<DOC> [109th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:22510.wais] TO LEAD OR TO FOLLOW: THE NEXT GENERATION INTERNET AND THE TRANSITION TO IPv6 ======================================================================= HEARING before the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED NINTH CONGRESS FIRST SESSION __________ JUNE 29, 2005 __________ Serial No. 109-41 __________ Printed for the use of the Committee on Government Reform Available via the World Wide Web: http://www.gpoaccess.gov/congress/ index.html http://www.house.gov/reform ______ U.S. GOVERNMENT PRINTING OFFICE 22-510 WASHINGTON : 2005 _____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800 Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001 COMMITTEE ON GOVERNMENT REFORM TOM DAVIS, Virginia, Chairman CHRISTOPHER SHAYS, Connecticut HENRY A. WAXMAN, California DAN BURTON, Indiana TOM LANTOS, California ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York JOHN L. MICA, Florida PAUL E. KANJORSKI, Pennsylvania GIL GUTKNECHT, Minnesota CAROLYN B. MALONEY, New York MARK E. SOUDER, Indiana ELIJAH E. CUMMINGS, Maryland STEVEN C. LaTOURETTE, Ohio DENNIS J. KUCINICH, Ohio TODD RUSSELL PLATTS, Pennsylvania DANNY K. DAVIS, Illinois CHRIS CANNON, Utah WM. LACY CLAY, Missouri JOHN J. DUNCAN, Jr., Tennessee DIANE E. WATSON, California CANDICE S. MILLER, Michigan STEPHEN F. LYNCH, Massachusetts MICHAEL R. TURNER, Ohio CHRIS VAN HOLLEN, Maryland DARRELL E. ISSA, California LINDA T. SANCHEZ, California GINNY BROWN-WAITE, Florida C.A. DUTCH RUPPERSBERGER, Maryland JON C. PORTER, Nevada BRIAN HIGGINS, New York KENNY MARCHANT, Texas ELEANOR HOLMES NORTON, District of LYNN A. WESTMORELAND, Georgia Columbia PATRICK T. McHENRY, North Carolina ------ CHARLES W. DENT, Pennsylvania BERNARD SANDERS, Vermont VIRGINIA FOXX, North Carolina (Independent) ------ ------ Melissa Wojciak, Staff Director David Marin, Deputy Staff Director/Communications Director Rob Borden, Parliamentarian Teresa Austin, Chief Clerk Phil Barnett, Minority Chief of Staff/Chief Counsel C O N T E N T S ---------- Page Hearing held on June 29, 2005.................................... 1 Statement of: Curran, John, chairman, American Registry for Internet Numbers; Jawad Khaki, corporate vice president, Microsoft Corp.; Stan Barber, vice president, Verio, Inc.; and Alex Lightman, chief executive officer, Charmed Technologies, Inc........................................................ 56 Barber, Stan............................................. 83 Curran, John............................................. 56 Khaki, Jawad............................................. 65 Lightman, Alex........................................... 91 Evans, Karen, Administrator, Electronic Government and Information Technology, Office of Management and Budget; David Powner, Director, Information Technology Management Issues, Government Accountability Office; Keith Rhodes, Chief Technologist and Director, Center for Technology and Engineering, Government Accountability Office; George Wauer, Director, Architecture and Interoperability, Office of the Assistant Secretary of Defense for Networks and Information Integration and Office of the Chief Information Officer, U.S. Department of Defense, accompanied by Major General Dennis Moran, Vice Director, Command, Control, Communications and Computer Systems, Joint Chiefs of Staff, U.S. Department of Defense................................. 11 Evans, Karen,............................................ 11 Powner, David............................................ 18 Rhodes, Keith............................................ 45 Wauer, George............................................ 45 Letters, statements, etc., submitted for the record by: Barber, Stan, vice president, Verio, Inc., prepared statement of......................................................... 86 Cummings, Hon. Elijah E., a Representative in Congress from the State of Maryland, prepared statement of............... 109 Curran, John, chairman, American Registry for Internet Numbers, prepared statement of............................. 59 Davis, Chairman Tom, a Representative in Congress from the State of Virginia, prepared statement of................... 4 Evans, Karen, Administrator, Electronic Government and Information Technology, Office of Management and Budget, prepared statement of...................................... 14 Khaki, Jawad, corporate vice president, Microsoft Corp., prepared statement of...................................... 67 Lightman, Alex, chief executive officer, Charmed Technologies, Inc., prepared statement of.................. 94 Porter, Hon. Jon C., a Representative in Congress from the State of Nevada, prepared statement of..................... 108 Powner, David, Director, Information Technology Management Issues, Government Accountability Office, prepared statement of............................................... 19 Wauer, George, Director, Architecture and Interoperability, Office of the Assistant Secretary of Defense for Networks and Information Integration and Office of the Chief Information Officer, U.S. Department of Defense, prepared statement of............................................... 47 Waxman, Hon. Henry A., a Representative in Congress from the State of California, prepared statement of................. 8 TO LEAD OR TO FOLLOW: THE NEXT GENERATION INTERNET AND THE TRANSITION TO IPv6 ---------- WEDNESDAY, JUNE 29, 2005, House of Representatives, Committee on Government Reform, Washington, DC. The committee met, pursuant to notice, at 2:15 p.m., in room 2154, Rayburn House Office Building, Hon. Tom Davis (chairman of the committee) presiding. Present: Representatives Davis of Virginia, Gutknecht, Dent, Waxman, Cummings, Kucinich, Higgins and Norton. Staff present: Melissa Wojciak, staff director; David Marin, deputy staff director/communications director; Chas Phillips, policy counsel; Rob White, press secretary; Drew Crockett, deputy director of communications; Victoria Proctor, senior professional staff member; Teresa Austin, chief clerk; Sarah D'Orsie, deputy clerk; Leneal Scott, computer systems manager; Kristin Amerling, minority general counsel; Nancy Scola, minority professional staff member; and Earley Green, minority chief clerk. Chairman Tom Davis. The committee will come to order. I apologize for starting late, we were supposed to have a vote on the floor. I was over there so I could leave at the beginning of the vote and they ended up with just a voice vote. Welcome to today's hearing on the Next Generation Internet and the transition to Internet protocol version 6 [IPv6]. Nearly 30 years ago in a Department of Defense lab, the Internet was born. Originally designed to facilitate communications after a nuclear strike, as the protocols were tested, refined and implemented, people began to recognize the possibilities for far broader applications. Today, these protocols underpin the Internet. American ingenuity developed, fostered, and fielded these simple open protocols to solve a narrow set of problems, but this seemingly small network solution has sparked a global revolution in communications. Over the past decade, cyberspace has grown into a dynamic nervous system that controls our Nation's critical cyber and physical infrastructures. Within an hour's drive of Fairfax County, there are about one quarter of all Internet Service Providers on the entire planet. About a quarter of all the Internet packets in the world are going through a hub in northern Virginia. If you drive down the Dulles Access Road, you can see the physical impact of the Internet on Virginia, but the current Internet, and the protocols and networks that underpin it, may have reached its limits. Internet protocol version 6 [IPv6], offers benefits for expanded addressing, greater security, and new products, services, and missions for Next Generation Internet applications. However, it presents several challenges including: one, understanding the international implications; two, preparing the Federal Government; and three, ensuring a secure transition. Not surprisingly, interest in IPv6 is gaining momentum around the world, particularly areas that have limited IPv4 address space to meet their industry and consumer communications needs. Regions that have limited IPv4 address space such as Asia and Europe have undertaken aggressive efforts to deploy IPv6. Asian countries have been aggressive in adopting IPv6 technology, because Asia controls only about 9 percent of the allocated IPv4 addresses, and yet has more than half of the world's population. Asian governments have invested hundreds of millions of dollars in IPv6 technology. China has been extremely aggressive and Japan has set up an IPv6 Promotion Council, using tax incentives to encourage research and adoption of IPv6 by its private sector. Europe currently has a task force that has the dual mandate of initiating country and regional IPv6 task forces across European states and seeking global cooperation around the world, and Europe's Task Force and the Japanese IPv6 Promotion Council forged an alliance to foster worldwide deployment. Here at home, challenges such as procurement, information technology management, and modernization are often addressed deliberately by the Federal Government and change often takes years to implement, but these are the challenges we take up on this committee. Federal Government IT expenditures are on track to surpass $65 billion in fiscal year 2006, making the Federal Government once again the largest purchaser of IT products and services in the world. In addition, a recent report forecasts that IT spending will continue to rise throughout the decade, reaching over $90 billion in fiscal year 2010. With this buying power, we need to make sure that the best and most secure technology is a priority when the Government acquires IT goods and services. I believe that we all want the United States to have the world's best information technology infrastructure, including maintaining the world's best Internet industry. I believe we all want U.S. defense capabilities to perform with maximum effectiveness and efficiency, and to realize the full potential of net-centric warfare. I believe we all want the best Homeland Security systems, including cameras, sensors, and first responder systems intelligently integrated together. I believe we all want fiscally responsible Federal spending, including spending on information infrastructures that will deliver multiple returns on investment and preserve taxpayer dollars. Today, we will hear about Federal efforts to transition to IPv6. Our purpose here is to learn from the public and private sectors, to hear if IPv6 can help us achieve long-term economic, defense, homeland security, and technological leadership. If it can play a part in reaching those goals, then I want to know what support the Government Reform Committee, the Congress, and the U.S. Federal Government need to provide. I also want to learn about the risks. Every day brings news of another computer intrusion or data theft. I hope to hear about the security risks that exist under the current protocol, how IPv6 might address these risks, and whether the transition presents its own risks. Finally, I hope to learn if the United States is at competitive risk with respect to the Next Generation Internet. My committee held a hearing recently about the lengths to which the Chinese government would go to make sure that only Chinese software is purchased by Chinese government agencies. The Chinese government not long ago announced that CERNET2, the first network based on pure IPv6 technology, was going into formal operation. An official from China's National Development Reform Commission said China's Next Generation Internet will bring huge benefits to their national economy and increase the country's competitiveness in national defense, economy, science and technology. Last year, I asked GAO to look at IPv6 and its implications for the Federal Government. Today, we are here, in part, to review their report, which highlights the fundamental challenges facing the Federal agencies, the White House, and Congress. However, to reap the benefits from IPv6 Federal agencies must first begin to plan and develop requirements that will take full advantage of what the new protocol offers. I hope that the Office of Management and Budget will continue its leadership role in information policy and begin to address some essential issues, including how much IP address space the Federal agencies may require, whether the Federal Government is ready for the transition, and how much it will cost. At this stage, I am gathering input on IPv6. I was pleased to receive a copy of the Department of Defense IPv6 Transition Plan recently. I am looking forward to receiving the Department of Commerce's report as soon as