• Federal Government Planning and Policymaking Catching Up with Ambitious IPv6 Goals
  • February 13, 2007 | Author: Holly Emrick Svetz
  • Law Firm: Womble Carlyle Sandridge & Rice - Tysons Corner Office
  • In June 2003, the Department of Defense ("DoD") announced its goal to transition all inter- and intra-networking to Internet Protocol Version 6 ("IPv6") by FY 2008. In August 2005, the Office of Management and Budget announced that all agencies' infrastructure must use IPv6 and agencies' networks must interface with IPv6 by June 2008. Since then, there has been a mad scramble to discover what capabilities agencies have, what IPv6 capable really means, and how to get there. Unlike the Y2K crisis, no separate budget is available for the IPv6 conversion. The Government Accountability Office has been critical of agencies' progress and vendors have been quick to define their solutions as IPv6 capable and offer to lead agencies to success. All this has taken place in an environment of little guidance -- most that exists is still in draft or interim form.

    Early in 2007, the federal government issued two documents that help shape the federal government's information technology policies, including IPv6: "The Federal Chief Information Officer Council Strategic Plan for FY 2007-2008" issued by the Federal Chief Information Officer Council ("CIOC") and "Special Publication 500-267, A Profile for IPv6 in the U.S. Government - Version 1.0" issued by the Department of Commerce's National Institute of Standards and Technology ("NIST").

    The CIOC Strategic Plan was issued on January 24, 2007, well into FY 2007, and is the first revision since 2004. The CIOC Strategic Plan puts IPv6 in perspective with its four goals: 

    1. A cadre of highly capable IT professionals with the mission critical competencies needed to meet agency goals.

      2. Information securely, rapidly, and reliably delivered to our stakeholders.

      3. Interoperable IT solutions, identified and used efficiently and effectively across the Federal Government.

      4. An integrated, accessible Federal infrastructure enabling interoperability across Federal, state, tribal, and local governments, as well as partners in the commercial and academic sectors. 

      IPv6 is addressed under Goal 4 and is Objective 4 out of seven. The Timeline shows that from 2007-2010, Objective 4 of the CIOC is to:
      Facilitate the development of effective IPv6 strategies. The Office of Management and Budget requires that all Federal agencies comply with the new infrastructure standard, IPv6, by June 2008. The [Architecture and Infrastructure Committee] AIC will work to develop and share realistic strategies for implementation. By enabling the transition from IPv4 to IPv6, the AIC will contribute to the CIOC's goal to develop an integrated and accessible Federal infrastructure.

    Now that the goals and objectives have been defined, we should look forward to more from the AIC of the CIOC to assist in implementation of the IPv6 mandate.

    The NIST IPv6 Profile issued January 31, 2007 is still a draft, annotated, "Pre-Release for Public Review and Comment." NIST offers a short turnaround for comments, due by March 2, 2007. The document is unusual in that it names four individual authors who are members of the Advanced Network Technologies Division, Information Technology Laboratory at NIST. With 67 footnotes and a glossary, the stated purposes of the standards profile are to:

    1. Define a simple taxonomy of common network devices.

    2. Define their minimal mandatory IPv6 capabilities and identify significant options so as to assist agencies in the development of more specific acquisition and deployment plans.

    3. Provide the basis to further define the technical meaning of specific policies.

    NIST makes some cautionary conclusions. DoD developed and is implementing its own IPv6 profile. NIST determined the DoD profile is not well suited for the entire U.S. Government and NIST urges using its profile for the near term, with hopes that the DoD standard and the NIST standard will eventually converge. NIST also says that commercial implementations are "currently at varying levels of maturity and completeness" and until "market forces effectively define de facto standard levels of completeness and correctness, product testing services may be needed to ensure the confidence and to protect the investment of early IPv6 adopters." Finally, NIST asserts that security technologies, operational knowledge, and some key IPv6 design issues are still works in process.

    The NIST profile could have a significant impact as NIST makes it clear this profile will not grandfather existing IPv6 implementations or cover test beds or pilot programs. "In summary, the profile is meant as a strategic planning guide for future acquisitions and deployments in operational networks." While the document is careful to state that it is prepared for use by federal agencies, it also identifies the following as voluntary users in its intended audience:

    Commercial companies producing information technology products and systems, creating information security-related technologies, and providing Internet services can also benefit from the information in this publication. When used as the basis for acquisition requirements, the profile defined in this publication would be of direct interest to:

    • Internet device implementors, including developers of Host, Router and Network Protection hardware and software.
    • Internet test device implementors and operators, the latter including conformance, Interoperability and performance test houses.

    The profile document again cautions that claims of IPv6 compliance must be demonstrated. NIST is planning to publish a companion to the IPv6 profile document that will describe a testing program that "includes both conformance and interoperability components in which the conformance component can be reduced after the viability of the installed base is established." Look for the NIST IPv6 testing document, which is expected to be titled, "A U.S. Government Testing Strategy for IPv6." The NIST IPv6 profile document is also expected to be supplemented over time to cover network services, such as security, quality of service, and mobility and to define specific application uses of IPv6.

    With sixteen months left until the deadline for IPv6 implementation, the Government has finally published some policy guidance and standards for implementation of IPv6. The Government is working hard to catch up to meet a near impossible schedule. The public comments on the NIST IPv6 Profile should be instructive to see how much is left to accomplish.