b"<html>\n<title> - TO LEAD OR TO FOLLOW: THE NEXT GENERATION INTERNET AND THE TRANSITION TO IPv6</title>\n<body><pre>[House Hearing, 109 Congress]\n[From the U.S. Government Printing Office]\n\n\n\n\n\n TO LEAD OR TO FOLLOW: THE NEXT GENERATION INTERNET AND THE TRANSITION \n                                TO IPv6\n\n=======================================================================\n\n                                HEARING\n\n                               before the\n\n                              COMMITTEE ON\n                           GOVERNMENT REFORM\n\n                        HOUSE OF REPRESENTATIVES\n\n                       ONE HUNDRED NINTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                             JUNE 29, 2005\n\n                               __________\n\n                           Serial No. 109-41\n\n                               __________\n\n       Printed for the use of the Committee on Government Reform\n\n\n  Available via the World Wide Web: http://www.gpoaccess.gov/congress/\n                               index.html\n                      http://www.house.gov/reform\n\n\n                                 ______\n\n                    U.S. GOVERNMENT PRINTING OFFICE\n22-510                      WASHINGTON : 2005\n_____________________________________________________________________________\nFor Sale by the Superintendent of Documents, U.S. Government Printing Office\nInternet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512\xef\xbf\xbd091800  \nFax: (202) 512\xef\xbf\xbd092250 Mail: Stop SSOP, Washington, DC 20402\xef\xbf\xbd090001\n\n                     COMMITTEE ON GOVERNMENT REFORM\n\n                     TOM DAVIS, Virginia, Chairman\nCHRISTOPHER SHAYS, Connecticut       HENRY A. WAXMAN, California\nDAN BURTON, Indiana                  TOM LANTOS, California\nILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York\nJOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York\nJOHN L. MICA, Florida                PAUL E. KANJORSKI, Pennsylvania\nGIL GUTKNECHT, Minnesota             CAROLYN B. MALONEY, New York\nMARK E. SOUDER, Indiana              ELIJAH E. CUMMINGS, Maryland\nSTEVEN C. LaTOURETTE, Ohio           DENNIS J. KUCINICH, Ohio\nTODD RUSSELL PLATTS, Pennsylvania    DANNY K. DAVIS, Illinois\nCHRIS CANNON, Utah                   WM. LACY CLAY, Missouri\nJOHN J. DUNCAN, Jr., Tennessee       DIANE E. WATSON, California\nCANDICE S. MILLER, Michigan          STEPHEN F. LYNCH, Massachusetts\nMICHAEL R. TURNER, Ohio              CHRIS VAN HOLLEN, Maryland\nDARRELL E. ISSA, California          LINDA T. SANCHEZ, California\nGINNY BROWN-WAITE, Florida           C.A. DUTCH RUPPERSBERGER, Maryland\nJON C. PORTER, Nevada                BRIAN HIGGINS, New York\nKENNY MARCHANT, Texas                ELEANOR HOLMES NORTON, District of \nLYNN A. WESTMORELAND, Georgia            Columbia\nPATRICK T. McHENRY, North Carolina               ------\nCHARLES W. DENT, Pennsylvania        BERNARD SANDERS, Vermont \nVIRGINIA FOXX, North Carolina            (Independent)\n------ ------\n\n                    Melissa Wojciak, Staff Director\n       David Marin, Deputy Staff Director/Communications Director\n                      Rob Borden, Parliamentarian\n                       Teresa Austin, Chief Clerk\n          Phil Barnett, Minority Chief of Staff/Chief Counsel\n\n\n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\nHearing held on June 29, 2005....................................     1\nStatement of:\n    Curran, John, chairman, American Registry for Internet \n      Numbers; Jawad Khaki, corporate vice president, Microsoft \n      Corp.; Stan Barber, vice president, Verio, Inc.; and Alex \n      Lightman, chief executive officer, Charmed Technologies, \n      Inc........................................................    56\n        Barber, Stan.............................................    83\n        Curran, John.............................................    56\n        Khaki, Jawad.............................................    65\n        Lightman, Alex...........................................    91\n    Evans, Karen, Administrator, Electronic Government and \n      Information Technology, Office of Management and Budget; \n      David Powner, Director, Information Technology Management \n      Issues, Government Accountability Office; Keith Rhodes, \n      Chief Technologist and Director, Center for Technology and \n      Engineering, Government Accountability Office; George \n      Wauer, Director, Architecture and Interoperability, Office \n      of the Assistant Secretary of Defense for Networks and \n      Information Integration and Office of the Chief Information \n      Officer, U.S. Department of Defense, accompanied by Major \n      General Dennis Moran, Vice Director, Command, Control, \n      Communications and Computer Systems, Joint Chiefs of Staff, \n      U.S. Department of Defense.................................    11\n        Evans, Karen,............................................    11\n        Powner, David............................................    18\n        Rhodes, Keith............................................    45\n        Wauer, George............................................    