This Forum is Closed
February 07, 2023, 11:28:51 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: GGF now has a permanent home:
  Home Help Search Links Staff List Login Register  

Did the State Dept. release the cables to Wikileaks on purpose to usher in IPv6?

Pages: [1]   Go Down
Author Topic: Did the State Dept. release the cables to Wikileaks on purpose to usher in IPv6?  (Read 1511 times)
birther truther tenther
Full Member
Offline Offline

Posts: 182

View Profile
« on: December 10, 2010, 12:36:45 pm »

May 18, 2007 • Volume 5 • Number 5


Digital Pearl Harbor

Will IPv6 make us more secure? Experts give their opinions.

It seems like in the past with all new technologies come new vulnerabilities, said Jim Flyzik during the Federal Executive Forum on IPv6.

“Often times new technologies hit the market and then we are catching up later trying to get the security fixes in place because the so called ‘bad guys’ out there find ways to exploit new technologies. There are some concerns today about a digital Pearl Harbor or a terrorist attack taking down networks, attacking networks.”

The question is: will IPv6 improve security. Federal Executive Forum panelists weighed in on the issue.

Command Information’s Tom Patterson put the issue in perspective this way.

“Keep in mind that the Internet we use today, and we just call it the internet. We don’t know what version number it is and no one really cares. It was designed in the ‘70s and the concept was you had to be a trusted person before you were allowed to connect at a university or a research division or something like that. The concept of the general person coming along and connecting to the internet wasn’t part of the design.”

That means all the security now is place has been “added on”. According to Patterson there actually is a really good security standard now called IPSec. The problem is not enough people use it. The banks use it for very high volume transactions; maybe the State Department will use it for a top secret cable or something. But the rank and file people, it’s not being used to protect their credit cards, to safeguard their privacy and it can be.

“So when IP version 6 came out and started to be thought of as the next generation, leave everything old still working, but let’s see what we need to fix,” explained Patterson.

“One of  the first things that we fixed was let’s take whatever we know how to do really well, that is IPSec, the best security that we know how to do, make that default to the on position instead of an off position. So that someone will be able to, you don’t have to be a rocket scientist in order to use good security now.”

However that’s not the whole thing and it’s certainly no security silver bullet. “It’s also when WiFis came out. If you remember that a lot of CIOs said we don’t have a WiFi problem because we don’t allow it. And then there were all these chalk marks outside their building saying this is where you get free WiFi access; because people were just putting it in because it’s easy. That is possible now with IPv6 but you can’t just ignore it. And just outlaw it in your organization because it’s built into Apple, it’s built into Windows XP, it’s built into half the cell phones you are buying today. And some people are going to turn it on.”

So you need to be addressing the security implications. Security changes absolutely if you address it on a proactive basis, it changes for the better.

According to Commerce’s John McManus, there’s a lot of work going on looking at security in the IPv6 world. “There’s a lot of groups going on looking at security in the services that we provide today. And I think that Tom made a critical point. Those risks exist today. When you go and look at when IPv4 was designed, it has matured. Security has been bolted on to IPv4. In  IPv6 we’ve had the opportunity to actually design that in.”

When you employ a new technology there usually is a period of increased risk. And that risk comes from the simple fact that no matter what testing you do in the lab, and I think we do test very thoroughly, when you hit the wild, you hit some situations that you have not tested for.

“So one of the key things that we are doing now is working together as a community, there’s a working group that’s a part of the IPv6 working group, we are doing outreach into the DOD, outreach into all the carriers and equipment providers to start testing that equipment in a live environment on test networks so that when we go live we are sure that we are achieving at least the level of security, if not better, than we have in the networks we have today.”

“I just wanted to add that when you think of security regardless of the Internet protocol, you think of confidentiality,” says Education’s Peter Tseronis. “You think of integrity and authentication. And IPv6 isn’t going to be the panacea that says I’m going to take care of your mis-configured server, your poorly designed application, your poorly protected Internet sites. You need to have the skills to implement and maintain.”

Tseronis knows that not everything will be smooth and there will be some Internet engineers and systems engineers’ folks out there who are ready now, but others who are running for the foothills saying we don’t need to go there.

“But at the end of the day, you still have to maintain your security in such a way that, whether it’s IP stack or some other method, you are still going to have to protect it. So it’s not that it’s more secure, it just isn’t going to be less secure. You still have to maintain those policies in your network.”

Security is also on the mind of Cisco’s David West.

“A move to anything new, any new capability, produces threats and risk.  But if you do proper planning, validation, testing, a phased implementation of how you are going to introduce something new, you minimize those risks,” says West.