possible, and see how IPv6 can help America's economy and help America's exports. The vast majority of the technology we know and use is rooted in the United States. Many of these innovations were a result of the ideas and hard work from individuals who came from other countries to live, to work, or to be educated, some of whom are here today. America draws the best and the brightest from around the globe, they produce their best work here, and then we share those efforts with the rest of the world. I am confident that we can meet the challenge of this transition. I would now recognize the distinguished ranking member, Mr. Waxman, for an opening statement. [The prepared statement of Chairman Tom Davis follows:] [GRAPHIC] [TIFF OMITTED] T2510.001 [GRAPHIC] [TIFF OMITTED] T2510.002 [GRAPHIC] [TIFF OMITTED] T2510.003 Mr. Waxman. Mr. Chairman, thank you for holding today's hearing on Internet protocol version 6, what is often called the ``Next Generation Internet.'' The architecture of the Internet was first developed more than 30 years ago, but the Internet of today is far different than it was then. Whereas the early Internet joined together a small number of computers, the Internet today connects desktop computers, laptop computers, network servers, handheld Blackberries, cell phones and cars. Even dishwashers and refrigerators are beginning to go online. The Internet is not yet breaking down under the strain, but there are limitations that need to be addressed. The current system has the capacity to connect together 4 billion different computers and devices at any one time. This may seem like a lot, but consider the computers and cell phones one typical family might own today, or all the desktops, laptops, and Blackberries in use in the Federal Government. Four billion seems even smaller in light of the growing Internet use worldwide. In fact, it is only because of network administrator ingenuity that the current protocol's technological limitations are not paralyzing the Internet. The Next Generation Internet eliminates major existing technological limitations. This new system increases access to the Internet exponentially while also offering the added benefits of more sophisticated security and improved connectivity. Consumers will reap these benefits, but it is the Federal Government that may well be the greatest beneficiary. A recent GAO study found that Next Generation Internet could help DOD to create more advanced weapons and information systems. Other potential uses include wireless border security sensors and interoperable networks for first-responders. Unfortunately, the Government is not taking full advantage of this opportunity. GAO found that few agencies beyond the Defense Department have even begun to ready themselves for the Next Generation Internet. Meantime, the rest of the world is taking Next Generation Internet seriously. China is building a nationwide network that will run on the new system. India's private sector is actively moving to take advantage of these new technologies. The Next Generation Internet is coming. I look forward to hearing from witnesses about what we can do to take the lead in developing the Internet as we did 30 years ago or we can wait for this evolution to pass us by and then play catch up. Thank you, Mr. Chairman, for the opportunity to make an opening statement. I look forward to the testimony of the witnesses today. [The prepared statement of Hon. Henry A. Waxman follows:] [GRAPHIC] [TIFF OMITTED] T2510.004 [GRAPHIC] [TIFF OMITTED] T2510.005 [GRAPHIC] [TIFF OMITTED] T2510.006 Chairman Tom Davis. Mr. Waxman, thank you very much. The Members will have 7 days to submit opening statements for the record. I will now recognize our first panel, a very distinguished panel. We have: the Honorable Karen Evans, Administrator, Electronic Government and Information Technology, Office of Management and Budget; David Powner, Director, Information Technology Management Issues, Government Accountability Office; Keith Rhodes, Chief Technologist and Director, Center for Technology and Engineering, Government Accountability Office; George Wauer, Director, Architecture and Interoperability, Office of the Assistant Secretary of Defense for Networks and Information Integration and Office of the Chief Information Officer, U.S. Department of Defense. Mr. Wauer is accompanied by Major General Dennis Moran, Vice Director, Command, Control, Communications and Computer Systems, Joint Chiefs of Staff, U.S. Department of Defense. General Moran, thank you for being with us today. It is the policy of the committee to swear all witnesses before you testify. [Witnesses sworn.] Chairman Tom Davis. We will start the testimony with Ms. Evans. Karen, you know the rules. We try to keep it to 5 minutes. Your entire statement is in the record. Questions will be based on your entire statement but you have 5 as a summary. Karen, thanks a lot for being with us again. STATEMENTS OF KAREN EVANS, ADMINISTRATOR, ELECTRONIC GOVERNMENT AND INFORMATION TECHNOLOGY, OFFICE OF MANAGEMENT AND BUDGET; DAVID POWNER, DIRECTOR, INFORMATION TECHNOLOGY MANAGEMENT ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE; KEITH RHODES, CHIEF TECHNOLOGIST AND DIRECTOR, CENTER FOR TECHNOLOGY AND ENGINEERING, GOVERNMENT ACCOUNTABILITY OFFICE; GEORGE WAUER, DIRECTOR, ARCHITECTURE AND INTEROPERABILITY, OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE FOR NETWORKS AND INFORMATION INTEGRATION AND OFFICE OF THE CHIEF INFORMATION OFFICER, U.S. DEPARTMENT OF DEFENSE, ACCOMPANIED BY MAJOR GENERAL DENNIS MORAN, VICE DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS AND COMPUTER SYSTEMS, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF DEFENSE STATEMENT OF KAREN EVANS Ms. Evans. Thank you for inviting me to speak about the Federal Government's efforts in preparing for the transition to Internet protocol version 6. This afternoon, I would like to briefly identify the steps we are taking in preparation for transition. As I mentioned in my April 7, 2005 testimony before this committee regarding our efforts to safeguard the Government's information systems, late last fall OMB directed the agencies to provide a preliminary report on their planning activities for the transition to IPv6. Only the Department of Defense had undertaken any significant effort in this area. Given the lack of government-wide progress and our concern regarding the complexities of transition, we recognize the need to begin developing a comprehensive transition planning guide and process. We are about to take the first step and issue a policy memorandum providing guidance to the agencies to ensure an orderly and secure transition to IPv6. The purpose of the guidance will be to ensure effective planning and to raise the level of awareness and urgency of preparing for IPv6. The overarching challenge facing us is ensuring continued, uninterrupted functionality of Federal agencies during the transition while providing continued and improved information assurance. This will require major changes in the architecture of many agency networks. Since there is a large embedded base of IPv4-compatible equipment and applications, transitioning to IPv6 will also require large capital investments and labor resources. While the challenges are significant, they are not insurmountable, especially if we approach them methodically and in phases. The guidance will lay out five important actions the agencies should take. First, agencies will have to familiarize themselves to the transitions issues by reviewing the GAO report, the Commerce report, and particularly the Department of Homeland Security's US-CERT advisory of security issues concerning IPv6. Since IPv6 is already present in many Federal agency networks, it is important that agencies begin addressing the security risks associated with IPv6 now. Second, agencies will have to assign a specific individual to lead and coordinate agency planning. This person will be responsible for monitoring, enforcing, and reporting on the transition and implementation of IPv6 within the agency. Third, agencies will develop an inventory of existing IP capable devices and technologies. To ensure an orderly transition from IPv4 to IPv6, we must establish a baseline and determine the size of the problem. While we know IPv6 technologies are deployed throughout the Government, but like other organizations, we do not know specifically which ones, how many there are, or precisely where they are located. We are planning for each agency to file a report of their inventory of IP capable devices and technologies to OMB in the first quarter of fiscal year 2006. Fourth, agencies will conduct an impact analysis to determine fiscal and operational impacts and risks during the transition to IPv6. We are planning for each agency to report the results of this impact analysis to OMB in the first quarter of fiscal year 2006, and it should include analysis on cost and risk. For cost, the agencies must report on estimates for planning, infrastructure acquisition, above and beyond normal expenditures, training, and risk mitigation. Fifth, the policy will direct the CIO Council to develop before the end of the calendar year, more detailed IPv6 implementing guidance. It will include guidance for developing detailed prioritized schedules and milestones, integrating IPv6 with the agency enterprise architecture, developing necessary IPv6-related policies and compliance mechanisms, training material, and test plans for IPv6 compatibility and interoperability. To the extent the agencies are currently capable of addressing the elements of the future CIO Council guidance, they have been instructed to begin doing so now. We will also use the OMB EA Assessment Framework to measure the degree to which agencies are effectively performing this planning element. Our policy will also set June 2008 as the date by which all agencies' infrastructure, network backbones, must be using IPv6 and agency networks must interface with this infrastructure. Once the network backbones are ready, the applications and other elements will follow. Setting this firm date is necessary to maintain focus on this important issue. Overall the actions set out in our policy will begin to address the many challenges that come with IPv6 transition. I would like to take one moment to discuss one aspect of the implementation guidance. Later in this hearing, you may be hearing testimony that says IPv6 poses a problem associated with the capability called tunneling. In fact, tunneling is extremely widely used throughout the Government and industry and facilitates cost effective and safe communications. During the question period, I would be happy to answer your questions about the aspect of IPv6 tunneling and how it could be controlled and any other questions you have. Thank you for this opportunity to talk about the administration's strategy. [The prepared statement of Ms. Evans follows:] [GRAPHIC] [TIFF OMITTED] T2510.007 [GRAPHIC] [TIFF OMITTED] T2510.008 [GRAPHIC] [TIFF OMITTED] T2510.009 [GRAPHIC] [TIFF OMITTED] T2510.010 Chairman Tom Davis. Thank you very much, Ms. Evans. Mr. Powner. STATEMENT OF DAVID POWNER Mr. Powner. We appreciate the opportunity to testify on Internet protocol version 6. With me today is Keith Rhodes, GAO's Chief Technologist who will discuss the security aspects of transitioning to this new protocol. The initial benefits of IPv6 is that it will immediately remedy the shortage of worldwide Internet addresses and will greatly increase the number of devices that can connect to the Internet. IPv6 is clearly gaining momentum globally, especially in regions such as Asia where address space is limited and concerns exist about the U.S.'s adoption of the new protocol as it pertains to global competitiveness. This morning, I would like to leave you with three thoughts before Mr. Rhodes discusses the need to mitigate security transition risks. First, there are many benefits to the new protocol; second, Government transition has been slow; and third, key planning efforts are essential. In addition to the increased address space that will accommodate the growing number of users and mobile devices, IPv6 will, among other things, allow for an efficient and possibly faster routing, simplify network administration and enhance IP security by improving authentication and confidentiality of data sent over the Internet. The Department of Defense plans to utilize IPv6 features. For example, it envisions our future soldiers equipped with multiple IP addresses for communications and to monitor vital signs. Other Federal agencies, for the most part, have not initiated IPv6 planning efforts. Because of this, we recommended to OMB that they instruct Federal agencies to begin addressing key planning efforts. These include developing inventories and assessing risks, creating business cases and identifying