45\nLetters, statements, etc., submitted for the record by:\n    Barber, Stan, vice president, Verio, Inc., prepared statement \n      of.........................................................    86\n    Cummings, Hon. Elijah E., a Representative in Congress from \n      the State of Maryland, prepared statement of...............   109\n    Curran, John, chairman, American Registry for Internet \n      Numbers, prepared statement of.............................    59\n    Davis, Chairman Tom, a Representative in Congress from the \n      State of Virginia, prepared statement of...................     4\n    Evans, Karen, Administrator, Electronic Government and \n      Information Technology, Office of Management and Budget, \n      prepared statement of......................................    14\n    Khaki, Jawad, corporate vice president, Microsoft Corp., \n      prepared statement of......................................    67\n    Lightman, Alex, chief executive officer, Charmed \n      Technologies, Inc., prepared statement of..................    94\n    Porter, Hon. Jon C., a Representative in Congress from the \n      State of Nevada, prepared statement of.....................   108\n    Powner, David, Director, Information Technology Management \n      Issues, Government Accountability Office, prepared \n      statement of...............................................    19\n    Wauer, George, Director, Architecture and Interoperability, \n      Office of the Assistant Secretary of Defense for Networks \n      and Information Integration and Office of the Chief \n      Information Officer, U.S. Department of Defense, prepared \n      statement of...............................................    47\n    Waxman, Hon. Henry A., a Representative in Congress from the \n      State of California, prepared statement of.................     8\n\n \n TO LEAD OR TO FOLLOW: THE NEXT GENERATION INTERNET AND THE TRANSITION \n                                TO IPv6\n\n                              ----------                              \n\n\n                       WEDNESDAY, JUNE 29, 2005,\n\n                          House of Representatives,\n                            Committee on Government Reform,\n                                                    Washington, DC.\n    The committee met, pursuant to notice, at 2:15 p.m., in \nroom 2154, Rayburn House Office Building, Hon. Tom Davis \n(chairman of the committee) presiding.\n    Present: Representatives Davis of Virginia, Gutknecht, \nDent, Waxman, Cummings, Kucinich, Higgins and Norton.\n    Staff present: Melissa Wojciak, staff director; David \nMarin, deputy staff director/communications director; Chas \nPhillips, policy counsel; Rob White, press secretary; Drew \nCrockett, deputy director of communications; Victoria Proctor, \nsenior professional staff member; Teresa Austin, chief clerk; \nSarah D'Orsie, deputy clerk; Leneal Scott, computer systems \nmanager; Kristin Amerling, minority general counsel; Nancy \nScola, minority professional staff member; and Earley Green, \nminority chief clerk.\n    Chairman Tom Davis. The committee will come to order.\n    I apologize for starting late, we were supposed to have a \nvote on the floor. I was over there so I could leave at the \nbeginning of the vote and they ended up with just a voice vote.\n    Welcome to today's hearing on the Next Generation Internet \nand the transition to Internet protocol version 6 [IPv6].\n    Nearly 30 years ago in a Department of Defense lab, the \nInternet was born. Originally designed to facilitate \ncommunications after a nuclear strike, as the protocols were \ntested, refined and implemented, people began to recognize the \npossibilities for far broader applications. Today, these \nprotocols underpin the Internet.\n    American ingenuity developed, fostered, and fielded these \nsimple open protocols to solve a narrow set of problems, but \nthis seemingly small network solution has sparked a global \nrevolution in communications. Over the past decade, cyberspace \nhas grown into a dynamic nervous system that controls our \nNation's critical cyber and physical infrastructures.\n    Within an hour's drive of Fairfax County, there are about \none quarter of all Internet Service Providers on the entire \nplanet. About a quarter of all the Internet packets in the \nworld are going through a hub in northern Virginia. If you \ndrive down the Dulles Access Road, you can see the physical \nimpact of the Internet on Virginia, but the current Internet, \nand the protocols and networks that underpin it, may have \nreached its limits.\n    Internet protocol version 6 [IPv6], offers benefits for \nexpanded addressing, greater security, and new products, \nservices, and missions for Next Generation Internet \napplications. However, it presents several challenges \nincluding: one, understanding the international implications; \ntwo, preparing the Federal Government; and three, ensuring a \nsecure transition.\n    Not surprisingly, interest in IPv6 is gaining momentum \naround the world, particularly areas that have limited IPv4 \naddress space to meet their industry and consumer \ncommunications needs. Regions that have limited IPv4 address \nspace such as Asia and Europe have undertaken aggressive \nefforts to deploy IPv6. Asian countries have been aggressive in \nadopting IPv6 technology, because Asia controls only about 9 \npercent of the allocated IPv4 addresses, and yet has more than \nhalf of the world's population.