Pentagon Dropped the Ball on Internet Upgrade, Audit Says

The Defense Department missed two key deadlines to transition to IPv6, in part because IT officials there didn’t consider the migration to the next-generation IP system a high priority, according to a new report from the Pentagon’s inspector general’s office.

After meeting an initial 2008 deadline proving DOD’s backbone systems would be capable of carrying IPv6 data, the project all but disappeared from IT officials’ radar and has been slowly cooling on the back burner ever since, the report suggested.

IPv6, short for Internet Protocol version 6, is an update to the communications protocol that basically acts as a routing system for the Internet. An earlier protocol, IPv4, provided for only about 4.3 billion total IP addresses, the last of which were gobbled up in 2011.

DOD missed a deadline in 2012 to upgrade its public-facing servers and domain name systems to natively use IPv6 and another mandate in 2014 to upgrade internal client applications that communicate with the public Internet.

Auditors blamed the missed deadlines on a lack of focus by high-ranking IT officials, including the Pentagon’s chief information officer, who did not consider the project a “high priority,” according to the report.

It should be noted, however, DOD was far from alone among federal agencies in missing key IPv6 transition deadlines as governmentwide focus on the IPv6 transition has appeared to wane a bit over the last few years.

The Pentagon CIO, the Defense Information Systems Agency and U.S. Cyber Command, all key players in the transition, also “lacked an effectively coordinated effort and did not use available resources to further DODwide transition toward IPv6 operations,” the report concluded.

DOD IT officials are still working from a nearly decade-old transition plan, auditors said, a 2006 document that hadn’t even been updated to reflect the roles and responsibilities of U.S. Cyber Command, which was created in 2009.

Defense officials cited funding constraints for delays and security concerns for the numerous delays and missed deadlines but disagreed with many of the IG report’s key findings, including that the transition was considered low priority. In comments, DOD officials called those characterizations “a bit harsh.”

Cyber Command, for its part, told auditors that because of concerns over security, it has “focused on defense of the IPv4 network and that there was no operational imperative for DOD to move to IPv6,” according to auditors.

However, the report makes clear DOD does have something to lose by delaying the transition.

First: cash.

“The longer DOD waits to migrate to IPv6, the more expensive the migration will become,” auditors said, because outdated IPv4 systems become further embedded in critical mission systems. “The result will be increased transition difficulty, complexity and cost.”

DOD also risks falling behind the cybersecurity curve.

“Adversaries are gaining experience using IPv6, and DOD’s delayed migration is leaving network security personnel without the expertise to identify malicious activity in the new IPv6 environment,” the report stated.

More fundamentally, the Pentagon’s reluctance to wholeheartedly embrace IPv6 means it’s missing out on potential benefits to battlefield operations, including improving situational awareness.

The older IPv4 standard “is unable to meet the future requirements of battlefield operations,” the report stated. “Cyber and IPv6 subject matter experts agree that IPv4 cannot support future networking and combat system demands.”

For example, it took two months to create an operational network in Iraq using IPv4, a feat that could be accomplished in just hours using IPv6, the head of DOD’s transition effort told auditors.

In a response to the IG report, DOD acting Deputy CIO David DeVries said the department is “revisiting development" of a “limited IPv6 deployment plan” with DISA and Cybercom targeted for the end of this month.

(Image via Frontpage/ Shutterstock.com)