timelines and methods for transition. Mr. Chairman, we have been working with the Office of Management and Budget and we recognize Ms. Evans' efforts that earlier this year called for Federal agencies to update strategic plans, enterprise architectures and acquisition strategies to address IPv6 transition. Although Ms. Evans' statement is encouraging, more effective leadership is needed. In addition, we also recommended that Federal agencies take immediate action to address near term security risks. Ironically, this new protocol that in the long term will improve network security creates several near term vulnerabilities if not properly managed, as Mr. Rhodes will now demonstrate. Before turning it over, Mr. Chairman, I would like to thank you for your leadership in this area and for jump starting the Federal Government's transition to this new protocol. [The prepared statement of Mr. Powner follows:] [GRAPHIC] [TIFF OMITTED] T2510.011 [GRAPHIC] [TIFF OMITTED] T2510.012 [GRAPHIC] [TIFF OMITTED] T2510.013 [GRAPHIC] [TIFF OMITTED] T2510.014 [GRAPHIC] [TIFF OMITTED] T2510.015 [GRAPHIC] [TIFF OMITTED] T2510.016 [GRAPHIC] [TIFF OMITTED] T2510.017 [GRAPHIC] [TIFF OMITTED] T2510.018 [GRAPHIC] [TIFF OMITTED] T2510.019 [GRAPHIC] [TIFF OMITTED] T2510.020 [GRAPHIC] [TIFF OMITTED] T2510.021 [GRAPHIC] [TIFF OMITTED] T2510.022 [GRAPHIC] [TIFF OMITTED] T2510.023 [GRAPHIC] [TIFF OMITTED] T2510.024 [GRAPHIC] [TIFF OMITTED] T2510.025 [GRAPHIC] [TIFF OMITTED] T2510.026 [GRAPHIC] [TIFF OMITTED] T2510.027 [GRAPHIC] [TIFF OMITTED] T2510.028 [GRAPHIC] [TIFF OMITTED] T2510.029 [GRAPHIC] [TIFF OMITTED] T2510.030 [GRAPHIC] [TIFF OMITTED] T2510.031 [GRAPHIC] [TIFF OMITTED] T2510.032 [GRAPHIC] [TIFF OMITTED] T2510.033 [GRAPHIC] [TIFF OMITTED] T2510.034 [GRAPHIC] [TIFF OMITTED] T2510.035 [GRAPHIC] [TIFF OMITTED] T2510.036 STATEMENT OF KEITH RHODES Mr. Rhodes. What I am going to explain to you is an exploit that we have used when we are testing Federal departments and agencies and one we have proven and documented in our own laboratory. The first slide is a typical IPv4 configuration. You see a router, intrusion detection, a firewall, all working together to protect a system that is connected to the Internet. The intruder on the left sends the target agency on the right a specially crafted e-mail. The targeted user opens the e-mail thinking it is a normal e-mail. Let me note here this attack does not require the user to double click on an attachment as is common with most MOU ware. If the e-mail is Web-based, that is, it is written in the language of the World Wide Web, the hypertext mark up language, then even if the user just previews it in the window in their mail system, the attack will launch. The e-mail looks normal to the target but deep inside the computer, the IPv6 stack is turned on, given an address and a mission. The mission is to send a shell back to the intruder using IPv6 inside IPv4. This means that the shell request is sent back to the intruder via tunnel which is carried by the IPv4 packets. The shell request is totally invisible to the firewall, the intrusion detection system and the Internet, just some normal looking IPv4 packets. Now there is a new network, a dedicated network between the intruder and the target agency unseen by most current firewall and IDS technologies. As the intruder explores the target agency, the intruder's software converts the PC to a router and many other computers answer the IPv6 call. Now there is a covert IPv6 network invisible to the target agency. My final point is this could have been avoided using available technology and best practices, for example, closing Port 41 to outbound traffic on your firewall. The transition to IPv6 can be done safely and securely with proper precautions. Otherwise, the intruders are out there and they know how to do this. Thank you, Mr. Chairman, and I will accept any questions. Chairman Tom Davis. Thank you very much. Mr. Wauer. STATEMENT OF GEORGE G. WAUER Mr. Wauer. Good afternoon. Thank you for the invitation to testify before the committee. In the interest of time, I will submit my formal written testimony for the record. I would, however, like to make the following key points. The Department of Defense views version 6 as a critical enabler in achieving our vision of global net-centric operations. Modifying version 4 to accomplish this version would have been, at best, problematical. Version 6 provides specific features that can make the net-centric vision a reality. In June 2003, the Department established the goal of transitioning to version 6 by 2008. We are defining phase timelines that include specific system implementations that address increasingly complex end-to-end functionality. However, due to the critical nature of the Department's mission, it is imperative that this transition not imperil our current operational capabilities. Our strategy and the position of the Department is to complete the transition with minimal additional costs by using phase timelines and relying primarily on already-scheduled and planned technology refreshments. In fact, since October 2003, we have required version 6 capability on all new acquisitions and procurements. This strategy allows the Department to leverage ongoing commercial and industry version 6 efforts. However, even with this transition strategy, there will be some additional costs for this major technology insertion. These additional costs are expected to be in the area of planning, engineering, technical assessments and training. Implementing version 6 across the Department is complex and presents many challenges. Careful and early planning has been necessary to ensure the transition to version 6 is accomplished in an effective and controlled manner. Version 6 must not be disruptive to the everyday, strategic tactical and business operations of the Department. DOD is firmly committed to the expeditious transition to version 6 in a manner that is affordable and protects the interoperability, security and performance of the existing requirements we have on our plate. Thank you and I appreciate the committee's interest in the transition for the Department and I would be happy to answer any questions. [The prepared statement of Mr. Wauer follows:] [GRAPHIC] [TIFF OMITTED] T2510.037 [GRAPHIC] [TIFF OMITTED] T2510.038 [GRAPHIC] [TIFF OMITTED] T2510.039 [GRAPHIC] [TIFF OMITTED] T2510.040 Chairman Tom Davis. Ms. Evans, let me start with you. IPv6 raises some very broad and very serious policy issues as you addressed. Some of these issues are squarely within OMB. For example, agencies are planning for IPv6 and securing their current systems. Other issues such as the international challenges, economic competitiveness, lack of IPv6 firewalls for classified systems go beyond the purview of OMB and the CIO Council. What is the administration doing to organize and address this challenge? Ms. Evans. First off, there are a couple things in there but more importantly, everything we do within the administration is coordinated within the Executive Office of the President. As we move forward and take on these issues, they are coordinated through the councils that exist within the Executive Office of the President. We have taken on this issue, my policy and how it impacts the Federal agencies has also been looked at going forward, so I can talk about what I am doing to affect the Federal agencies overall. I would be happy to take back any other specific questions that you have and get answers for the record. Chairman Tom Davis. Do we have any ballpark estimate of the cost and the labor requirements of the transition? Ms. Evans. Right now, based on the analysis we did, it could grow by an order of magnitude. This is the reason why we are asking for the agencies to prepare these reports and these documents so that we can get an estimate of what it is going to cost. For the most part, and I believe my colleagues from DOD have already stressed this, a lot of the costs as far as hardware, software or the products we buy, they are already IPv6 capable and enabled and have that capability. The cost we want to make sure we have a true handle on deal with the applications that are currently in place. They may be using something very specific to IPv4. That is why I agree with everything that has been said so far. The planning efforts will be very critical to get a good handle on the cost estimates. Chairman Tom Davis. Given the expenditures by the Europeans and the Asians on this, which far out-strip anything we have done are we behind the eight ball at this point? How would you describe where we stand? Ms. Evans. As far as the implementation of IPv6, I think everything you read in the GAO report shows that it is self explanatory. We have a huge investment obviously in version 4 and the way to move forward is the administration, at least from the Federal Government's standpoint and our investment is we are going to take a market-based approach and view how the market and the products conduct to go forward. We are taken that first step by indicating that we want our network backbones to be IPv6 enabled by 2008. We feel that is a significant step for where we already are. When I say we are behind the eight ball, it is relative depending on what services, what activity, whether you are looking at it from the consumer or the Federal Government standpoint of the investment. Chairman Tom Davis. Mr. Powner, to the extent that you are able, can you kind of describe the projects you are undertaking in IPv6? Mr. Powner. The projects GAO is currently undertaking? Chairman Tom Davis. I am sorry, I meant to ask this of Mr. Wauer. Mr. Wauer. Those are spread out over the whole Department of Defense. We are looking at all of the new procurements going on such as TSAT, the gig bandwidth expansion and several of the other procurements that are going on, JTERS. All of those are going to be IPv6 enabled. Chairman Tom Davis. Are you in any position at this point to talk about how long it would take to complete the transition and what the cost would be? Mr. Wauer. No, I am not. Chairman Tom Davis. Ball park? Mr. Wauer. Anything I would give you would be strictly off the top of my head. The actual implementation plans from each of the services and components are being generated. They have gone through a first cut and until we see those and are able to aggregate those, it would be very difficult to put a specific timeframe on that. Chairman Tom Davis. Mr. Powner, how do we measure the success of the transition? Could GAO benchmark the United States versus other nations? Would that be an appropriate benchmark? Mr. Powner. One of the things that we are currently in the process of doing for you is looking at some of the early adopters of IPv6. In fact, we will touch on some of that with where some of the other countries are. Initially, some of the data out there is a bit misleading. Clearly from a leadership perspective, I agree with some of your comments earlier and where your questions were going that we are behind the eight ball from a leadership perspective clearly. From an actual transition perspective, it is a little unclear where some of the other countries are. There are councils in place and tax incentives being thrown out there for corporations and agencies. Chairman Tom Davis. How much has been spent by other countries roughly on the transition at this point? Mr. Powner. No ballpark. Chairman Tom Davis. Significantly more though than we have spent, is that fair to say? Mr. Powner. Likely, yes. That is a huge unknown here in the States, how much we spend, especially from the Federal perspective. Chairman Tom Davis. You may actually have the incentive because they are the ones that need the addresses and everything else. Mr. Powner. Absolutely and we don't have the pressing need because we control more than 70 percent of those 4 billion addresses to date. Chairman Tom Davis. If the world stayed at IPv4 at this point, we would not be disadvantaged competitively, it would be the other countries and that is where the impetus is? Mr. Powner. Correct, but I think if you look from a mission perspective and why DOD has this very detailed effort in place to transition from a mission perspective, we would like to stay on the cutting edge. There are implications for homeland security applications where we could really benefit from what the new protocol could provide. Chairman Tom Davis. Would you say this is not comparable to Y2K because we are not dealing with a time certain at this point? This continues to be a work in progress as it emerges. As Ms. Evans said, market-based and we will see how quickly it gets up to snuff? Mr. Powner. It is clear we don't have a firm deadline like Y2K but I think it is nice we have a target the administration is now throwing out for 2008. Clearly it is similar to Y2K in the sense that it affects a lot of equipment