\n    Asian governments have invested hundreds of millions of \ndollars in IPv6 technology. China has been extremely aggressive \nand Japan has set up an IPv6 Promotion Council, using tax \nincentives to encourage research and adoption of IPv6 by its \nprivate sector.\n    Europe currently has a task force that has the dual mandate \nof initiating country and regional IPv6 task forces across \nEuropean states and seeking global cooperation around the \nworld, and Europe's Task Force and the Japanese IPv6 Promotion \nCouncil forged an alliance to foster worldwide deployment.\n    Here at home, challenges such as procurement, information \ntechnology management, and modernization are often addressed \ndeliberately by the Federal Government and change often takes \nyears to implement, but these are the challenges we take up on \nthis committee.\n    Federal Government IT expenditures are on track to surpass \n$65 billion in fiscal year 2006, making the Federal Government \nonce again the largest purchaser of IT products and services in \nthe world. In addition, a recent report forecasts that IT \nspending will continue to rise throughout the decade, reaching \nover $90 billion in fiscal year 2010. With this buying power, \nwe need to make sure that the best and most secure technology \nis a priority when the Government acquires IT goods and \nservices.\n    I believe that we all want the United States to have the \nworld's best information technology infrastructure, including \nmaintaining the world's best Internet industry. I believe we \nall want U.S. defense capabilities to perform with maximum \neffectiveness and efficiency, and to realize the full potential \nof net-centric warfare.\n    I believe we all want the best Homeland Security systems, \nincluding cameras, sensors, and first responder systems \nintelligently integrated together. I believe we all want \nfiscally responsible Federal spending, including spending on \ninformation infrastructures that will deliver multiple returns \non investment and preserve taxpayer dollars.\n    Today, we will hear about Federal efforts to transition to \nIPv6. Our purpose here is to learn from the public and private \nsectors, to hear if IPv6 can help us achieve long-term \neconomic, defense, homeland security, and technological \nleadership. If it can play a part in reaching those goals, then \nI want to know what support the Government Reform Committee, \nthe Congress, and the U.S. Federal Government need to provide.\n    I also want to learn about the risks. Every day brings news \nof another computer intrusion or data theft. I hope to hear \nabout the security risks that exist under the current protocol, \nhow IPv6 might address these risks, and whether the transition \npresents its own risks.\n    Finally, I hope to learn if the United States is at \ncompetitive risk with respect to the Next Generation Internet. \nMy committee held a hearing recently about the lengths to which \nthe Chinese government would go to make sure that only Chinese \nsoftware is purchased by Chinese government agencies. The \nChinese government not long ago announced that CERNET2, the \nfirst network based on pure IPv6 technology, was going into \nformal operation. An official from China's National Development \nReform Commission said China's Next Generation Internet will \nbring huge benefits to their national economy and increase the \ncountry's competitiveness in national defense, economy, science \nand technology.\n    Last year, I asked GAO to look at IPv6 and its implications \nfor the Federal Government. Today, we are here, in part, to \nreview their report, which highlights the fundamental \nchallenges facing the Federal agencies, the White House, and \nCongress.\n    However, to reap the benefits from IPv6 Federal agencies \nmust first begin to plan and develop requirements that will \ntake full advantage of what the new protocol offers. I hope \nthat the Office of Management and Budget will continue its \nleadership role in information policy and begin to address some \nessential issues, including how much IP address space the \nFederal agencies may require, whether the Federal Government is \nready for the transition, and how much it will cost.\n    At this stage, I am gathering input on IPv6. I was pleased \nto receive a copy of the Department of Defense IPv6 Transition \nPlan recently. I am looking forward to receiving the Department \nof Commerce's report as soon as possible, and see how IPv6 can \nhelp America's economy and help America's exports.\n    The vast majority of the technology we know and use is \nrooted in the United States. Many of these innovations were a \nresult of the ideas and hard work from individuals who came \nfrom other countries to live, to work, or to be educated, some \nof whom are here today.\n    America draws the best and the brightest from around the \nglobe, they produce their best work here, and then we share \nthose efforts with the rest of the world. I am confident that \nwe can meet the challenge of this transition.