Federal agencies at risk over IPv6

Share this article:

Most major federal agencies have not begun planning to transition to Internet Protocol Version 6 (IPv6), putting agency information and systems at risk, according to a report from the U.S. Government Accountability Office.

IPv6 was designed by the Internet Engineering Task Force to fix problems associated with the current version of the internet protocol (IPv4). Most importantly, IPv6 increases the number of available IP addresses by using 128-bit addresses instead of 32-bit addresses. It also provides routing and network autoconfiguration improvements.

While the Department of Defense has taken steps to developing a plan for transitioning to IPv6, most other major federal agencies have not, according to the GAO.

In addition to determining costs, creating a business case and setting timelines for the transition, agencies need to manage the security aspects involved because "poorly managed IPv6 capabilities can put agency information and systems at risk," GAO analysts wrote. Agency networks already include IPv6-capable software and equipment, they noted.

The GAO report was presented Wednesday at House Government Reform Committee hearing on the transition to IPv6. The committee also was scheduled to hear testimony from DoD officials and Microsoft.

Several countries are moving quickly to adopt IPv6, according to an announcement about the hearing released by the committee. If agencies do not address the planning issues involved in transitioning to the new protocol, "they will face increased costs and security risks," the notice warned.

As reported by SC Magazine earlier in the month, The GAO found that most agencies are not applying the infosec program requirements of the Federal Information Security Management Act (FISMA) to help combat new cyber threats

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.