that is out there. Our phones, our PCs, operating systems, network routers, it is widespread in terms of what will need to eventually be swapped out. Chairman Tom Davis. Reading the papers today with constant reports of intrusions and security breaches, it appears the Internet is relatively insecure. With full implementation of IPv6, do you think it would provide greater security potentially? Mr. Powner. Clearly with the new protocol, there is a feature in it that allows for more robust authentication and confidentiality of the day. In the long term, it is believed that protocol will allow for greater security. The issue where it is insecure as Mr. Rhodes demonstrated is there is a lack of awareness that agencies currently have, IPv6 in their networks today? If they knew that occurred, they could effectively mitigate those risks. Chairman Tom Davis. Let me ask the entire panel, should the U.S. Government obtain its own block of IPv6 address space now? Mr. Rhodes. I don't think it is actually necessary for the United States to do that when you are talking about a huge volume of addresses. Locking in your own set is not the same as it was with IPv4. That is one of the great benefits of IPv6 that there is plenty for everyone. If you lock in your own, that is fine because then you have contiguous sets of IP addresses that you can work but it is not the same struggle that we had with the current set of addresses that you need to worry about in IPv6. General Moran. The Department of Defense is in the process of pulling together an area of how many we think we will need and we are processing forward to establish that and get it allocated to us. Chairman Tom Davis. Do you think the transition to IPv6 is an economic imperative and do you think the Federal Government is losing its lead in technology by not moving more quickly? Mr. Powner, do you have any thoughts on that? Mr. Powner. Clearly, I think we are in a far better position if we lead than lag. Being in a position where we can take advantage of some of the applications that IPv6 could provide would put us on sound footing, especially when you look at some of the capabilities we need to secure, the Department of Homeland Security. Mr. Rhodes. Mr. Chairman, as a scientist and as an engineer, I can only say if we allow other people to adapt before us, they will be the ones who build the killer applications and we won't because they will be able to work with it everyday. The Chinese already have an IPv6 router that they are just waiting for market share on. They have an IPv6 dedicated and enabled network. If you look at the implementations in Japan and look at the equipment being built in Japan, they are the ones working with it on a regular basis in day-to-day operations. We would like to have a voice over IP; they are already working on it because they get the quality of service benefit from IPv6. Somebody is going to be ahead of us if they are working with it every day. If we relegate it to being networks sitting inside universities, that is fine but that is research. As Ms. Evans points out, that is not the market driving it. General Moran. From the Department of Defense perspective, it is an operational imperative that we move to IPv6 because if you look at the future warfighting concepts, whether they be land, air or sea, we must have an IPv6 environment in order to move the information we are going to require to be successful in the environment. Therefore, the DOD I think has moved out so aggressively. Chairman Tom Davis. Do you think IPv6 quality of service standards meet the needs of DOD and will IPv6 give DOD less quality of service than we have currently? General Moran. I am not a technologist but I do believe in order to get the quality of service capabilities that we require across our global information grid which is going to be our part of the network, we are going to need to have the IPv6 quality of service implementation. We are involved through the department level to ensure that the definitions of those standards meet our requirements. Chairman Tom Davis. But basically what you have is Asia and Europe moving ahead on their own. Whatever we do, we will have to adjust to these standards. Either we will be left behind or the more proactive we are, we will be able to continue a leadership role. General Moran. It is my personal belief that we need to be in a leadership role so that we get the standards developed in a way that from the Department's perspective, we get the capabilities we require. Chairman Tom Davis. I appreciate the leadership role DOD is taking. Mr. Gutknecht, any questions? This is new stuff for a lot of members. A lot of us are still trying to figure out how to plug in the computers but it is critically important for us, not just for operation of government but for global competitiveness. From the GAO perspective, I appreciate your report. This was very, very helpful to others in kind of laying this out. This is the first congressional hearing on this but it is something we will continue to try to ride herd on here. Hopefully the interest will spread to other committees as we understand the national security implications, the global competitiveness, economic ramifications of this and this is a big bite for you, Ms. Evans, as well. I hope you are getting cooperation within the Government as you continue to take your leadership role on this. If there aren't other questions for this panel. General Moran. I really want to make one statement about one item you just mentioned and that was the question about Y2K. I do believe the reason the Department has been so successful is that our leadership is using the Y2K model to manage this. That is what has forced the leadership to deal with the realities of this change that is required. Even though we don't have a day and time that we have to be on IPv6, the management strategy the Department is using is exactly what we used in Y2K. I would argue that is why we were so successful. Mr. Wauer. If I can inject one other thing, one of the things the Department has found is this is a highly complex process. It is spread out over a myriad of different applications. It is not a trivial thing, both from a technical and management standpoint. We actually stood up a transition office. This is not a part-time job for a group of people. This is going to require some dedicated staffing and some real emphasis being placed on it to get this thing done right. Chairman Tom Davis. Is there dedicated funding for this at this point or are we kind of taking a little here and there? Mr. Wauer. The first 2 years, there was some dedicated funding for the transition office itself. We are now in the roll. It is spread across because the way we manage true programs, it is spread out across the programs. Chairman Tom Davis. Explain to me what happens if we sit back and do nothing. If we were to sit back at this point and take a very relaxed point of view and let everyone else move ahead, what are the ramifications of that? Ms. Evans. Ms. Evans. I would like to venture an answer that we could. As a Nation, we could sit back because we do own over 70 percent of the address in space. We could invest and make that address in space continuously work for us and gain greater efficiencies but I think as pointed out by several others here, if you want to drive innovation, you have to create an environment where people can think about what if. You saw that as we were going through the big dot com boom. Everybody was in the what if, the Internet presented so many different opportunities. This isn't a concept, a technical concept that sometimes is a little hard to grasp but it provides the opportunity to provide an environment out there that you can ask that question again, what if. What if I want to do this for Homeland Security, what if I want to do this for the Department of Defense so that I can expand? Industry, I believe, would respond because of the way that innovation has always been here within the United States. So we could sit back and continue to invest in the current technology that we have and make it more efficient or we can invest in the possibilities of the future. The administration acknowledges that with proper planning and proper resources, IPv6 would allow the country to be able to move forward to deal with all those issues. Chairman Tom Davis. Mr. Rhodes. Mr. Rhodes. Just wanted to give you one practical homeland security application. We are very concerned about chemical, biological, radiological and nuclear unconventional devices. One of the solutions to that is to place sensors. Each one of those sensors is going to be on a network, each one of those sensors is going to require an IP address, they are going to have to send their information back somehow. If you want to really have ground truth either from the standpoint of the soldiers, sailors, airmen and Marines or the first responders, you are going to have to have this. Yes, we could sit back but you just don't have enough Internet available to you at this moment in its own configuration. Chairman Tom Davis. Thank you very much. We will take a 2-minute break and call our next panel. [Recess.] Chairman Tom Davis. Thank you all for being here. You heard our first panel of witnesses and some of the questions. Hopefully we can get into some other questions as we move through this. We have on this panel: John Curran, chairman, American Registry for Internet Numbers; Jawad Khaki, corporate vice president, Microsoft Corp.; Stan Barber, vice president, Verio, Inc.; and Alex Lightman, chief executive officer, Charmed Technologies, Inc. [Witnesses sworn.] Chairman Tom Davis. Mr. Curran, we will start with you and move down the line. Try to keep it to 5 minutes but if you need time, it looks like we have a small group of members, so we will have some time if you need a couple extra minutes to make your point. STATEMENTS OF JOHN CURRAN, CHAIRMAN, AMERICAN REGISTRY FOR INTERNET NUMBERS; JAWAD KHAKI, CORPORATE VICE PRESIDENT, MICROSOFT CORP.; STAN BARBER, VICE PRESIDENT, VERIO, INC.; AND ALEX LIGHTMAN, CHIEF EXECUTIVE OFFICER, CHARMED TECHNOLOGIES, INC. STATEMENT OF JOHN CURRAN Mr. Curran. Good afternoon. My comments are formally a part of the record, so I am not going to read them but I will summarize them for the sake of brevity. I am John Curran. I was one of the founders of the American Registry of Internet Numbers. I have been the chairman since its inception in 1998. I would like to say I welcome the chance to come here and talk about U.S. leadership and the IPv6 arena. I think it is a very important topic. I want to say for background not everyone is aware of how IP addresses are allocated. ARIN is one of the five regional Internet registries that handle address management. We handle it for North America which includes Canada, the United States, much of the Caribbean. Our counterparts are AfriNIC, APNIC, LACNIC and RIPE NCC which handles Europe. Combined, these registries form a bottoms up policy formation process that all Internet service providers worldwide participate in. This is a very important concept to keep in mind as we talk about Internet numbers and how they are allocated and the transition to IPv6. I have background in industry as well which is relevant to this. I have been involved in three Internet companies as chief technology officer including BBN which was the builders of the IBERnet, the original IP network; XO Communications out in Virginia; and most recently a company called ServerVault. My involvement in the Internet actually goes back quite some time. I was involved in the Internet Engineering Task Force back when it was time to form the IP Next Generation Directorate, the group that took on the problem of the IP address depletion issue. I would like to review what happened at that time because it is very important to this proceeding to give context as to why we are talking about IPv6 now. Back in 1993, the emerging research network and commercial Internet was very successful. We had the regional networks growing by leaps and bounds, we had the very start of the commercial Internet providers. A group of people got together and figured out that we were going to have an address depletion problem. Back at that time, that problem looked like it could occur as soon as 2005, potentially as late as 2010. As a result, the IETF formed a group called the IP Next Generation Directorate which was challenged with forming the requirements for the next generation Internet protocol. The result of that group and the follow on efforts in the IETF was the IPv6 protocol. That protocol as we all know has a much larger address space and has numerous technical enhancements. This is all covered very well in the GAO report and I won't go through it. It was envisioned that larger address space was needed because we were going to run out of address spaces