\n    I would now recognize the distinguished ranking member, Mr. \nWaxman, for an opening statement.\n    [The prepared statement of Chairman Tom Davis follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.001\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.002\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.003\n    \n    Mr. Waxman. Mr. Chairman, thank you for holding today's \nhearing on Internet protocol version 6, what is often called \nthe ``Next Generation Internet.''\n    The architecture of the Internet was first developed more \nthan 30 years ago, but the Internet of today is far different \nthan it was then. Whereas the early Internet joined together a \nsmall number of computers, the Internet today connects desktop \ncomputers, laptop computers, network servers, handheld \nBlackberries, cell phones and cars. Even dishwashers and \nrefrigerators are beginning to go online.\n    The Internet is not yet breaking down under the strain, but \nthere are limitations that need to be addressed. The current \nsystem has the capacity to connect together 4 billion different \ncomputers and devices at any one time. This may seem like a \nlot, but consider the computers and cell phones one typical \nfamily might own today, or all the desktops, laptops, and \nBlackberries in use in the Federal Government.\n    Four billion seems even smaller in light of the growing \nInternet use worldwide. In fact, it is only because of network \nadministrator ingenuity that the current protocol's \ntechnological limitations are not paralyzing the Internet.\n    The Next Generation Internet eliminates major existing \ntechnological limitations. This new system increases access to \nthe Internet exponentially while also offering the added \nbenefits of more sophisticated security and improved \nconnectivity.\n    Consumers will reap these benefits, but it is the Federal \nGovernment that may well be the greatest beneficiary. A recent \nGAO study found that Next Generation Internet could help DOD to \ncreate more advanced weapons and information systems. Other \npotential uses include wireless border security sensors and \ninteroperable networks for first-responders.\n    Unfortunately, the Government is not taking full advantage \nof this opportunity. GAO found that few agencies beyond the \nDefense Department have even begun to ready themselves for the \nNext Generation Internet. Meantime, the rest of the world is \ntaking Next Generation Internet seriously. China is building a \nnationwide network that will run on the new system. India's \nprivate sector is actively moving to take advantage of these \nnew technologies.\n    The Next Generation Internet is coming. I look forward to \nhearing from witnesses about what we can do to take the lead in \ndeveloping the Internet as we did 30 years ago or we can wait \nfor this evolution to pass us by and then play catch up.\n    Thank you, Mr. Chairman, for the opportunity to make an \nopening statement. I look forward to the testimony of the \nwitnesses today.\n    [The prepared statement of Hon. Henry A. Waxman follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.004\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.005\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.006\n    \n    Chairman Tom Davis. Mr. Waxman, thank you very much.\n    The Members will have 7 days to submit opening statements \nfor the record.\n    I will now recognize our first panel, a very distinguished \npanel. We have: the Honorable Karen Evans, Administrator, \nElectronic Government and Information Technology, Office of \nManagement and Budget; David Powner, Director, Information \nTechnology Management Issues, Government Accountability Office; \nKeith Rhodes, Chief Technologist and Director, Center for \nTechnology and Engineering, Government Accountability Office; \nGeorge Wauer, Director, Architecture and Interoperability, \nOffice of the Assistant Secretary of Defense for Networks and \nInformation Integration and Office of the Chief Information \nOfficer, U.S. Department of Defense. Mr. Wauer is accompanied \nby Major General Dennis Moran, Vice Director, Command, Control, \nCommunications and Computer Systems, Joint Chiefs of Staff, \nU.S. Department of Defense. General Moran, thank you for being \nwith us today.\n    It is the policy of the committee to swear all witnesses \nbefore you testify.\n    [Witnesses sworn.]\n    Chairman Tom Davis. We will start the testimony with Ms. \nEvans. Karen, you know the rules. We try to keep it to 5 \nminutes. Your entire statement is in the record. Questions will \nbe based on your entire statement but you have 5 as a summary.\n    Karen, thanks a lot for being with us again.