“One of the things that we are trying to make sure occurs is that as they make this transition, and they integrate this new service, they do it well thought out. What’s more interesting I think in terms of security, is the new application services that will be enabled as a result of the protocol.”

“We’ve got now a very large address face where many devices can have addresses. That introduces a potential security risk but again with proper planning, with consideration of what needs to happen from the vendor community in testing and validation, you could minimize those risks and really start to take advantage of what the protocol offers.”

At GSA, according to Fred Schobert, “We fully realize that with IPv6 there’s a lot of promise with security but we realize there’s a lot of work that remains to be done to be able to implement it with the agencies. When we talk with the agencies about IPv6 we are talking about things like IPSec but you are also talking about encryption and if you think about it, the security standards need to be defined, they need to be precise. The information security tools that the agencies will use need to be developed and they need to be there.”

Schobert thinks they are going into network monitoring and management facility overall to monitor a network, but that FISMA guidance needs to be considered because right now we have to go through certification and accreditation and if there are any holes we won’t be able to do anything. And finally he thinks they need to take a look at what we need to do in the application area to best support the IPv6 and what applications are required.

“We do take security very, very seriously, said Charlie Wisecarver, State Department CIO.

“I think IPv6 is going to introduce some new security concerns but ultimately we will be better off as we become smarter about this and adjust our policies and procedures. The denial of service possibilities is always a very, very serious concern for us as so much of our work is done through the internet. I think this can all be mitigated through some monitoring tools. The intrusion detection system, we haven’t heard too much about those types of tools that will help us identify those intrusion sets and how we can mitigate this quickly.”
Report Spam   Logged

Share on Facebook Share on Twitter

birther truther tenther
Full Member
Offline Offline

Posts: 182

View Profile
« Reply #1 on: December 10, 2010, 12:37:16 pm »

Wisecarver's bio

Charlie Wisecarver
Deputy Chief Information Officer and Chief Technology Officer
Department of State

Mr. Wisecarver, a career member of the Senior Foreign Service, assumed the duties of the Deputy Chief Information Officer and Chief Technology Officer of the Department of State on June 5, 2006. Previously he was the Director of the State Messaging and Archive Retrieval Toolset (SMART) Program Office. SMART is the Department's top information technology priority and will modernize disparate legacy-messaging systems and establish a single centralized system for all types of documents including telegrams, memoranda, e-mails, and Diplomatic Notes.

Approximately half of Mr. Wisecarver's career has been spent working as an Information Management Specialist in overseas missions. He has served in Ecuador and Mexico managing the Embassy's computer systems and telecommunications networks. In domestic assignments Mr. Wisecarver served as the Director of the State Department's Messaging Systems Office for four years. In this position he was responsible for enterprise telegram and e-mail delivery. Prior to Y2K he oversaw the modernization of all consular computer systems around the world.

Before joining the State Department, Mr. Wisecarver served as a computer programmer analyst for Department of Defense and a Peace Corps Volunteer in Niger. Mr. Wisecarver is married with two children.
Report Spam   Logged
birther truther tenther
Full Member
Offline Offline

Posts: 182

View Profile
« Reply #2 on: December 10, 2010, 12:38:49 pm »

All of this chatter on a "Digital Pearl Harbor" going back since the 1990s, and on the very anniversary of the real Pearl Harbor, Assange gets set-up and arrested for some feminist sex "crime".  This acts as a catalyst for the hacktivism community to DDoS financial sites such as Visa and MasterCard.  This is the very same attack that CSIS, Heritage, CATO, FrontPage, CFR, NCOIC, DHS, DoD, etc have been talking about for at least a decade.

While this is unfolding, Richard Clarke (the guy who coined the phrase "Digital Pearl Harbor") and General Michael Hayden and Jeffery Carr are meeting at Georgetown to discuss this "Digital Pearl Harbor",823.msg2776.html#msg2776

Then you have the State Department Chief Information Officer claiming that they need IPv6 to protect their cables back in 2007!

This is way too insane.

The coincidence theorists are going to have fun with this one.
Report Spam   Logged
birther truther tenther
Full Member
Offline Offline

Posts: 182

View Profile
« Reply #3 on: December 10, 2010, 12:39:16 pm »

May 18, 2007 • Volume 5 • Number 5


On Your Mark

One year later. It’s time to mark progress on IPv6.

A year ago, the Federal Executive Forum presented one of the first top level discussions of IPv6 and it’s implications. Now, one year later, this Federal Executive Forum panel has reconvened to talk about successes and continuing challenges.


Commerce’s John McManus is a leader on the IPv6 government transition committee. He has spent a good deal of his time extolling the virtues of IPv6.


