NSA ponies up to secure IPv6

 

Connecting state and local government leaders

Agency backs project to develop IP encryptors for classified networks.

The National Security Agency, known to provide incentives for development or testing of security products, is spending upward of $30 million to ensure IP Version 6 is secure enough to be used on classified networks.

And that is only half the amount that will go into developing High-Assurance IP Encryptor Interoperability Specification (HAIPE IS) Version 3 software to, among other things, protect IPv6 traffic.

'Several Defense Department programs of record have requirements to protect classified IPv6 traffic,' said Ken White, an NSA spokesman.

HAIPE IS is part of a DOD initiative to implement secure, seamless communication over WANs and other private-sector networks.

One of the main reasons NSA took the initiative to award contracts in September'to General Dynamics C4 Systems of Scottsdale, Ariz., L3 Communications Corp. of New York and Viasat Communications Inc. of Carlsbad, Calif.'was the dearth of vendors developing IPv6 security products, especially for classified networks. The vendors must at least match NSA's funding for the encryptors.

In the past, NSA has helped test Microsoft Windows Vista, Mac OS and public-key infrastructure applications.

The first of these HAIPE IS products should be available by early 2008. DOD and intelligence agencies plan to push IPv6 to their classified networks no later than 2010.

The National Institute of Standards and Technology, meanwhile, contributed the first of what will be many documents to help agencies meet the administration's mandate to move every agency's network backbone to IPv6 by June 2008 by releasing the draft version of the IPv6 profile.

It started reviewing comments early this month and will develop a testing support plan and a guidance on secure operational deployment, said Doug Montgomery, manager of NIST's Internet Working Technologies Group.

'The profile recommends IPv6 capabilities for common network devices, including hosts, routers, intrusion detection systems and firewalls, and includes a selection of IPv6 standards and specifications needed to meet the minimum operational requirements of most federal agencies,' the document said.

With the Office of Management and Budget's deadline approaching, the need for kindling for the fire was obvious, industry and federal experts said.

'Vendors know they need to go there, but it is a business case situation,' said Kris Strance, a senior analyst in the DOD CIO office. 'They need to know there is a demand for the products. We think we have an operational imperative ... but the demand in the commercial market is not there.'
Security for nonclassified networks also has been slow to develop.

'Security has not received the same focus as, say, routers,' said John McManus, Commerce Department deputy CIO and co-chairman of the IPv6 working group. 'The Office of Management and Budget's memo said the security must be at least the same, if not higher. If you can't secure your network, you will not bring it online.'

McManus said the IPv6 Committee has added a security working group headed by Education Department deputy CIO Brian Burns. He also said that the CIO Council has defined what exactly is a core network to help agencies plan for the transition.

He said the core network is the upper hierarchy of the network, 'a set of network transport devices that provide the highest level of traffic aggregation.'

McManus added that agencies must at least be able to demonstrate that the core network can accept IPv6 traffic from a subnet or external network and transport it to another subnet or external network.

Strance said there has been a jump in vendor readiness with IPv6 capable firewalls and routers, but there still is a need to prove their worth.

The NIST profile focuses on three areas: network protection devices, firewalls and intrusion detection systems.

'Network protection devices are a bit tricky to specify because there is a fair amount of variance in how these devices function,' said NIST's Montgomery. 'We had to find a way to specify that [they] provide the same level of capabilities agencies have come to know and expect with v4.'

From NSA's point of view, that expectation was not going to be met without some help.

NSA's White said that while HAIPE IS 3.0 will not be mandated to support all requirements of IPv6, it includes minimum features to support communications security capabilities.

Even without being told to use it, the military services impatiently are waiting for the encryptors, said Mike Guzelian, director of secure voice and data products for General Dynamics C4 Systems.

Guzelian said General Dynamics, which will not have the encryptors ready until early 2008, said it has orders for more than 5,000, mostly from the Navy.

'They are asking for betas,' he said. 'They want to replace older encryptors that cannot be upgraded.'

Guzelian added that the total installed base for government is about 80,000 IP encryptors that will run HAIPE IS.

Bob Nichols, L3's director of networking products, said that while vendors normally develop advanced products as technology changes, this is a significant step up in specifications and new requirements to be IPv6-capable.

HAIPE IS will simplify network administration and configuration, while enhancing interoperability, said Frank Costantini, L3's chief systems architect for information assurance products.

In addition to NSA and DOD, the FBI, and the Energy, Homeland Security, Justice and State departments are interested in these encryptors, Guzelian said.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.