WASHINGTON — The Pentagon agency tasked with combat IT support is finalizing long-time efforts to transition the department to the latest system that routes internet traffic across the globe.
The Defense Information Systems Agency must enable core hardware for internet protocol version 6 by the end of 2021, according to Kenneth Garofalo, lead for IPv6 virtual program management office at DISA. The timeline, outlined in a policy letter signed in October by agency director Vice Adm. Nancy Norton, requires all other DISA services and external IT systems to be IPv6-only by the end of 2025. A strategy document and implementation plan will follow in the future, Garofalo said Tuesday at AFCEA TechNet.
It has been 17 years since the department started trying to implement this latest version of the internet’s address book, which replaces IPv4. IPv6, developed in the 1990s, is a version of internet protocol that identifies and locates devices connected to the internet. The problem with IPv4 is that the 4.5 billion addresses that it can sustain are nearly used up, considering the world population is about 7.8 billion. In contrast, IPv6 provides so many IP addresses that the number is hard to grasp—about 340 undecillion, or 340 followed by 36 zeroes like this: 340,000,000,000,000,000,000,000,000,000,000,000,000.
The Defense Department has about 300 million IP addresses, with about 60 million unused but planned for use, according to a June report for the Government Accountability Office that found plans to move to IPv6 are poorly planned. That report said the DoD expected it would run out of IP addresses 2030. If the Pentagon doesn’t upgrade, it will fall behind industry and risks operating systems that aren’t interoperable with allies.
“What’s happening is that industry is migrating to IPv6 and service providers have already started their migration to IPv6 as well,” Garofalo said. “At the same time, U.S. allies are moving to IPv6, and interoperability with them is important to future joint warfighting capabilities.”
The plan also required the agency to create an inventory of all DISA IP addresses “to document and track the DISA IPv6 transition status of all unclassified and secret technology systems that are transitioning” to the latest protocol, Garofalo said.
The agency will transition all unclassified systems first and then move the classified systems over later, he said. The director’s policy document authorizes a temporary configuration called dual stack to accommodate IPv4 and IPv6 technology, meaning DISA’s legacy infrastructure can keep operating during the transition, he noted.
IPv6 provides important improvements for the Department of Defense. According to the GAO, IPv6 will increase connectivity, add security, improve warfighters’ connection and communications on the battlefield, and preserve interoperability with allied systems.
In June 2020, DISA started a IPv6 limited deployment expansion pilot, a follow-on to a smaller effort that started in 2016. The 2020 effort included U.S. Strategic Command, the Defense Logistics Agency, the Defense Research and Engineering Network and the DISA’s internal internet access points.
The department has been slow to adopt IPv6, despite efforts dating to 2003, while another attempt stalled in 2010. Both those efforts failed due to security risks and a lack of adequately trained staff for the transition.
Garofalo said the DoD components are working together on IPv6 transition through the IPv6 working group at the Pentagon, DISA’s virtual program management office (PMO), and eight virtual PMO integrated product teams.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.