again very early in 2000. Luckily, there were some changes in address allocation policy at the same time. These changes resulted in the usage of IPv4 address space being reduced substantially, the rate at which we were using them, and as a result, we have no problem today. IPv4 address space is being used but there is plenty available for organizations worldwide to connect. The reality is that we do forecast this a bit. The forecasts show 2018 being one of the earliest forecasts but it is a moving target. You can have a few years of increased usage that will cause that forecast to come in. The important point here is that whether we are looking at a number of 201, 2015, there is ample time for organizations to transition to IPv6. There is not a crisis, per se. This is important to remember because the transition to IPv6 is a very challenging item. We had the prior panel discuss the planning, the business case and the security issues associated with that. I would like to highlight the fact that we have been allocating IPv6 addresses to organizations since 1999. The Internet community is standing by ready to transition. We have the protocol done, we have the address allocation authorities done, there are test networks for IPv6. So we are ready to go. That is not a challenge. The challenge is that you need to have a transition plan and you need to have business cases. These are very complicated for industry to form. One of the things that led in the United States to a lot more analysis of transition issues was the Department of Defense's adoption of a Statement of Migration to IPv6. That caused not only within the Department of Defense community but in the contractor community and in the vendor community, a focus on all of the issues necessary to enable this. The reality is that is what we need, more industry involvement. This industry involvement can be achieved by involving more Federal agencies in the planning process. Per se, industry will help facilitate the transition to IPv6, but we don't need anything other than the impetus provided by more Federal planning. As some of the largest users of IT technology, it is appropriate that Federal agencies are the ones that start the planning process as early as possible because they have large issues that are associated with their scale. I just want to say that ARIN supports the increased involvement of more Federal agencies in this planning process. The Internet community is ready to transition to version 6. There is time to get the job done and we look forward to this committee's and the GAO's involvement in encouraging more Federal agencies to move in this direction. That concludes my comments. Thank you and I look forward to questions. [The prepared statement of Mr. Curran follows:] [GRAPHIC] [TIFF OMITTED] T2510.041 [GRAPHIC] [TIFF OMITTED] T2510.042 [GRAPHIC] [TIFF OMITTED] T2510.043 [GRAPHIC] [TIFF OMITTED] T2510.044 [GRAPHIC] [TIFF OMITTED] T2510.045 [GRAPHIC] [TIFF OMITTED] T2510.046 Chairman Tom Davis. Thank you very much. Mr. Khaki, thank you very much for being with us. STATEMENT OF JAWAD KHAKI Mr. Khaki. My name is Jawad Khaki. I am the corporate vice president for Windows Networking and Device Technologies where I have worked for 16 years. I consider it a great honor to be with the committee today. Beginning in July, I will serve on the Federal Communications Commission's Technical Advisory Council which was designed to provide the FCC with technical advice on emerging technologies. In both this hearing today and as part of the FCC Council, my goal is to help America maintain its tradition of technological excellence and role as the global leader in information technology. The success of the Internet today is due in large part to the efforts of the U.S. Government providing initial financial incentives including supporting academic research and Microsoft and other key industry partners providing Internet capable devices and applications. Broadband Internet access is now commonly available worldwide and combined with the latest IP devices and services such as mobile telephones, multi-player games, voice-over Internet protocol, video conferencing, IP-based TVs are placing increasing requirements on the Internet's infrastructure. IPv6 brings relief to this strained infrastructure. International IPv6 efforts continue to pick up momentum, as you noted most notably in Asia, specifically in Japan and China. In September 2000, the Japanese Prime Minister, Mori Yoshiro made IPv6 a Japanese national priority akin to the U.S. Government's approach to the Internet 30 years ago. We anticipate that Japan will roll out robust, commercial IPv6 networks capable of supporting tens of millions of broadband subscribers over the next few years. Chinese and Japanese efforts are designed not only to deploy IPv6 Internet technologies but also to promote domestic industry. Domestic companies in China receive substantial government funding for their efforts. We also see similar efforts in India, Europe and other parts of the world. IPv6 adoption has proceeded slowly in the United States but is likely to accelerate as IPv6 network solutions and applications become more available, robust and affordable. The conversion from IPv4 to IPv6 is a large task that will affect network architectures, applications, systems and operational procedures but we believe the benefits would outweigh the costs. It appears private industry efforts are working well at this stage of IPv6 planning and deployment. Companies continue to support IPv4, increasing providing IPv6 compatibility and many are preparing for an eventual transition to an IPv6 network. It is difficult to codify an exact cost amount of either an organizational or national level IPv6 transition since the costs will depend heavily on the way entities deploy IPv6. Transition technologies provided as an inherent part of the IPv6 protocol support are in the short term the most cost effective, fastest and least disruptive way to introduce IPv6 connectivity into an existing IPv4 environment. In the long term a full native IPv6 deployment can be achieved gradually by adding IPv6 into the network through a regular technology refreshed cycle. Microsoft understands the importance of IPv6. Our research and development teams participate in the IETF IPv6 Open Standard Activities and the next version of the Windows operating system, code-named Longhorn, will be fully IPv6 capable. While we are working toward developing a comprehensive set of IPv6 capable applications and services, we remain acutely aware that any IPv6 deployment should be a phased transition that results in minimal infrastructure upheaval. Ultimately, Microsoft believes that marketplace dynamics with the Government being an engaged customer, will gradually lead to widespread use of IPv6 in the United States and around the world. As we look at the Government's role, we would not recommend mandates or regulations to artificially force IPv6 deployment but rather, active political support and efforts to strengthen the domestic economy and stimulate commercial innovation. On the academic front, U.S. Government funding of research grants and programs that provide a guiding light on evolution of the Internet should be continued. As Bill Gates stated at the Library of Congress in May, ``Our universities and laboratories must be invigorated with first class research programs and thinkers to continue to blaze the technology trail.'' We suggest that international efforts to stimulate adoption of IPv6 be evaluated and that the U.S. Government learn from and if appropriate, adopt some of these emerging practices. Providing economic incentive programs typically show faster results than policy recommendations alone. U.S. Government procurement actions have a profound impact on commercial product strategy and delivery plans. Strong IPv6 support from the U.S. Government such as current efforts by DOD will only strengthen the perception that IPv6 is an important technology for American business and the public sector. In conclusion, Microsoft is excited about the IPv6 potential to enable pervasive collaborative computing. The U.S. Government has a great opportunity to foster an environment in which we have industry and academic IPv6 thought leadership. We are eager to work with you to achieve this environment. Thank you once again for the opportunity to speak before the committee. I look forward to answering your questions. [The prepared statement of Mr. Khaki follows:] [GRAPHIC] [TIFF OMITTED] T2510.047 [GRAPHIC] [TIFF OMITTED] T2510.048 [GRAPHIC] [TIFF OMITTED] T2510.049 [GRAPHIC] [TIFF OMITTED] T2510.050 [GRAPHIC] [TIFF OMITTED] T2510.051 [GRAPHIC] [TIFF OMITTED] T2510.052 [GRAPHIC] [TIFF OMITTED] T2510.053 [GRAPHIC] [TIFF OMITTED] T2510.054 [GRAPHIC] [TIFF OMITTED] T2510.055 [GRAPHIC] [TIFF OMITTED] T2510.056 [GRAPHIC] [TIFF OMITTED] T2510.057 [GRAPHIC] [TIFF OMITTED] T2510.058 [GRAPHIC] [TIFF OMITTED] T2510.059 [GRAPHIC] [TIFF OMITTED] T2510.060 [GRAPHIC] [TIFF OMITTED] T2510.061 [GRAPHIC] [TIFF OMITTED] T2510.062 Chairman Tom Davis. Thank you very much. Mr. Barber. STATEMENT OF STAN BARBER Mr. Barber. It is a distinct honor to speak to you today about the next generation Internet and the transition to Internet protocol version 6. My name is Stan Barber, the vice president of engineering operations at Verio, Inc. Verio is one of the world's leading Internet service providers and one of several so-called Tier 1 Internet backbone providers, the networks with sufficient reach, scale and traffic to afford their customers and customers of other interconnecting networks, including U.S. Government users, global connectivity. Verio is based in Englewood, CO, and is a subsidiary of NTT Communications Corp. and an affiliate of NTT America, Inc. The committee is to be congratulated for its focus on the next generation of Internet services. We all recognize that the Internet has become in a few short years a fundamental aspect of our economy and essential to the productivity of business and delivery of government services. To some, the term ``next generation'' suggests speculation about future technological developments, and wide expanses of time and opportunities to identify and address issues. However, we live on Internet time, and, ``next generation'' in that context means ``now.'' Indeed, the next generation of the Internet, IPv6, was defined as an open source, non-proprietary protocol in the 1990's and has already found its place extensively in major computer operating systems such as Windows XP and Linux and in many public and private networks around the world. I believe that my company, Verio, is the world's most experienced commercial IPv6 service provider and operates the most extensive commercial IPv6 network. Most networks today still operate in the older IP version 4 protocol, but the transition to the later technology is essential and inevitable because of the inherent advantages built into IPv6. IPv4 does not today provide for sufficient addresses to accommodate efficiently connectivity to all potential users worldwide. IPv6, on the other hand, increases the number of directly addressable nodes exponentially. While security for IPv4 is provided where practical as a ``patch,'' using overlay systems, IPv6 builds in high level security protections, such as secure remote node authentication and encryption, directly into the network layer, assuring more reliable and ubiquitous protection. IPv6 generally increases flexibility and functionality with additional benefits, such as more efficient routing of traffic and more effective usage with wireless devices. The result is lower costs and improved services, like end-to-end communications and communications with devices other than PCS, something we call m2m-x communications. That is why Internet equipment manufacturers and the leading software providers, service providers and private network operators have started to transition from v4 to v6, and those that have not as yet, will inevitably find that flexibility, efficiency and security requires the conversion. Other countries are ahead of the United States in this transition. This does not reflect any genuine technological advantage over the United States. Indeed, it may be said that the United States continues to lead the rest of the world in Internet and related technology. Other countries have advanced to IPv6 primarily because of an initial lag in Internet development. Consequently, they have been more keenly focused on the need to address the shortage of Internet addresses and less extensive legacy networks in need of transition. For example, the European Commission created a task force to design a plan of action for development, testing and deployment of IPv6 in 2001. The task force is coordinating efforts in individual member counties and regions and seeking cooperation with other