IPv6 taking on national-security implications

Network security products still lack IPv6 support, which makes June 2008 deadline tough

While the vast majority of networks today are based on the IPv4 protocol, the U.S. government is mandating that defense and civilian agencies are ready to accept IPv6-based traffic as well by June 2008. Those guiding the effort know the transition won’t be easy, especially given the lack of IPv6-based security products.

“Unfortunately, we’re set to be the guinea pig,” says Sheila Frankel, senior computer scientist at the National Institute of Standards and Technology (NIST). “Business will seriously be watching the government experience.” Frankel is co-author of “A Profile for IPv6 in the U.S. Government – Version 1.0,” a NIST document that draws attention to the lack of IPv6-based security products, including firewalls, intrusion-detection systems and vulnerability-assessment tools on the market today.

With its charter to set standards for nonclassified systems, NIST expects its role will be to set up a conformance-testing regime where independent accredited labs would review network-infrastructure equipment, such as routers and switches for IPv6 support. NIST also wants to set specific requirements for IPv6-based security equipment.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

While the vast majority of networks today are based on the IPv4 protocol, the U.S. government is mandating that defense and civilian agencies are ready to accept IPv6-based traffic as well by June 2008. Those guiding the effort know the transition won’t be easy, especially given the lack of IPv6-based security products.

“Unfortunately, we’re set to be the guinea pig,” says Sheila Frankel, senior computer scientist at the National Institute of Standards and Technology (NIST). “Business will seriously be watching the government experience.” Frankel is co-author of “A Profile for IPv6 in the U.S. Government – Version 1.0,” a NIST document that draws attention to the lack of IPv6-based security products, including firewalls, intrusion-detection systems and vulnerability-assessment tools on the market today.

With its charter to set standards for nonclassified systems, NIST expects its role will be to set up a conformance-testing regime where independent accredited labs would review network-infrastructure equipment, such as routers and switches for IPv6 support. NIST also wants to set specific requirements for IPv6-based security equipment.

By this summer, says Frankel, NIST will issue for public comment a document titled “Secure Transition to IPv6.” The NIST document would be intended to offer guidance to agencies about making the transition into what will be a new world where IPv4 and IPv6 must coexist. It will be a world of dual-stack protocols, IPv4-to-IPv6 and IPv6-to-IPv4 tunneling. “For the civilian agencies, we have to express this coexistence,” Frankel says. “Each carries a burden in terms of processing and security, and there are pros and cons of each approach.”