In what seems to be the third time up for bat, the Department of Defense (DoD) is once again taking a swing at IPv6, with the National Security Agency (NSA) providing guidance on such a transition. Per an NSA announcement on January 18, 2023, “IPv6 Security Guidance” highlights how several security issues can surface in networks that are new to IPv6, or in early phases of the IPv6 transition. Networks new to IPv6 lack maturity in IPv6...and dual-stacked networks, which run on IPv4 and IPv6 simultaneously, have an increased attack surface.”
As such, “The Department of Defense will incrementally transition from IPv4 to IPv6 over the next few years and many DoD networks will be dual-stacked,” “It’s important that DoD system admins use this guidance to identify and mitigate potential security issues as they roll out IPv6 support in their networks,” according to Neal Ziring, NSA Cybersecurity Technical Director.1
This all sounds great, but we’ve been here before in terms of the DoD trying to make the much-needed transition to IPv6. Strike one occurred in 2003, strike two in 2010, and just recently (2020), the Government Accountability Office (GAO), the auditing agency of the US government, said that the DOD's third attempt isn't doing any better either. According to a GAO statement in June, 2020, “For its current initiative, DOD has not completed three of four longstanding OMB requirements (see table). Without an inventory, a cost estimate, or a risk analysis, DOD's plans have a high degree of uncertainty about the magnitude of work involved, the level of resources required, and the extent and nature of threats, including cybersecurity risks.”2
Jennifer Franks, Director, Information Technology and Cybersecurity at GAO, said the agency is conducting oversight and reviewing how agencies are handling the transition. Said Franks, “From an oversight perspective, we are looking for how organizations are following federal legislation and guidance..How are you being compliant in establishing the procedures you need for your various infrastructures”... yet also noticed that “...one of the biggest challenges has been the lack of training” for employees in how to move to IPv6 while safeguarding Federal networks.3
1 https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3270451/nsa-publishes-internet-protocol-version-6-ipv6-security-guidance/
2 https://www.gao.gov/products/gao-20-402
3 https://www.meritalk.com/articles/gao-sees-need-for-more-ipv6-employee-training
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.
More Blog Posts