“When we got together a year ago we were really in the early stages of moving out on IPv6 and over the last year we’ve really been focusing on communications, planning, and relationship building,” says McManus.


“We’ve spent a lot of time out making sure that there’s a clear scope for the federal transition; that each of the agencies is getting the fundamental steps of their planning done so that we are working towards common success criteria and a common goal.”


The IPv6 Committee has been doing lot of outreach across the federal government to build the relationships to allow the smaller agencies to leverage the strength and experience of the larger agencies. “We’ve also spent a lot of time focusing on the opportunity and working to get people to understand that there really is a long transition,” said McManus.


“This is a part of our normal network evolution and that we need to look past just June of 2008 when we will bring IPv6 onto our core network and start communicating those new capabilities into our customer community so that they can start developing programs and projects that leverage those.


So in the past year we’ve really been focused on communications, planning, and then getting the message out on those new capabilities and I think we’ve really started to see a strong uptake in the user community for ways that they now envision IPv6 adding value to them.”


For committee co-chair, Education’s Peter Tseronis the last year has been a collaborative learning and awesome experience from the standpoint of the federal government taking charge.


“A year ago, June 30, 2008 seemed a long way off. And there were a lot of early milestones and requirements that were put on agencies by way of memos and so forth. And it was a lot of action really quick and I like to think that since then, since the last time we chatted, this is kind of that lull period. OK we’ve got these early deliverables; we’ve got time to get to June 30, 2008.”


A year later and there is still much to do collaborating with DoD to do and more to be done presenting there’s a unified front from the federal government perspective that “we are one unified team”, says Tseronis.


“We are trying to synergize with the vendor community and not just treat this as another government mandate. But really look at it beyond the fact that it is some technical plumbing infrastructure perspective. This is an opportunity for the federal government to look and say how do I want my network to look in the future?


What can I do to modernize it and take advantage of this opportunity versus looking at it as this is something that we have to do and then it’s going to be over with. It’s really laying the foundation for an infrastructure to do these really neat things that we’ll probably be talking about a little later.”


Charlie Wisecarver at the State Department has also been very active in the participation of the public/private partnerships, working with the vendors out there and understanding what products are going to be available and when they are going to roll. “We’ve been doing a watching, studying and planning role right now and we’ve been working on that very hard over the last year. We are watching the market place drivers,” explains Wisecarver.


“We are also looking beyond the IPv6 and how that’s done in some of our lab testing and what are going to be the next practices and it’s very, very important to the Department of State. We have diplomats in over 260 missions around the world so we see this as a very exciting opportunity and it’s really going to enable our diplomats in their work.”


GSA is in a little bit of a different position according to GSA's Fred Schobert, Networx program manager “We had to deal with IPv6 we had to figure out how we were going to specify in the requests for proposals to industry that have now been awarded. And what we did is IPv6 is clearly specified as a requirement in the Networx Universal and Enterprise programs; and we put specs and interfaces in there that contractors have to be able to meet and deal with from a backbone standpoint.”


For Schobert, the next step GSA is looking at is how “to better support agency customers in terms of certification and testing, training, those kinds of things and we are looking right now what to do to stand up a leadership role to be able to support our customers.”
Report Spam   Logged
birther truther tenther
Full Member
Offline Offline

Posts: 182

View Profile
« Reply #4 on: December 10, 2010, 12:39:34 pm »

May 18, 2007 • Volume 5 • Number 5


Next Generation’s Four Challenges

IPv6 faces formidable, but not insurmountable challenges.

“Culturally people know what IPv6 is today,” states Education's Peter Tseronis.

“I’m known as the IPv6 guy at Education. I get the forwarded emails or what have you and the phone calls. People at least are talking about it. A year ago it was, what? And you say Internet is really known as IPv4 and people say what? Now I get it, IPv6 is the next generation.” For Tseronis, the Challenge 1 is culture. Change never comes easy, but he sees more IPv6 acceptance. 

Challenge 2 is Money. Take a cue from OMB. It’s the opportunity to look at your refresh dollars and say ‘hey look at your network does it need to be refreshed? Will you refresh it?’

Tseronis says put that procedure, that process in place. “You still may not get the money or the funding but at least you can build a business case for getting investments to upgrade your network and by the way you might as well buy a procure an IPv6 compliant product.”

Challenge 3 is Policy.

“We are in the midst of defining some acquisition policies, testing policies, accreditation policies. We are working with the vendor community on issues that have to be ironed out before we go and buy a product and say hey I want this device and I want to make sure it’s an IPv6 compliant router, or switch, or firewall,” Tseronis explains.