countries. The Chinese government has established an IPv6 network linking major universities. The government is also funding a plan to develop a more extensive IPv6 infrastructure. Taiwan is also developing a national information infrastructure built on IPv6. India has established the IPv6 Forum to coordinate development and implementation of IPv6. In Japan, the home of our parent company, the government's e-Japan Strategy has been promoting the transition to IPv6 Internet. In addition, an e-Government Creation Plan facilitates the procurement of IPv6-capable devices. In the commercial sector, the IPv6 Promotion Council helps address issues related to the transition. I have described these initiatives in other countries not to advocate any U.S. Government mandate or funding of transition to IPv6 in the private sector, but to note the clear recognition by policymakers abroad of the potential of IPv6. This committee is showing its characteristic leadership in bringing to the attention of the public the need for an effective transition from legacy Internet technologies in government and more generally. The report of the Government Accountability Office requested by this committee demonstrates a deep understanding of the issues raised by this technological transition. The GAO offers solid recommendations to save government money and to protect against security threats. In addition to GAO's comments, it is also useful to recognize that the transition to IPv6 need not be disruptive or costly. Verio and NTF Communications employ the so-called ``dual stack'' transition strategy globally in which we run simultaneous IPv4 and IPv6 systems. Use of the IPv6 system is selected where a peer has that capability; the legacy protocol is employed where the peer cannot be reached in IPv6. Thus, the transition is transparent to users and existing software and equipment. Software and equipment that does not accommodate IPv6 can be updated in conjunction with normal upgrades or as specially designated by management. The key point is that, as recognized by the GAO report, government and private sector management should at least be surveying their essential IT operations to accommodate the inevitable transition. In this regard, the GAO and this committee are also to be congratulated for highlighting an extremely important issue of security related to on-going employment of legacy IPv4 networks in the transition to IPv6. As I have indicated, some operating systems, including such ubiquitous systems as Windows XP, Apple's OS X, Linux and Unix- based systems, already accommodate IPv6, although they are used primarily in this country in conjunction with the legacy network protocol. Similarly, many software applications today accommodate IPv6. Not all IT managers are aware of the potential of a grave security threat to their systems by allowing unauthorized parties access to software using ``ghost'' IPv6 addresses unrecognized by their systems because they are buried within IPv4 addressed packets. Or, if they are aware of the threat, they do not have the budgets and other resources to address the problem. Even as government agencies and the private sector transition, as they must, from the legacy platform to IPv6, they must be vigilant in adapting firewalls and other equipment and software to prevent unauthorized parties from using IPv6 capabilities accessed covertly over existing IPv4 networks. Mr. Chairman, I thank you again for the opportunity to address this committee about these critical issues of technological development and implementation, and for your leadership in identifying and making the public aware of these important matters. Verio stands ready to continue to assist the committee further in any way we can. [The prepared statement of Mr. Barber follows:] [GRAPHIC] [TIFF OMITTED] T2510.063 [GRAPHIC] [TIFF OMITTED] T2510.064 [GRAPHIC] [TIFF OMITTED] T2510.065 [GRAPHIC] [TIFF OMITTED] T2510.066 [GRAPHIC] [TIFF OMITTED] T2510.067 Chairman Tom Davis. Thank you very much. Mr. Lightman. STATEMENT OF ALEX LIGHTMAN Mr. Lightman. Thank you for allowing me to share my observations on the possibilities, opportunities and challenges presented to the U.S. Federal Government by the looming and inevitable transition to Internet protocol version 6. As the name of this hearing, ``To Lead or Follow,'' implies, this is an urgent time for Internet leadership. The Federal Government invested the first $50 million in the first Internet, and as a result, the United States led the world in that technology. The United States has 50 percent of the Internet service business, and the Internet has impacted thousands of industries, creating an estimated $500 billion a year in extra Federal revenues, and adding over $1 trillion in wealth via companies like Google, Yahoo!, Amazon, eBay, and hundreds of other public companies. Similarly, the new Internet has the potential to create 10 million new American jobs and trillions of dollars in revenue for the United States, but leadership is slipping away to other countries, and it will soon be difficult, if not impossible, to recover. One company, Japan's NTT, has more IPv6 customers than all American companies combined. In fact, over 99 percent of IPv6 traffic is occurring outside of the United States. In the first Internet, we had 99 percent of all Internet traffic in the early stages. To answer your question from earlier, we are way, way, way behind the eight ball. Japan, China, Korea, and Europe have invested over $800 million in the new Internet compared to about $8 million for the U.S. Federal Government, and are now changing the new Internet to reflect their political priorities, which are very, very different from America's political priorities, and even American laws. I got a 300 page document from a friend of mine in Spain where they are basically trying to make IPv6 anonymous so that you can't see who is using it and doing what. In China, they have 70,000 people, 50,000 now and 20,000 about to be hired whose whole job is to scour the Internet finding people doing things they don't like and then grabbing them. These are two opposite extremes from the way America would like to do it. We would like to have peaceful, non-terrorist uses of the Internet be private but we want to be able to reach out and protect the country when we have to. With Federal leadership in the new Internet, the U.S. Federal Government will create a service export boom, with millions of innovative new jobs, increased competitiveness for hundreds of industries, and thousands of new startups, potentially creating a booming economy. American leadership in the new Internet will also add thousands of new products vital to our military and homeland defense, better security, and underpin sustainable technological leadership for the United States. The promise of the products and services enabled by the new Internet is huge, an affordable way to show high quality television over the Internet, a possible way to deal with spam and attacks on networks, and hundreds of applications to make American lives easier and safer. Over $9 trillion of America's nearly $13 trillion economy relates to services, subscriptions, and transactions, and we kind of take it for granted people can't come in and grab those away from us. IPv6 will help keep the trust and keep hundreds of millions of customers loyal to American companies. If we don't show leadership in the new Internet, we get a loss of millions of jobs and market shares across thousands of companies. This is my big concern. A loss of public trust and reputations in transactions over U.S. networks using the existing, highly vulnerable IPv4 protocol, coupled with an increase in trust of IPv6 networks in Japan, Korea, China, and the 25 nations of the European Union, could have a devastating impact on America's service economy. Internet Service Providers, telecommunications giants, banks, brokers and even our defense contractors will lose business. Where the U.S. Government showed leadership, as we did with the post office, the interstate highway system, airplanes, lasers, radar, computer chips, and satellites, none of which would have happened if we had left it to the market, we are world leaders even decades later. Where our Government did not show leadership, where there wasn't a Congressman Davis to hold hearings and get involved with it, including color televisions, big screens and high definition television, digital cameras, and DVDs, America plays almost no role in these and related areas, except as a consumer and our trade deficits reflect that, almost $700 billion this year, importers of food, importers of goods. God help us if we become importers of services, subscriptions and transactions. We are a follower, not a leader, in these fields. If we do not show leadership in the new Internet, this same thing will happen to us, but on a much broader basis, it will be in everything the new Internet touches, which is almost everything. Mr. Chairman, the opportunity exists for the American Government to show leadership in the new Internet, to make a real difference for our national security and our industries and workers. By supporting the transition of the Government agencies to the new Internet standard, as the Defense Department has already started to do, we will not only support a more efficient and effective government, that is, help facilitate fundamental government reform, but will send a signal to the world that America is still a technology leader in the 21st century. And for anything as important as a new Internet standard, it will not be left behind, but will march in front, and our Coalition Partner governments will join with us and rally to our standards banner. I confirmed this at the Coalition Summit which you honored us by being the opening keynote speaker. Mr. Chairman, there are many specific actions that your committee could take to support the promotion of the new Internet in our Government, and to support the government reform that will be possible when all of government talks with the same technical language, so to speak, with this new standard. Here are three: one, mandate IPv6 for the entire Federal Government by 2010; two, choose a leader who has the authority, responsibility, and accountability as well as the creativity, passion, and integrity, to galvanize thousands of other leaders to get excited and committed to making the transition to IPv6 on schedule. I point to the case of the Coalition Summit where 30 different Coalition partners, people who fight and die beside us in Iraq, said who is your IPv6 leader. We have our person in Sweden, the same person who managed the transition for the government from IPv4. Japan has their leader who reports directly to the Prime Minister in monthly meetings about this. China has its leader, Korea has its leader. Everyone has a leader but us. Finally, enable this leader to create a Federal IPv6 Transition Office to serve as the central engine for the Federal IPv6 transition, overseeing a budget which I put this number out there 6 months ago and nobody has even taken a shot at it, of $10 billion, with the budget of FITO itself of about $50 million a year. This office will assist in managing the complexity of an Internet transition, something we did before, in the early eighties when the Internet was only one-millionth as large as it is today. It is worth pointing out there was a protocol before IPv4 called NCP. Ten years after TCIP was introduced, the Federal Government said, we are going to get rid of this less useful protocol and we shut it off for 1 day. People howled and we shut it off for 2 days. Then we shut it off entirely. Because of this hearing and what is set in motion, there will come a point at which we realize there is no sense having IPv4 and we will shut it off like we shut off NCP. Let us have America be the ones to determine when that shut off is rather than other countries that might stop routing our packets. If I had to summarize what the Federal Government should know about IPv6 it would be: the transition to IPv6 has costs and benefits. The benefits far outweigh the costs. Failure to transition to IPv6 for the whole economy by 2012 will cause a loss of Federal revenues that is roughly comparable to a tax cut, with these funds flowing to Europe and Asia rather than to American taxpayers. Thank you, Mr. Chairman and members of this committee, for your time and attention, and for the proud leadership role in technology and innovation for America that you represent. [The prepared statement of Mr. Lightman follows:] [GRAPHIC] [TIFF OMITTED] T2510.068 [GRAPHIC] [TIFF OMITTED] T2510.069 [GRAPHIC] [TIFF OMITTED] T2510.070 [GRAPHIC] [TIFF OMITTED] T2510.071 [GRAPHIC] [TIFF OMITTED] T2510.072 Chairman Tom Davis. Thank you very much. I want to thank all of you. Internet and related areas is one of the few areas where we