The road to Federal agencies implementing zero trust security architecture – one of the overriding goals of President Biden’s cybersecurity executive order – leads unavoidably through completion of the transition to a network infrastructure that relies on all-IPv6 (Internet Protocol version 6) address protocols, Federal IT officials emphasized today.
Currently, agencies run “dual-stack” systems to accommodate the use of both IPv6 alongside the much older IPv4 addresses that have long been exhausted but remain in wide use around the world. While planning for the full transition of government to IPv6 got underway in 2005, the Office of Management and Budget (OMB) issued a memo late last year setting forth a schedule for agencies to complete most of the transition by Fiscal Year 2025.
Among the biggest policy drivers for completing the transition to IPv6 are reducing network complexity, fostering IT modernization, making the giant leap to zero trust security concepts, and cutting the technical and economic barriers to innovation.
Speaking today at the General Services Administration’s (GSA) IPv6 Summit, Deputy Federal CIO Maria Roat emphasized the security payoffs of the transition.
Citing the White House cybersecurity order and its mandate to move to zero trust, she said, “by providing end-to-end network paths and better support for micro-segmentation, the transition to ipv6 only is going to be a key component of zero trust architecture, which is one of the key pillars in the executive order.”
And she said the transition process needs to involve a wide range of Federal agency leadership to accomplish – not just the CIOs.
“The strategic intent is for the Federal government to deliver its information services, operate its networks, and access the services of others using only IPv6,” she said. “This is not going to be an easy transition, and it’s going to take a lot of work.”
“Support from agency leadership and our industry partners is essential to meet this goal,” Roat said. “And when I say agency leadership, this is not just the CIOs, this is the CFOs, this is the mission owners, and everyone that has a stake in IT modernization across the board.”
“We need the security features and performance of IPv6 – IPv6 solves the scalability issue of ipv4 by providing essentially an unlimited supply of IP addresses,” she said.
“While there are tools and techniques that have kept IPv4 viable, it can’t keep up with the continued growth in the number of users on the internet, and the explosion of the number of connected IoT devices,” Roat said. “If you’ve ever seen the data on IoT and the exponential growth there, you know why we need as a Federal government to move in this direction.”
Finally, she pointed to agency deadlines for the transition that sharply ramps up between FY 2023 and FY 2025. “That’s going to come quickly,” she warned.
Elsewhere during today’s IPv6 Summit event, officials from numerous Federal agencies echoed those core points.
Carol Bales, a senior policy analyst at OMB, emphasized that the transition to zero trust security “must complement a migration to IPv6,” and said the “transition is also an important component of Federal IT modernization and transformation efforts.”
Ron Bewtra, Chief Technology Officer at the Justice Department, said zero trust and the IPv6 transition “go hand in hand … it’s really important that we stay coordinated in these efforts.”
“I don’t think enough is being said about IPv6 being the basis for innovation in key areas” including IoT, smart manufacturing, smart cities, and transportation systems, among others, said Doug Montgomery, manager of Internet and Scalable Systems Research at the National Institute of Standards and Technology (NIST). Those uses, he said, “need network functions that scale to the use function.”
“The Federal initiative is motivated by seeing that industry has moved out ahead of us, and is blazing the trail” with IPv6, he said, adding that the transition is “vital to deliver on the promise” of 5G wireless services.