\n\nSTATEMENTS OF KAREN EVANS, ADMINISTRATOR, ELECTRONIC GOVERNMENT \n AND INFORMATION TECHNOLOGY, OFFICE OF MANAGEMENT AND BUDGET; \n   DAVID POWNER, DIRECTOR, INFORMATION TECHNOLOGY MANAGEMENT \n ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE; KEITH RHODES, CHIEF \n     TECHNOLOGIST AND DIRECTOR, CENTER FOR TECHNOLOGY AND \n ENGINEERING, GOVERNMENT ACCOUNTABILITY OFFICE; GEORGE WAUER, \n  DIRECTOR, ARCHITECTURE AND INTEROPERABILITY, OFFICE OF THE \n  ASSISTANT SECRETARY OF DEFENSE FOR NETWORKS AND INFORMATION \n INTEGRATION AND OFFICE OF THE CHIEF INFORMATION OFFICER, U.S. \n  DEPARTMENT OF DEFENSE, ACCOMPANIED BY MAJOR GENERAL DENNIS \n  MORAN, VICE DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS AND \n  COMPUTER SYSTEMS, JOINT CHIEFS OF STAFF, U.S. DEPARTMENT OF \n                            DEFENSE\n\n                    STATEMENT OF KAREN EVANS\n\n    Ms. Evans. Thank you for inviting me to speak about the \nFederal Government's efforts in preparing for the transition to \nInternet protocol version 6. This afternoon, I would like to \nbriefly identify the steps we are taking in preparation for \ntransition.\n    As I mentioned in my April 7, 2005 testimony before this \ncommittee regarding our efforts to safeguard the Government's \ninformation systems, late last fall OMB directed the agencies \nto provide a preliminary report on their planning activities \nfor the transition to IPv6. Only the Department of Defense had \nundertaken any significant effort in this area.\n    Given the lack of government-wide progress and our concern \nregarding the complexities of transition, we recognize the need \nto begin developing a comprehensive transition planning guide \nand process.\n    We are about to take the first step and issue a policy \nmemorandum providing guidance to the agencies to ensure an \norderly and secure transition to IPv6. The purpose of the \nguidance will be to ensure effective planning and to raise the \nlevel of awareness and urgency of preparing for IPv6.\n    The overarching challenge facing us is ensuring continued, \nuninterrupted functionality of Federal agencies during the \ntransition while providing continued and improved information \nassurance. This will require major changes in the architecture \nof many agency networks. Since there is a large embedded base \nof IPv4-compatible equipment and applications, transitioning to \nIPv6 will also require large capital investments and labor \nresources. While the challenges are significant, they are not \ninsurmountable, especially if we approach them methodically and \nin phases. The guidance will lay out five important actions the \nagencies should take.\n    First, agencies will have to familiarize themselves to the \ntransitions issues by reviewing the GAO report, the Commerce \nreport, and particularly the Department of Homeland Security's \nUS-CERT advisory of security issues concerning IPv6. Since IPv6 \nis already present in many Federal agency networks, it is \nimportant that agencies begin addressing the security risks \nassociated with IPv6 now.\n    Second, agencies will have to assign a specific individual \nto lead and coordinate agency planning. This person will be \nresponsible for monitoring, enforcing, and reporting on the \ntransition and implementation of IPv6 within the agency.\n    Third, agencies will develop an inventory of existing IP \ncapable devices and technologies. To ensure an orderly \ntransition from IPv4 to IPv6, we must establish a baseline and \ndetermine the size of the problem. While we know IPv6 \ntechnologies are deployed throughout the Government, but like \nother organizations, we do not know specifically which ones, \nhow many there are, or precisely where they are located. We are \nplanning for each agency to file a report of their inventory of \nIP capable devices and technologies to OMB in the first quarter \nof fiscal year 2006.\n    Fourth, agencies will conduct an impact analysis to \ndetermine fiscal and operational impacts and risks during the \ntransition to IPv6. We are planning for each agency to report \nthe results of this impact analysis to OMB in the first quarter \nof fiscal year 2006, and it should include analysis on cost and \nrisk. For cost, the agencies must report on estimates for \nplanning, infrastructure acquisition, above and beyond normal \nexpenditures, training, and risk mitigation.\n    Fifth, the policy will direct the CIO Council to develop \nbefore the end of the calendar year, more detailed IPv6 \nimplementing guidance. It will include guidance for developing \ndetailed prioritized schedules and milestones, integrating IPv6 \nwith the agency enterprise architecture, developing necessary \nIPv6-related policies and compliance mechanisms, training \nmaterial, and test plans for IPv6 compatibility and \ninteroperability. To the extent the agencies are currently \ncapable of addressing the elements of the future CIO Council \nguidance, they have been instructed to begin doing so now. We \nwill also use the OMB EA Assessment Framework to measure the \ndegree to which agencies are effectively performing this \nplanning element.\n    Our policy will also set June 2008 as the date by which all \nagencies' infrastructure, network backbones, must be using IPv6 \nand agency networks must interface with this infrastructure. \nOnce the network backbones are ready, the applications and \nother elements will follow. Setting this firm date is necessary \nto maintain focus on this important issue. Overall the actions \nset out in our policy will begin to address the many challenges \nthat come with IPv6 transition.