美国政府问责局:国防部应加强IPv6整体规划(英文)

2020-06-07 智邦网

编译 致远

据c4isrnet网2020年6月5日报道,6月1日,美国政府问责局发布报告称,五角大楼对“下一代互联网协议第六版(IPv6)”( Internet Protocol version 6 (IPv6)改进升级面临的风险和经费挑战缺乏整体规划,国防部应拿出自2017年开始的工作改进过渡计划。

国防部曾于2003年和2010年两次推进 IPv6改进 ,但因安全风险和缺乏训练有素的人员而中断。

Watchdog says Pentagon needs better planning for IP update 17 years after first attempt

A federal watchdog found that poor planning by the Department of Defense has blurred the department’s understanding of the risks and costs associated with upgrading the system that routes internet traffic across the globe, known as Internet Protocol version 6 (IPv6).

According to a June 1 report from the Government Accountability Office, the Pentagon needs to improve its transition planning for the most recent effort, which began in April 2017. The DoD has tried twice previously to implement IPv6 in 2003 and 2010, but stopped those transitions after identifying security risks and lacking adequately trained personnel.

The problem for the DoD is that IPv4, the IP management system the DoD uses, is running out of address space. IPv4 only has room for 4.3 billion addresses. In contrast, IPv6, created in the 1990s, provides about 340,000,000,000,000,000,000,000,000,000,000,000,000 (undecillion) IP addresses. The Defense Department owns approximately 300 million IP addresses with about 59.8 million unused and planned for use by future DoD components. The department estimates it will run out of its unused IP addresses by 2030.

The department’s IPv6 implementation plan from early 2019 listed 35 actions needed to switch over from IPv4. Eighteen of those steps were scheduled to be completed by March 2020. The report said six of the 18 tasks were completed on time.

Upgrading to IPv6 would increase connectivity, add security, improve the warfighter’s connection and communications on the battlefield, and preserve interoperability with allied systems, the GAO wrote.

The watchdog found that the department was not compliant with several IPv6 transition requirements from the White House’s Office of Management and Budget. The DoD hasn’t completed a cost estimate, developed a risk analysis or finished an inventory of IP compliant devices, the report said. Pentagon officials told the GAO that they knew their time frame for the transition was “optimistic,” adding that they thought the pace was reasonable “until they started performing the work,” the GAO wrote.

“Without an inventory, a cost estimate, or a risk analysis, DOD significantly reduced the probability that it could have developed a realistic transition schedule,” the GAO wrote. “Addressing these basic planning requirements would supply DOD with needed information that would enable the department to develop realistic, detailed, and informed transition plans and time frames.”

The Department did meet OMB’s requirement to name an official to lead and coordinate the agency planning. But because the Pentagon failed to complete the other three OMB requirements. the move is at risk.

“Without an inventory, a cost estimate, or a risk analysis, DOD’s plans have a high degree of uncertainty about the magnitude of work involved, the level of resources required, and the extent and nature of threats, including cybersecurity risks,” the GAO wrote.

Among the DoD’s goals it did complete are several IPv6 training programs, information sharing opportunities and a program management office.

The GAO recommended that Defense Secretary Mark Esper direct the DoD chief information officer to complete an inventory of IP-compliant devices, develop a cost estimate and perform a risk analysis. The DoD agreed that it needed to develop a cost estimate and risk analysis but didn’t concur that it needed to inventory devices, citing new guidance from OMB and calling an inventory “impractical” because of the department’s size.

“The lack of an inventory is problematic due to the role that it should play in developing transition requirements,” the GAO wrote.

 


相关信息