“If I’m a customer in the federal government, I’m going to Cisco saying ‘hey I want an IPv6 product.’ Well I want them to say OK on this approved product list or what have you, these are the products that you can purchase. So just to say I want everything IPv6 compliant or the application of the hardware that exists today. We are still defining the regulations around creating something that can be a pick and choose type of scenario.”

Challenge 4 is “Thinking Out of the Box”.

And lastly it’s really the thinking out of the box challenge.

“It really comes down to you have to think outside of what you want to be doing with this in the future and how you want to be doing it and make the assumption that IPv6 infrastructure is going to enable that. We didn’t think about that when the internet first popped up, we just thought it was cool to surf the net. Now we are saying there’s going to be a new infrastructure you will be able to do more things like auto configuration, recovery, etc., etc. But people are a little bit hesitant because people are well what we have today isn’t broken, so don’t try to fix it.”

The funding issue isn’t lost on State Department’s Charlie Wisecarver.

“Clearly for the Department of State it’s a funding question.” There are competing requirements out there. To become IPv6 compliant by June 2008 will require a significant amount of funding and State’s widespread organization also presents some challenges that will be alleviated as COTS products become more available.

“Right now to try to sell IPv6 to senior executives in the State Department, it’s not sexy, there’s nothing really there for them to grab on to. They’d much rather fund legacy programs or other types of activities. I think that the good news is, as more and more COTS products become available, that’s going to make it a much easier sell. Folks will begin to realize how important it is to transition to IPv6.”

For Commerce’s John McManus, selling what’s important over the the long haul is the key.

“I think the big challenge, this is a day to day challenge, is to get everyone to understand that we need to be thinking about the long term,” said McManus.

“We shouldn’t be selling IPv6. We need to be selling the capabilities that IPv6 brings to our mission. That really is a very large challenge because when you go in to talk to senior leadership, when we did the network evolution at NASA, as we are doing our network evolution at the Department of Commerce, I don’t mention IPv6 other than to say our gear will be compliant with the mandate. I talked about how is this going to enable the Department of Commerce, NOAH, the National Weather Service, to provide better services to the citizens or to provide better capability to our internal users.”

McManus says there can’t be too much focus on the protocol itself; and that the protocol is bringing new capability. The messaging has to really be focused on enabling new capabilities that allow us to do new things for the citizens and new things for our users.

For GSA’s Fred Schobert, the major challenges are in terms of training and service support. “There will be transition challenges for our agency customers we are going to have to address and work with them on; and then basic overall training. One of the things we need to do also is become more crystal clear I believe at the user level on what the benefits for IPv6 are. But I have to think any investments made will be based on their understanding of what the ultimate benefits will be. So I think as a group and as an industry government team we need to become clearer on exactly what are the benefits for making that investment.”

Cisco’s Dave West is encouraged that the 2008 deadline has gotten government moving.

“I think people looked at the deadline and thought that everything needed to be IPv6 capable by the deadline, that government agencies would have transitioned by the deadline, when in reality, all it did was energize the government to start planning and preparing for this transition,” said West.

West also notes there is still a lot of work to do from the product perspective, from a solution perspective and education within the government

“There’s absolutely work that needs to be done in terms of preparing government agencies and entities for this transition; preparation needs to be done to make sure that any move towards any new protocol doesn’t impact day to day operations.”

West sees a lot of movement to get the job done over the next 24 to 36 months.

“I think as government looks and agencies look as what services they want to provide, what services they want to enable for IPv6 they may take different approaches on how they enable those services. How they take advantage of what that protocol offers.”

Education is also top of mind for Command Information’s Tom Patterson.

“The more people that understand their day job, the more that they understand the new capabilities that are in the Internet that they already have, the less frightened they are of the change and some of the key reasons that were bandied about last year are really falling by the wayside,” states Patterson.

According to Patterson there’s no v6 to buy so you don’t have to go out and get a line item for a big v6 thing. You are already buying routers, you are already buying computers, you are already buying the phones, you just need to specify as GSA Networx did, that when you buy these services they should support the new versions of the internet. So that has really taken that big fear away. Education then unlocks the art of the possible.

“In reality if you talk to them, if you educate about what they do in their language, and that’s what our whole series of training exercises do, is talk about supply chains, talk about telework, talk about cars and mobile and all these things that the government lives off of, that run our government. If you talk about how it affects that, then they tend to pick it right up.”
Report Spam   Logged
Pages: [1]   Go Up
Jump to:  

Powered by EzPortal
Bookmark this site! | Upgrade This Forum
Free SMF Hosting - Create your own Forum

Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.053 seconds with 24 queries.