\n    I would like to take one moment to discuss one aspect of \nthe implementation guidance. Later in this hearing, you may be \nhearing testimony that says IPv6 poses a problem associated \nwith the capability called tunneling. In fact, tunneling is \nextremely widely used throughout the Government and industry \nand facilitates cost effective and safe communications.\n    During the question period, I would be happy to answer your \nquestions about the aspect of IPv6 tunneling and how it could \nbe controlled and any other questions you have.\n    Thank you for this opportunity to talk about the \nadministration's strategy.\n    [The prepared statement of Ms. Evans follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.007\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.008\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.009\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.010\n    \n    Chairman Tom Davis. Thank you very much, Ms. Evans.\n    Mr. Powner.\n\n                   STATEMENT OF DAVID POWNER\n\n    Mr. Powner. We appreciate the opportunity to testify on \nInternet protocol version 6.\n    With me today is Keith Rhodes, GAO's Chief Technologist who \nwill discuss the security aspects of transitioning to this new \nprotocol.\n    The initial benefits of IPv6 is that it will immediately \nremedy the shortage of worldwide Internet addresses and will \ngreatly increase the number of devices that can connect to the \nInternet. IPv6 is clearly gaining momentum globally, especially \nin regions such as Asia where address space is limited and \nconcerns exist about the U.S.'s adoption of the new protocol as \nit pertains to global competitiveness.\n    This morning, I would like to leave you with three thoughts \nbefore Mr. Rhodes discusses the need to mitigate security \ntransition risks.\n    First, there are many benefits to the new protocol; second, \nGovernment transition has been slow; and third, key planning \nefforts are essential. In addition to the increased address \nspace that will accommodate the growing number of users and \nmobile devices, IPv6 will, among other things, allow for an \nefficient and possibly faster routing, simplify network \nadministration and enhance IP security by improving \nauthentication and confidentiality of data sent over the \nInternet.\n    The Department of Defense plans to utilize IPv6 features. \nFor example, it envisions our future soldiers equipped with \nmultiple IP addresses for communications and to monitor vital \nsigns. Other Federal agencies, for the most part, have not \ninitiated IPv6 planning efforts. Because of this, we \nrecommended to OMB that they instruct Federal agencies to begin \naddressing key planning efforts. These include developing \ninventories and assessing risks, creating business cases and \nidentifying timelines and methods for transition.\n    Mr. Chairman, we have been working with the Office of \nManagement and Budget and we recognize Ms. Evans' efforts that \nearlier this year called for Federal agencies to update \nstrategic plans, enterprise architectures and acquisition \nstrategies to address IPv6 transition. Although Ms. Evans' \nstatement is encouraging, more effective leadership is needed.\n    In addition, we also recommended that Federal agencies take \nimmediate action to address near term security risks. \nIronically, this new protocol that in the long term will \nimprove network security creates several near term \nvulnerabilities if not properly managed, as Mr. Rhodes will now \ndemonstrate.\n    Before turning it over, Mr. Chairman, I would like to thank \nyou for your leadership in this area and for jump starting the \nFederal Government's transition to this new protocol.\n    [The prepared statement of Mr. Powner follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.011\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.012\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.013\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.014\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.015\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.016\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.017\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.018\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.019\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.020\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.021\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.022\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.023\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.024\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.025\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.026\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.027\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.028\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.029\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.030\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.031\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.032\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.033\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.034\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.035\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.036\n    \n                   STATEMENT OF KEITH RHODES\n\n    Mr. Rhodes. What I am going to explain to you is an exploit \nthat we have used when we are testing Federal departments and \nagencies and one we have proven and documented in our own \nlaboratory.