Retour aux nouvelles

4 juin 2020 | International, C4ISR, Sécurité

Watchdog says Pentagon needs better planning for IP update 17 years after first attempt

A federal watchdog found that poor planning by the Department of Defense has blurred the department's understanding of the risks and costs associated with upgrading the system that routes internet traffic across the globe, known as Internet Protocol version 6 (IPv6).

According to a June 1 report from the Government Accountability Office, the Pentagon needs to improve its transition planning for the most recent effort, which began in April 2017. The DoD has tried twice previously to implement IPv6 in 2003 and 2010, but stopped those transitions after identifying security risks and lacking adequately trained personnel.

The problem for the DoD is that IPv4, the IP management system the DoD uses, is running out of address space. IPv4 only has room for 4.3 billion addresses. In contrast, IPv6, created in the 1990s, provides about 340,000,000,000,000,000,000,000,000,000,000,000,000 (undecillion) IP addresses. The Defense Department owns approximately 300 million IP addresses with about 59.8 million unused and planned for use by future DoD components. The department estimates it will run out of its unused IP addresses by 2030.

The department's IPv6 implementation plan from early 2019 listed 35 actions needed to switch over from IPv4. Eighteen of those steps were scheduled to be completed by March 2020. The report said six of the 18 tasks were completed on time.

Upgrading to IPv6 would increase connectivity, add security, improve the warfighter's connection and communications on the battlefield, and preserve interoperability with allied systems, the GAO wrote.

The watchdog found that the department was not compliant with several IPv6 transition requirements from the White House's Office of Management and Budget. The DoD hasn't completed a cost estimate, developed a risk analysis or finished an inventory of IP compliant devices, the report said. Pentagon officials told the GAO that they knew their time frame for the transition was “optimistic," adding that they thought the pace was reasonable "until they started performing the work,” the GAO wrote.

“Without an inventory, a cost estimate, or a risk analysis, DOD significantly reduced the probability that it could have developed a realistic transition schedule,” the GAO wrote. “Addressing these basic planning requirements would supply DOD with needed information that would enable the department to develop realistic, detailed, and informed transition plans and time frames.”

The Department did meet OMB's requirement to name an official to lead and coordinate the agency planning. But because the Pentagon failed to complete the other three OMB requirements. the move is at risk.

“Without an inventory, a cost estimate, or a risk analysis, DOD's plans have a high degree of uncertainty about the magnitude of work involved, the level of resources required, and the extent and nature of threats, including cybersecurity risks,” the GAO wrote.

Among the DoD's goals it did complete are several IPv6 training programs, information sharing opportunities and a program management office.

The GAO recommended that Defense Secretary Mark Esper direct the DoD chief information officer to complete an inventory of IP-compliant devices, develop a cost estimate and perform a risk analysis. The DoD agreed that it needed to develop a cost estimate and risk analysis but didn't concur that it needed to inventory devices, citing new guidance from OMB and calling an inventory “impractical” because of the department's size.

“The lack of an inventory is problematic due to the role that it should play in developing transition requirements,” the GAO wrote.

https://www.c4isrnet.com/it-networks/2020/06/02/watchdog-says-pentagon-needs-better-planning-for-ip-update-17-years-after-first-attempt/

Sur le même sujet

  • Make room NATO ― the EU is planting its flag in cyber

    14 juin 2018 | International, C4ISR

    Make room NATO ― the EU is planting its flag in cyber

    WASHINGTON — European military and staff planners from Belgium to Bulgaria gathered this week in Austria to take part in Cyber Phalanx 2018. The exercise, which involved 27 nations, aimed to strengthen European readiness against cyberattacks, with a special focus on “cyber defense decision-making and planning processes,” according to the European Defense Agency announcement. The heads of Britain and Germany's domestic intelligence agencies joined European Union officials to warn of an expanded use of cyber to undermine democratic processes by Russia. Countries like Finland have identified cyber espionage as a top threat to the survival of national technology companies. While the EU has organized little in the way of cyber exercises, the Cyber Phalanx exercise won't be the first among European allies to focus on cyber readiness and training. NATO has taken the lead in preparing member nations for cyber threats, organizing exercises like Crossed Swords for members to gain experience with cyber-kinetic operations involving drones and 5G networks. The alliance also recently declared success at its Locked Shields exercise after NATO cyber specialists defended a theoretical country's electric power grid, communication networks and other critical infrastructure from thousands of cyberattacks. NATO has also led the EU in discussions of a response to a cyberattack, even raising the possibility of treating a digital transgression as an act of war. Now, the issue may be warranting more attention from European organizations. Hosted by the EDA and the Multinational Capability Development Campaign (MCDC), Cyber Phalanx seeks to help the participants from various nations familiarize themselves with existing European online structures and their respective roles as cyber stakeholders. As governments around the world contemplate how to recognize the next threat to their networks, the exercises in Austria also will hopefully “increase interoperability” among experts and governments in Europe. Planners will also be prepared to address previously overlooked aspects of cyberwarfare, such as fake news or social media that might be used to compromise planning or execution. As the pilot Cyber Phalanx, the exercises will draw on the feedback received from participants, trainers and organizers to adapt the course and improve the concept for future iterations. The exercises concluded June 8, with lessons learned incorporated into the training curriculum for future European cyber experts. https://www.fifthdomain.com/international/2018/06/08/make-room-nato-eu-is-planting-its-flag-in-cyber/

  • French Air Force introduces new UAV pilot training scheme

    24 mai 2019 | International, Aérospatial

    French Air Force introduces new UAV pilot training scheme

    Frédéric Lert, Bordeaux - Jane's Defence Weekly The French Air Force is ramping up the recruitment and training of unmanned aerial vehicle (UAV) crews to cope with the service's expanding air vehicle inventory. While the 1/33 Belfort UAV squadron currently flies five GA-ASI MQ-9 Reaper medium-altitude long-endurance (MALE) UAVs using 20 qualified crews (with each crew consisting of a pilot, sensor operator, tactical co-ordinator and image analyst), the plan is to have 24 MALE UAVs operational by 2030, generating a requirement for 80 to 100 crews. The greatest urgency is to train the pilots to cope with this expansion, so the air force is introducing a new course into its flying schools alongside those already existing for fighters, transport aircraft and helicopters. The first phase of training will fall under the responsibility of the Centre d'excellence drone (CED) in Salon de Provence, southern France. The CED, which until now was more oriented towards research, thus sees its mission considerably evolve. During this phase the students will fly Cirrus light aircraft and receive some specific training, especially in relation to instrument flight rules (IFR). The second phase will then take the student pilots to the air force flying school in Cognac, where they will improve their piloting skills on the Grob 120 basic trainer. They will then move on to the UAV Operational Conversion Squadron (Escadron de Transformation Opérationnelle Drone - ETOD) and the 1/33 Belfort to acquire the particular tactical know-how required to operate the Reapers. https://www.janes.com/article/88729/french-air-force-introduces-new-uav-pilot-training-scheme

  • Lockheed Martin To Partner With Multiple European Companies On F-16 Training Center In Romania

    14 novembre 2023 | International, Aérospatial, C4ISR

    Lockheed Martin To Partner With Multiple European Companies On F-16 Training Center In Romania

    As part of the agreement, the team will be responsible to organize, schedule, operate and maintain the F-16 fighter jets provided by the Royal Netherlands Air Force in support of...

Toutes les nouvelles