IPv6 being the key to Zero Trust, GSA organizes the June 16 Transition Summit – MeriTalk
The federal government’s major IT and cybersecurity modernization plans – from the rapid deployment of zero trust architectures and 5G technologies to the adoption of IoT and intelligent infrastructures – depend on a scalable, robust network infrastructure. and agile as the basis for these advances. The federal government is committed to making the full transition to IPv6 as the basis for network modernization, and in November 2020, the Office of Management and Budget (OMB) released a policy outlining the government’s strategic intention to provide its information services, operate its networks and access third-party services using only IPv6.
The General Services Administration (GSA) is organizing a virtual half-day IPv6 Summit at June 16 from noon EDT to 4 p.m. to provide federal agencies and industry with the latest information on US government policy and plans, progress, opportunities and best practices for successfully transitioning to IPv6.
Registration and participation in the IPv6 Summit is free and open to federal employees and industry.
The summit includes opening remarks by Maria Roat, the Acting Federal CIO, and Dr. Vint Cerf, Google’s chief Internet evangelist, also known as one of the “fathers of the Internet”. The agenda includes a roundtable on the Federal Perspective and several industry panels covering issues of security, telecommunications, cloud service providers and systems integrator support. The agency-focused transition stories will focus on the practical experience of the Department of Defense and the Internal Revenue Service, among others.
The event is hosted by the Federal Council of CIOs and federal officials with extensive experience in IPv6 transition efforts, including: Tom Santucci, Director of IT Modernization at GSA’s Office of Government Policy; Doug Montgomery, NIST USGv6 program manager; Carol Bales, Senior Policy Analyst, Federal CIO Office; and Ron Bewtra, director of technology (CTO) at the Department of Justice (DOJ) and co-chair of the IPv6 working group.
As the transition from the use of IPv4 Internet addresses to IPv6 addresses took its first steps in 2005, the OMB released Memorandum M 21-07 containing a number of steps federal agencies must take to complete the transition.
Development of IPv6 began in the late 1990s to address the depletion of IPv4 addresses. The last IPv4 addresses were issued in 2015, but the addresses are still widely used across the world. IPv6 is the most recent version of the Internet Protocol and this is where major networks and content providers migrate their infrastructure.
In its guidance to agencies released last year, the OMB said that operating ‘dual stack’ systems to accommodate both IPv6 and IPv4 addresses adds “cost and complexity to the network infrastructure. “And raises” significant technical and economic barriers to innovation. “
“It is widely recognized that the full transition to IPv6 is the only viable option to ensure future growth and innovation in Internet technology and services,” OMB said. “It is essential that the federal government expand and strengthen its strategic commitment to the transition to IPv6 in order to keep pace and capitalize on industry trends. Building on previous initiatives, the federal government remains committed to completing its transition to IPv6. “
The main milestones and deadlines for federal agencies include:
- Follow agency-wide IPv6 policies requiring that no later than FY 2023 “all new federal networked information systems be IPv6 compliant before being made operational”, with a plan to phase out progressively IPv4 systems through withdrawals or conversions to IPv6 only;
- Identify opportunities for IPv6 pilots and complete at least one by the end of fiscal 2021;
- Development of plans by the end of fiscal 2021 to upgrade all federal networked information systems to fully enable native IPv6 operation, to have at least 20% of federal assets IPv6-only capable of by the end of fiscal 2023, 50% of IPv6- only assets by the end of fiscal 2024 and at least 80% of IPv6-only assets by the end of fiscal 2025;
- Identify by the end of fiscal 2021 which federal systems cannot be converted to use IPv6 and provide a schedule for replacement or retirement of these systems; and
- Complete “as soon as possible” the upgrade of external servers and services (web, e-mail, DNS, ISP services, etc.) and internal client applications that communicate with public Internet services and support Internet networks. company to operationally use native IPv6.
Transition is the key to Zero Trust architectures
DOJ CTO Ron Bewtra told MeriTalk why it’s so important for federal agencies to complete the transition to save money, reduce network complexity, improve security, and pave the way for migration to zero trust architectures.
“The dual stack adds a lot of complexity because it requires security parity on two different protocols while doubling the attack surface of networked information systems,” he said.
“Anytime you implement a new firewall or router rule, it will need to be done over IPv4 and IPv6 – with the risk that the expected behavior will not be the same on both protocols. Meanwhile, NIST standards push organizations to avoid unnecessary complexity, ”he said.
“At the same time,” said Bewtra, “across government we are trying to build on new initiatives to improve our cybersecurity and modernize our systems. The challenge is that complexity slows us down.
He also said the federal government’s drive to complete the transition was to follow the path of broader internet trends driven by industry practices.
“Almost half of the Internet is IPv6 compatible, it is widely adopted in the mobile phone markets,” he said. “So we really don’t have the option to go back, we have to move to IPv6 and we have to complete this transition in order to have the simplicity of a single protocol. “
Bewtra said the first seeds of the transition for government agencies were planted in 2005, but that “although we have put a lot of effort in this direction, what you have seen is that the commercial sector has overtaken the federal side in terms of the transition to IPv6, and are really driving the migration. “
“Agencies are currently responsible for complying with the cybersecurity decree, and one of the main principles in this matter is to adopt zero trust architectures,” he said. “IPv6 goes hand in hand with trustless networking because you can have end-to-end visibility and micro-segmentation of the network in a way that is not possible with IPv4. “
“You will see that we cannot have a lot of complexity in our networks as we modernize,” said Bewtra. “We need to simplify, reduce costs and enable faster upgrades. “
“So from my perspective, the completion of the transition to IPv6 fits into modernization initiatives including cyber EO and the transition to zero trust architectures,” Bewtra said.
Registration for GSA’s IPv6 summit is free.