Charles Sun
As the next-generation Internet
Protocol, IPv6 (Internet Protocol version 6) is the prerequisite for the future
growth and development of the Internet. In the era of artificial intelligence
(AI), 5G, and Internet of Things (IoT), there are increasingly more and more
innovations and emerging technologies that will be heavily relying on the
support of the Internet, which is currently running in the so-called dual-stack
of mode operations using both Internet Protocol version 4 (IPv4) and Internet
Protocol version 6 (IPv6). Moreover, adopting and enforcing the IPv6-only
policy worldwide by securely deploying the single stack of IPv6, turning off
IPv4, and setting a specific deadline to sunset IPv4 completely, will
dramatically reduce the overall cybersecurity threats and attacks based on
IPv4.
Therefore, the IPv6-only policy is not
only the most effective and efficient approach to protect and defend our new
cyber frontier but also the best weapon we have in cyber warfare. Here are the
reasons why:
First, despite hundreds of billions of
dollars are spent globally each year on cybersecurity, organizations worldwide,
big or small, are still struggling around the clock every single day to deal
with constant cyberattacks and data breaches, most of which are based on the
current predominate version of Internet Protocol - IPv4. This seems to be a
losing battle that one can hardly see the light at the end of the tunnel
anytime soon, let alone gain an upper hand in the fight.
In 2018, for instance, there were more
than 41,600 security incidents reported and over 2,000 confirmed data
breaches worldwide, notwithstanding we spent more than $114 billion worldwide in 2018 on cybersecurity. In other words,
there were more than 114 reported security incidents on average every day in
2018, approximately six of which were confirmed data breaches, costing the
global economy more than $1.5 trillion with over $2,900,000 being lost to cybercrime every
minute! One related report predicts that cybercrime will cost the world
over $6 trillion annually by 2021. Meanwhile, a study in 2019 predicted
that global spending on cybersecurity products and services would exceed $1 trillion cumulatively over the five years from 2017 to 2021. A
similar study estimated that worldwide spending on information security-related
products and services reached over $124 billion in 2019 alone with an increase of more than 141 percent since 2010. According to one of the Gartner’s forecast
analyses, the global information security market will reach $170.4 billion in 2022.
Second, the situation can only get
worse in a few more years when the IPv6 adoption rate will reach 100 percent
running in parallel with IPv4, effectively doubling the overall attack vectors.
According to one estimate, based on the current trend the global IPv6 adoption
rate will reach 100 percent in 2028.
Based on the latest Internet
Society’s State of IPv6 Deployment 2018 report, worldwide IPv6 deployment has
increased dramatically since 2012. For instance, in 2018 more than 80 percent
of smartphones in the US already used IPv6, and the mobile wireless carriers are
rapidly becoming an IPv6-only market with 93.69% of T-Mobile USA mobile users
already using IPv6. Furthermore, many companies including Facebook, Google,
Microsoft, are adopting an IPv6-only policy by turning off IPv4 internally
within their enterprises.
Consequently, the federal government
also seems ready to resume its leadership role in driving the IPv6 adoption across
all federal agencies. The Department of Defense (DOD), for example, after many
years of missing in action, finally restarted the effort to deploy very
aggressively IPv6 across all of its components based on the recently published DOD
CIO memo on IPv6, which in turn will undoubtedly have a huge influence on the creation of
a new federal policy on IPv6 deployment across all federal agencies. The impact
of such a new federal IPv6 policy on both the public and private sectors cannot
be underestimated.
Third, adopting an IPv6-only policy to
securely deploy the single stack of IPv6 globally and to sunset IPv4 will
dramatically reduce the overall cybersecurity threats and attacks based on
IPv4! It is a material fact that we will immediately achieve a 100 percent
reduction of all current global cyberattacks and cybersecurity threats based on
IPv4 the moment we turn off IPv4. We will also immediately achieve more than 50
percent reduction globally of the overall cyberattacks based on IPv4 and IPv6
separately, and the combination of both collectively.
Consequently, we must change our
cybersecurity strategy dramatically right now to efficiently secure and
effectively defend the global cyberinfrastructure before the time is running
out. Our whole paradigm of cybersecurity and cyber defense policy must be completely
shifted to focus on securely deploying the single stack of IPv6 worldwide
instead of running and supporting both IPv4 and IPv6 simultaneously, engaging
the enemies in two separate battlegrounds concurrently, fighting two separate
wars with limited resources. We should and must utilize all of our global
resources wisely and concentrate on fighting and winning only one war! The
IPv6-only policy is not only the best weapon we have in cyber warfare but also
our last chance to effectively protect the cyberspace and efficiently defend
our new digital frontier.
Now it is high time to create and
enforce an IPv6-only policy worldwide by turning off IPv4 and set a specific
deadline to sunset IPv4 globally.
It is not a question as to whether or not we should adopt and enforce an IPv6-only policy by turning off and sunsetting IPv4, but rather a question that we all must ask: if not now, when?!
Disclaimer: The views presented are only personal opinions and they do not necessarily represent those of the U.S. Government.
Reference for this article:
Sun, Charles. “Adopting and Enforcing an IPv6-Only Policy: If Not Now, When?” Homeland Security Today. 11 February 2020.
#cybersecurity #cyberattacks #cybersecuritythreats #cloudsecurity #cyber #ipv4 #ipv6 #ai #iot #5g #ipv6only #internetofthefuture
If IPv4 was suddenly shunned there would be a temporary decline in cyber security incidents, but the bad people out there would soon figure out how to replicate their malware on IPv6. There's nothing inherently more secure in IPv6.
ReplyDeleteThe only good statistics we have on IPv6 traffic come from AMS-IX and it indicates that less than 3% of the internet exchange traffic is IPv6. It is true that Google has much larger numbers, around 25-30%, but this is not traffic, it is the undefined, "availability of IPv6 connectivity among Google users".
Further, if you zoom in on the curve, you will note a distinctive weekly cycle that surprisingly peaks on weekends, indicating that commercial traffic is less likely to use IPv6. Also, since many cellphones are dual-stack, a lot of the google users measured could be cellphones generating relatively little traffic. So, if converted into terms of traffic (like the AMS-IX statistics) the percentage may be much lower.
The question really is whether IPv6's chance has been squandered due to design flaws, and we need to go back to the drawing board and design IPv7.
There are more than a couple myth about IPv6. For example,
ReplyDeleteA. Security: Vint Cerf stated, "And like all tech implementations, security is another issue – neither IPv6 nor IPv4 protect against denial of service attacks, for example. “Switching from one protocol to the other or running them both in parallel doesn’t solve that problem, which simply means we have many other things to worry about,”
https://www.govtech.com/policy-management/Why-the-Internet-of-Things-Needs-IPv6.html
B. Despite much media mention, the actual IPv6 traffic level has been in question recently. An article and discussion started by Ericsson Research would be a good place to get some general idea:
http://www.circleid.com/posts/20190529_digging_into_ipv6_traffic_to_google_is_28_percent_deployment_limit/
So, David is correct by saying that the perceived "better" IPv6 security performance may be the result of IPv6 having not gotten high enough traffic to attract hackers' attention.
Abe (2020-02-26 23:43 EST)