are generating a trade surplus. From almost unanimous testimony, it appears if nothing else, the transition to IPv6 is going to give more innovation, that is where the innovation is coming from. What are they rolling out in Japan right now in products from using IPv6 that we don't see over here? Does anybody have an answer to that? Mr. Lightman. What they found is that first of all with building controls, they have loan way and other companies which they found they can save 29 percent of building operating costs, enough to pay for an entire building within 20 years by having each room have up to 250 controls all managed automatically by IPv6. They installed voice over IPv6 in college dorm rooms and were giving students free calls all over the country. They have had over 800 taxicabs in Goya, Japan using IPv6 to decide where taxis should go to more efficiently pick up people. So it is involved in services, it is in cars, it is in elevators, it is in trains and there are 370 companies doing projects on IPv6. All I am talking about is the academic projects of two universities. Chairman Tom Davis. Does anyone else want to add to that? Mr. Khaki. I would characterize the Japanese deployment to be in its early stages and the examples that Mr. Lightman gave are accurate. I think what is impressive is the investments they are making for the long term infrastructure for their country in partnership with telecommunications operators. As I commented earlier, they are building the next generation communications infrastructure. They will deliver security services for IT as well as content services for the home. It is a longer term investment that I think is more impressive than what we are seeing in terms of early adoptions. Almost every company in Japan that creates consumer electronics devices or network infrastructure has a strong IPv6 plan and those products may position Japanese industry in much more competitive position than they would have been with IPv4. Chairman Tom Davis. Mr. Barber. Mr. Barber. There are also a number of groups that are formed in Japan to foster the use of IPv6 in non-traditional devices as I mentioned in my testimony, non-PC communications. Those range not only from things like cell phones which already have Internet today in many parts of the United States, but to more atypical devices like you mentioned in your opening comments, refrigerators, security systems in the home. There was a discussion about taxicabs that was mentioned earlier but they are also using it to provide real time information in the car so when you are driving from point to point, you can pick up information on the current traffic patterns or perhaps weather in the area you are about to enter, things like that. The capabilities they are exploring in Japan are extensive and they are possible because of IPv6. Chairman Tom Davis. Mr. Lightman talked about the United States would be wise to mandate any transition by a certain date, 2010, and if we didn't do it by 2012, you talked about perhaps some fairly serious economic ramifications. How do the rest of you feel about that? Mr. Curran. Mr. Curran. I think it is important to have a transition plan for every Federal agency. This is something that is necessary, a transition is inevitable and the activity of going through and building the plan to do transition on an agency by agency basis is necessary. Just going through and having that plan as we have seen the activity that has followed the DOD commitment to a migration plan and a commitment to move to IPv6 will cause industry activity within the United States. I believe a specific date may not be required but the fact of having a plan which calls for transition and having that plan submitted by a date is a very wise idea. Chairman Tom Davis. Do you think we are behind the eight ball at this point or do you think we are OK? Mr. Curran. You have to recognize that my view on this is somewhat skewed because of my experience with the Internet over the last 15 years in the addressing field. I believe that it is not a question of whether or not we have to move quickly to catch up. Earlier you asked the members from Government whether or not it was important for the Government, for example, to go get its own block of IPv6 address space. That is not necessary. The address space will be there. IPv6 provides an ample address space so it will be there when agencies go to get it. I think the more important question is that it is important to raise the awareness of IPv6 within the United States, it is important to get all of the people involved in technology, manufacture, the vendors to produce IPv6 capable products and not just know it is a switch they have to turn on but someone is going to actually turn that switch and use it. The act of the DOD committing to version 6 caused to work out interoperability problems that would not have otherwise been found. The commitment of agencies to do the same will cause the U.S. industry to catch up on version 6. Chairman Tom Davis. Does everyone who requests a block of addresses receive it? Mr. Curran. The regional registries all have allocation policies that they follow for issuing those address blocks. These are set on a region by region basis. The challenge is if you meet the guidelines, you get your address space. There are applications in every region of the globe that don't meet that region's addressing policy and get turned down. Chairman Tom Davis. Is that a business case you have to make to get that address? Mr. Curran. It is simply showing that you have valid uses for the address space. One of the challenges we face as the stewards of the address space is ensuring that people indeed have equipment to use the addresses on. We don't want a hoarding situation. Chairman Tom Davis. That is the next question. If I'm a large consumer products manufacturer and I would put IPv4 in every product I make, say $20-40 million, can I get that block? Mr. Curran. That question actually came up a number of times 2 and 3 years ago. We were approached, for example, by the cellular industry. The cellular industry was directed that wide scale deployment of devices with embedded addresses should look in the direction of version 6. We are trying to make sure that the future is looking to version 6 particularly for these embedded applications. Chairman Tom Davis. Mr. Higgins. Mr. Higgins. Thank you, Mr. Chairman, for your leadership on this very important issue. The United States represents about 5 percent of the world's population and about 50 percent of its economic strength, and about 40 percent of its technological output. The U.S. leadership position is eroding as evidenced by the pervasive and growing trade deficit which is about $600 billion today, meaning that Americans who used to make things and sell them to the rest of the world are now a consumer nation. We consume about 6 percent more than we produce. This indicates there are economic troubles currently and on the horizon. It is a much different world than we dealt with ever before. Tom Friedman, the New York Times columnist and author just wrote a book called, ``The World is Flat'' and in it he argues that the old vertical model, the old economic model of knowing who is on top and knowing who is on the bottom is gone, the world is flat, it is horizontal. Knowing who is up, who is down and who is emerging is much more difficult. He argues that this is a consequence of the convergence of information technology which now makes the tools of innovation and collaboration available to all. Depending on the motivation that you bring to these tools, positive or negative outcomes are determined. The one interesting parallel he outlines in his book in the final chapter in particular is, he says in February 1999 two airlines were started. One was started by a bright American entrepreneur by the name of David Kneitelman of Salt Lake City, UT. He financed through American banks the purchase of a whole new fleet of jets. He outsourced the pilot training to a flight school throughout the United States and he outsourced the reservation system to retirees and housewives in Salt Lake City. When you call Jet Blue, which is his airline, and make your reservation, you are talking to someone who is in their living room in Salt Lake City. He built in Jet Blue one of the most successful and financially strong airlines in the entire world. The other airline was started in Afghanistan by Osama Bin Laden. He financed a purchase of jets through various financiers in the Middle East; he outsourced the pilot training to a flight school in Miami; and outsourced the training or planning to Ali Sheik Muhammed. Both airlines were designed to fly into New York City, Jet Blue into LaGuardia and JFK and of course Al Queda into lower Manhattan. The thesis of his book is a very urgent reminder of what Americans have to do in order to not only regain their economic superiority but to also stay competitive in the world so as to ensure that our national security is strong and secure as well. I don't know if you have read the book or read his column, I am curious as to what the panelists think about the thesis that Friedman outlines. Mr. Lightman. I read the book and I think he missed trust in a big way. Recently there was a story publicized all across England. I spent the last 2 weeks in England raising money for an IPv6 fund. People said, oh, the Indians let out the bank data; well, I am never going to outsource anything to them again. So with all the stories of all the people doing things, if people can't trust your networks, and all it takes is one release of critical data, then it can cause devastation. Millions of Indians will lose their jobs or will not gain them because of the loss of trust. As far as outsourcing, if China succeeds in putting in its own IP Sec and its own complete transparency and can track every person and everything they are doing, and you are a government that is a dictatorship, say you are one of the 100 countries in the world that doesn't have a democratically elected government, whose Internet are you going to buy? Are you going to buy it from China which has said look, we have proven we can take care of our dissidents or are you going to buy the American one which is designed that way? There are a thousand political decisions to be made and the problem for IPv6 that there has been no elected official, somebody who basically has the legitimacy as an elected official to do this. What makes the transitions in Korea and Japan so powerful is that the people in charge of them are elected officials and they are unique in the world. That is why these hearings are so important. Outsourcing will ground to a halt if people can't believe they will be treated as honestly in India or China or anywhere else as they would be treated at home. If we lose that trust, it is worth trillions of dollars a year in our GDP. I want to mention one other thing. We have been a Net high tech importer for the last 2 years according to Business Week, so we are not an exporter, we are an importer of high technology. This year we have become an importer of food. What is left is services, subscriptions, transactions and media. That is it. IPv6 touches all of them right at the very guts. Chairman Tom Davis. We talked about mandating a transition by a certain date. Mr. Curran, you answered. I didn't to Mr. Khaki and Mr. Barber. I would also ask should the United States fund those transition efforts like other nations have done? Mr. Khaki. Our viewpoint is that the natural market forces would be the right kind of forces to work out the transition issues. There has to be careful thinking of the business case and the scenario planning along with all the transitional issues. So we strongly believe that the market forces will eventually lead the transition of things. There is a role the Government has to play in terms of encouragement which I alluded to earlier in my testimony with regards to supporting the research and education sectors through procurement policies of the Government. I think those can be a good catalyst. So we believe the transition will take place left to the market forces. Chairman Tom Davis. Mr. Lightman has argued for elected officials in government to take a lead. Mr. Lightman. I explained it in an article I wrote recently which I will send you a copy, which says ``Twenty Myths and Truths about the IPv6 transition.'' I leave two points to let the market decide. The Department of Commerce went out and got requests for comment which said let the market handle it and they are so embarrassed about it that they won't release the report because the position is insupportable. I will give you three examples. One, there is one man who is the primary examiner in the U.S. Patent and Trademark Office who has 150,000 patent applications as of a month ago. It is probably 160,000 today