (DOJ) and co-chair of the IPv6 Task Force.
Aggressive Milestones
While the transition from the use of IPv4 internet addresses to IPv6 addresses took its first steps in 2005, OMB issued Memorandum M 21-07 containing a number of milestones for Federal agencies to reach to complete the transition.
Development for IPv6 began in the late 1990s to address the exhaustion of IPv4 addresses. The last IPv4 addresses were issued in 2015, but the addresses are still widely used across the globe. IPv6 is the most recent version of the Internet Protocol and is where major networks and content providers are migrating their infrastructure.
In its directive to agencies issued last year, OMB said that running “dual-stack” systems to accommodate both IPv6 and IPv4 addresses adds “costs and complexity to network infrastructure” and raises “significant technical and economic barriers to innovation.”
“It is widely recognized that full transition to IPv6 is the only viable option to ensure future growth and innovation in internet technology and services,” OMB said. “It is essential for the Federal government to expand and enhance its strategic commitment to the transition to IPv6 in order to keep pace with and capitalize on industry trends. Building on previous initiatives, the Federal government remains committed to completing its transition to IPv6.”
The major milestones and deadlines for Federal agencies include:
- Following through on agency-wide IPv6 policies requiring that no later than FY2023 “all-new networked Federal information systems are IPv6-enabled prior to being made operational,” with a plan to phase out IPv4 systems through retirements or conversion to IPv6-only;
- Identifying opportunities for IPv6 pilots, and completing at least one of them by the end of FY2021;
- Developing plans by the end of FY2021 to improve all networked Federal information systems to fully enable native IPv6 operation, in order to have at least 20% of IP-enabled Federal assets IPv6-only by the end of FY2023, 50% of assets IPv6-only by the end of FY2024, and at least 80% of assets IPv6-only by the end of FY2025;
- Identifying by the end of FY2021 Federal systems that can’t be converted to use IPv6 and providing a schedule for replacing or retiring those systems; and
- “As soon as possible” completing the upgrade of external-facing servers and services (web, email, DNS, ISP services, etc.) and internal client applications that communicate with public internet services and supporting enterprise networks to operationally use native IPv6.
Transition is Key to Zero Trust Architectures
DOJ’s CTO Ron Bewtra explained to MeriTalk why completing the transition is so important for Federal agencies to save money, lessen network complexity, improve security, and pave the way for migration to zero trust architectures.
“Dual-stack adds a lot of complexity because it requires security parity on two different protocols while doubling the attack surface of networked information systems,” he said.
“Every time you implement a new firewall or router rule, it will have to be made on both IPv4 and IPv6 protocols – with the risk that that the expected behavior is not the same on both protocols. Meanwhile, NIST standards are driving organizations to avoid unnecessary complexity” he said.
“At the same time,” Bewtra said, “across the government, we’re trying to lean forward on new initiatives to improve our cybersecurity and modernize our systems. The challenge is that complexity slows us down.”
He also said the Federal government’s drive to complete the transition aims to follow the path of larger internet trends led by industry practices.
“Almost half of the internet is IPv6 enabled, it’s widely adopted in the mobile markets,” he said. “So we really don’t have an option to fall back, we have to evolve forward to IPv6, and we’ve got to complete this transition in order to have the simplicity of a single protocol.”
Bewtra said the first seeds of the transition for government agencies were planted in 2005, but that, “While we have put a lot of effort towards this, what you’ve seen is that the commercial sector has out-paced the Federal side in terms of transitioning to IPv6, and are really driving the migration.”
“Agencies are currently tasked with complying with the Cybersecurity Executive Order, and one of the big tenets in that is adopting zero trust architectures,” he said. “IPv6 goes hand in hand with zero trust networking as you can have end-to-end network visibility and micro-segmentation in a way that is not possible with IPv4.”
“You’re going to see that we can’t have a lot of complexity in our networks as we modernize,” Bewtra said. “We have to simplify, reduce costs, and enable faster upgrades.”
“So from my standpoint, completing the transition to IPv6 dovetails into the modernization initiatives, including the cyber EO and moving towards zero trust architectures,” Bewtra said.
Registration for GSA’s IPv6 Summit is free.