\n    The first slide is a typical IPv4 configuration. You see a \nrouter, intrusion detection, a firewall, all working together \nto protect a system that is connected to the Internet.\n    The intruder on the left sends the target agency on the \nright a specially crafted e-mail. The targeted user opens the \ne-mail thinking it is a normal e-mail. Let me note here this \nattack does not require the user to double click on an \nattachment as is common with most MOU ware. If the e-mail is \nWeb-based, that is, it is written in the language of the World \nWide Web, the hypertext mark up language, then even if the user \njust previews it in the window in their mail system, the attack \nwill launch.\n    The e-mail looks normal to the target but deep inside the \ncomputer, the IPv6 stack is turned on, given an address and a \nmission. The mission is to send a shell back to the intruder \nusing IPv6 inside IPv4. This means that the shell request is \nsent back to the intruder via tunnel which is carried by the \nIPv4 packets. The shell request is totally invisible to the \nfirewall, the intrusion detection system and the Internet, just \nsome normal looking IPv4 packets.\n    Now there is a new network, a dedicated network between the \nintruder and the target agency unseen by most current firewall \nand IDS technologies.\n    As the intruder explores the target agency, the intruder's \nsoftware converts the PC to a router and many other computers \nanswer the IPv6 call. Now there is a covert IPv6 network \ninvisible to the target agency.\n    My final point is this could have been avoided using \navailable technology and best practices, for example, closing \nPort 41 to outbound traffic on your firewall. The transition to \nIPv6 can be done safely and securely with proper precautions. \nOtherwise, the intruders are out there and they know how to do \nthis.\n    Thank you, Mr. Chairman, and I will accept any questions.\n    Chairman Tom Davis. Thank you very much.\n    Mr. Wauer.\n\n                  STATEMENT OF GEORGE G. WAUER\n\n    Mr. Wauer. Good afternoon. Thank you for the invitation to \ntestify before the committee.\n    In the interest of time, I will submit my formal written \ntestimony for the record. I would, however, like to make the \nfollowing key points.\n    The Department of Defense views version 6 as a critical \nenabler in achieving our vision of global net-centric \noperations. Modifying version 4 to accomplish this version \nwould have been, at best, problematical. Version 6 provides \nspecific features that can make the net-centric vision a \nreality.\n    In June 2003, the Department established the goal of \ntransitioning to version 6 by 2008. We are defining phase \ntimelines that include specific system implementations that \naddress increasingly complex end-to-end functionality. However, \ndue to the critical nature of the Department's mission, it is \nimperative that this transition not imperil our current \noperational capabilities.\n    Our strategy and the position of the Department is to \ncomplete the transition with minimal additional costs by using \nphase timelines and relying primarily on already-scheduled and \nplanned technology refreshments. In fact, since October 2003, \nwe have required version 6 capability on all new acquisitions \nand procurements. This strategy allows the Department to \nleverage ongoing commercial and industry version 6 efforts.\n    However, even with this transition strategy, there will be \nsome additional costs for this major technology insertion. \nThese additional costs are expected to be in the area of \nplanning, engineering, technical assessments and training. \nImplementing version 6 across the Department is complex and \npresents many challenges. Careful and early planning has been \nnecessary to ensure the transition to version 6 is accomplished \nin an effective and controlled manner. Version 6 must not be \ndisruptive to the everyday, strategic tactical and business \noperations of the Department.\n    DOD is firmly committed to the expeditious transition to \nversion 6 in a manner that is affordable and protects the \ninteroperability, security and performance of the existing \nrequirements we have on our plate.\n    Thank you and I appreciate the committee's interest in the \ntransition for the Department and I would be happy to answer \nany questions.\n    [The prepared statement of Mr. Wauer follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.037\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.038\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.039\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.040\n    \n    Chairman Tom Davis. Ms. Evans, let me start with you. IPv6 \nraises some very broad and very serious policy issues as you \naddressed. Some of these issues are squarely within OMB. For \nexample, agencies are planning for IPv6 and securing their \ncurrent systems.\n    Other issues such as the international challenges, economic \ncompetitiveness, lack of IPv6 firewalls for classified systems \ngo beyond the purview of OMB and the CIO Council. What is the \nadministration doing to organize and address this challenge?