where people and companies like Microsoft, like AT&T, like many people are trying to say, I have a patent, I want exclusive use on that so no one else can use it without my permission for 20 years. The reason the Internet works at all is because the Federal Government paid for it, didn't try to get a patent and gave it to the world. How well do we think it is going to work if we leave it to the market but leave it to 10,000 different patents, say you use this security protocol for this kind of packet, so therefore you are infringing on my patent. It is not going to work. Chairman Tom Davis. I didn't want to start an argument, but I hear you. Mr. Barber. I believe that the transition needs to have two components to it in the United States. The Government needs to transition its own operations to support its own mission. So if the Department of Defense believes they need IPv6 by such and such a date, they should absolutely do that by whatever date that is that meets their mission objectives. The fact there are many agencies that don't have their planning far enough along to even project dates is of concern. So it is my belief that they should all establish some very firm transition plans that include some sort of a date by which they will at least have their transition far enough along to have IPv6 operational in their networks. Notice I didn't talk about turn off IPv4, I only talked about turning on IPv6. When you turn off IPv4, I think is a different question and has a different set of characteristics associated with that and that will be driven by really attrition, in my opinion. When do you turn IPv4 off should be an attrition driven question, not one driven by some sort of deadline. From a market perspective, I agree there should also be market forces at work that encourage industry to deploy IPv6 as it is to their advantage. Certainly the Government will influence that by having each agency have a mission specific transition plan but I don't think we need to have some big date out there in the future where everyone has to be on version 6 everywhere in every office in the United States. Chairman Tom Davis. Mr. Khaki, how are you using IPv6 in your products and services? Mr. Khaki. We are a Windows operating system platform provider. It was very important for us to provide platforms that would enable software innovation for scenarios that are yet to be imagined. We have had a strong commitment in IPv6. We include IPv6 support in the Windows XP operating system. Our primary focus was to enable developers to develop new kinds of scenarios and those operating systems are being used worldwide today. For your information, we have a global IPv6 network that integrates all our development centers spread across the world. We are using the transition technologies that I mentioned earlier in achieving this connectivity. The biggest applications we see are the ones that require pervasive collaborative communications because today's limitations of added space prevent data being transmitted and created undue burden on the network. I would like to respond to a point made earlier on intellectual property. The 30 years of leadership the U.S. Government has shown in IPv4 was important to the academic work that was done. There is a similar role the Government has to play to make sure that academic research continues so that we have good prior art, that we remain competitive, that we do encourage industry to innovate. There are incentives, commercial incentives, tax incentives, government matched funding to enable these commercial forces to work. I think the biggest thing we will see is the Government procurement itself be a key driver. As I have been active in the IPv6 efforts since 2001 visiting Japan and China and other places, clearly the announcement by the Department of Defense in 2003 was a major event that actually made a lot of companies in the United States more aware and brought more urgency to the issue. Chairman Tom Davis. What fields do you think will most directly benefit from the exploitation of IPv6? Mr. Khaki. If I can give you an example, you can think of the IPv4 address limitation today in some ways similar to the memory limitations in the early days of the PC. In the early days of the PC, there was a 640K memory limit. A lot of developer creativity, a lot of IT creativity enabling new capability was being used to overcome the limitation that was there using things like LEM M, EMM and High MEM. The IPv4 address space limitation is similar to that limitation that was there. A lot of energy is being spent in drawing on new capability, IT departments and developers are working around limitations, so we are not really moving ahead, we are kind of making what we have work slowly. That would be a key benefit. Another important one is security. IP SEC is an important addition to the IPv6 protocol, it is better integrated. Those capabilities will help us build a much more secure communications infrastructure. Besides IP SEC there is also other lower layer technologies that are in IPv6 that help IPv6 networks to be more secure than IPv4. It is important that we look at that. Things like wireless networks, LANS were not really around when the original IPv4 was invented. So there are limitations on those protocols and IPv6 addresses that. Chairman Tom Davis. Let me ask this to each of you. Mr. Curran made his comment. Do you think there is no short term shortage of IP addresses in the United States? Mr. Lightman. As Mr. Curran admitted, they don't give them to you if they don't feel they like your business plan, so it is not a market based decision. For instance, if I wanted to have 50 million addresses, say I work for General Motors, I am consultant and I want to get a block of addresses, they can say, well, we don't really like the idea of IPv4 addresses in cars, so here is the basic point. If you don't give away the addresses, you never have a problem with them. In any case, you can always come back and blame the United States for hoarding them because the U.S. DOD has a very large block and we could give it back, then there would be no shortage. It is not a commercial thing, it is not a market based solution. On the one hand, people say, leave it to the market but on the other hand, the market is not working in the way addresses are allocated today. Chairman Tom Davis. Anyone else? Mr. Barber. I think for the future of the Internet application, for ubiquitous connectivity to everything, we will run into a limitation at some point. If we make the investment in trying to make this work for IPv4, we are investing in a lot of patchwork to get the same kind of innovation that we would have with IPv6 because of its native architectural features. I believe the innovation future as someone in the previous panel said from OMB, the innovation future is with IPv6, not with IPv4, regardless of the number of addresses available. Mr. Khaki. The way I feel about the current situation is we are making do with the limitations we have and in the process, we are slowing things down. The IPv6 address space will relieve concerns that are there and the way I think about this is restoring the hygiene, the end to end computing model on which the Internet was founded. Today the hygiene of the network is not there because you end up with these devices that prevent communications taking place end to end and a lot of breakage is an extra cost. Chairman Tom Davis. Do you think the United States has the necessary infrastructure, wireless and broadband, to exploit any of the key features of IPv6 on a national level today? Mr. Khaki. I believe we have a good infrastructure in this country and more is being done each day. I think the work the Government did with regards to unregulated wireless spectrum was excellent. It actually has helped us deploy new capabilities with YFI. I think those are great things. There is a lot of movement in the industry around wireless technologies. That is healthy. Broadband deployment is increasing by the day. So those are good things. I do believe that the existing version 4 Internet infrastructure is suitable also for migrating us to version 6. The way we think about this is to separate out the infrastructure migration and the application migration because oftentimes they can be thought of as a chicken and egg. Is it the chicken or the egg? By using appropriate transition technologies and using appropriate conversion tools, you can migrate either the infrastructure or the application. Chairman Tom Davis. Anyone else? Mr. Curran. I would like to respond to something said earlier. To the extent an organization doesn't get an IP address space, it is because the ISPs in that region have formed policies and those policies for that region simply state these are the valid purposes for assigning them. There is no question or judgment of business plan. If a business in the Far East got turned down for address space, it is because the ISPs that make up that region came up with allocation policies to balance availability and stewardship. So there isn't per se a shortage, we are simply enforcing the policies that the Internet providers worldwide have adopted. Chairman Tom Davis. But you would agree that there comes a time when you do end up with a shortage? Mr. Curran. Absolutely. In fact, as we go forward, it only makes sense to make sure the policies for allocation of address space get increasingly frugal to ensure that people know yes, you need to balance the business case between transition versus going forward on version 4. Chairman Tom Davis. I get it. Mr. Lightman. I would like to make one comment on infrastructure. The Soviet Union is still alive and well, living in American networks. There was a Russian invention which was made for people living in apartment buildings where they had one phone number for the apartment building and a phone on all ten of the floors where it would ring on every floor. The person living with that system made up something called NAT, Network Address Translation, so people say, you have Network Address Translation, good Russian technology and it enables you to take one IP address and have 100 different people use it or even go to 100 NATs and go on and on and on. So you can have a NAT behind a NAT. Basically if you buy into that flawed argument, you don't need any IP addresses but the refutation to that is the telephone that you have. You have a number and you can see what it is. That is end to end. It is not going to an operator. The whole invention of the switch was because the guy who had a funeral home thought he was missing calls from the operator who was switching his calls. Why are we stuck with this Soviet technology in America's networks instead of having end to end and having everyone be identified? I would love to know that everybody who went into the Internet was part of what Microsoft brilliantly calls a trusted bubble. I want for the U.S. Federal Government and all of its commercial providers of services to be inside the trusted bubble and leave the people who don't watch their hackers and want anonymity to be in the untrusted bubble. Chairman Tom Davis. Plus, the rest of the world is innovating off an IPv6 model. They are getting new products off that and we are still sitting here with the Russian telephone. Is that your point? Mr. Lightman. Yes. Also, it is important to say IPv6 is only about 20 percent finished. There are hundreds of what are called RFCs which still have to be decided on and the U.S. Government has made no more than five comments in the last decade of what it wants and doesn't want. We have checked out and gone brain dead about participating in those standards efforts. There was one in particular the gentleman before mentioned which is the sensor nets for doing nuclear hazardous materials. That is what they are discussing right now, how do you do ultra low power, ultra low bandwidth sensors because you don't want to put a lot of power into billions of sensors. There is no government participation. There is not even any government contractor. We have just abandoned this which leaves it other governments to go and monkey with it. Chairman Tom Davis. Thank you all very much. This has been a great hearing. I think other committees will be looking at this as well but we have the responsibility for intragovernment, within the Government itself as we move forward. This has been very, very helpful. Thank you very much and the hearing is adjourned. [Whereupon, at 12:40 p.m., the committee was adjourned.] [The prepared statements of Hon. Jon C. Porter and Elijah E. Cummings and additional information submitted for the hearing record follow:] [GRAPHIC] [TIFF OMITTED] T2510.076 [GRAPHIC] [TIFF OMITTED] T2510.073 [GRAPHIC] [TIFF OMITTED] T2510.074 [GRAPHIC] [TIFF OMITTED] T2510.075 [GRAPHIC] [TIFF OMITTED] T2510.077 [GRAPHIC] [TIFF OMITTED] T2510.078 <all>