\n    Ms. Evans. First off, there are a couple things in there \nbut more importantly, everything we do within the \nadministration is coordinated within the Executive Office of \nthe President. As we move forward and take on these issues, \nthey are coordinated through the councils that exist within the \nExecutive Office of the President.\n    We have taken on this issue, my policy and how it impacts \nthe Federal agencies has also been looked at going forward, so \nI can talk about what I am doing to affect the Federal agencies \noverall. I would be happy to take back any other specific \nquestions that you have and get answers for the record.\n    Chairman Tom Davis. Do we have any ballpark estimate of the \ncost and the labor requirements of the transition?\n    Ms. Evans. Right now, based on the analysis we did, it \ncould grow by an order of magnitude. This is the reason why we \nare asking for the agencies to prepare these reports and these \ndocuments so that we can get an estimate of what it is going to \ncost.\n    For the most part, and I believe my colleagues from DOD \nhave already stressed this, a lot of the costs as far as \nhardware, software or the products we buy, they are already \nIPv6 capable and enabled and have that capability. The cost we \nwant to make sure we have a true handle on deal with the \napplications that are currently in place. They may be using \nsomething very specific to IPv4. That is why I agree with \neverything that has been said so far. The planning efforts will \nbe very critical to get a good handle on the cost estimates.\n    Chairman Tom Davis. Given the expenditures by the Europeans \nand the Asians on this, which far out-strip anything we have \ndone are we behind the eight ball at this point? How would you \ndescribe where we stand?\n    Ms. Evans. As far as the implementation of IPv6, I think \neverything you read in the GAO report shows that it is self \nexplanatory. We have a huge investment obviously in version 4 \nand the way to move forward is the administration, at least \nfrom the Federal Government's standpoint and our investment is \nwe are going to take a market-based approach and view how the \nmarket and the products conduct to go forward.\n    We are taken that first step by indicating that we want our \nnetwork backbones to be IPv6 enabled by 2008. We feel that is a \nsignificant step for where we already are. When I say we are \nbehind the eight ball, it is relative depending on what \nservices, what activity, whether you are looking at it from the \nconsumer or the Federal Government standpoint of the \ninvestment.\n    Chairman Tom Davis. Mr. Powner, to the extent that you are \nable, can you kind of describe the projects you are undertaking \nin IPv6?\n    Mr. Powner. The projects GAO is currently undertaking?\n    Chairman Tom Davis. I am sorry, I meant to ask this of Mr. \nWauer.\n    Mr. Wauer. Those are spread out over the whole Department \nof Defense. We are looking at all of the new procurements going \non such as TSAT, the gig bandwidth expansion and several of the \nother procurements that are going on, JTERS. All of those are \ngoing to be IPv6 enabled.\n    Chairman Tom Davis. Are you in any position at this point \nto talk about how long it would take to complete the transition \nand what the cost would be?\n    Mr. Wauer. No, I am not.\n    Chairman Tom Davis. Ball park?\n    Mr. Wauer. Anything I would give you would be strictly off \nthe top of my head. The actual implementation plans from each \nof the services and components are being generated. They have \ngone through a first cut and until we see those and are able to \naggregate those, it would be very difficult to put a specific \ntimeframe on that.\n    Chairman Tom Davis. Mr. Powner, how do we measure the \nsuccess of the transition? Could GAO benchmark the United \nStates versus other nations? Would that be an appropriate \nbenchmark?\n    Mr. Powner. One of the things that we are currently in the \nprocess of doing for you is looking at some of the early \nadopters of IPv6. In fact, we will touch on some of that with \nwhere some of the other countries are. Initially, some of the \ndata out there is a bit misleading. Clearly from a leadership \nperspective, I agree with some of your comments earlier and \nwhere your questions were going that we are behind the eight \nball from a leadership perspective clearly. From an actual \ntransition perspective, it is a little unclear where some of \nthe other countries are. There are councils in place and tax \nincentives being thrown out there for corporations and \nagencies.\n    Chairman Tom Davis. How much has been spent by other \ncountries roughly on the transition at this point?\n    Mr. Powner. No ballpark.\n    Chairman Tom Davis. Significantly more though than we have \nspent, is that fair to say?\n    Mr. Powner. Likely, yes. That is a huge unknown here in the \nStates, how much we spend, especially from the Federal \nperspective.\n    Chairman Tom Davis. You may actually have the incentive \nbecause they are the ones that need the addresses and \neverything else.\n    Mr. Powner. Absolutely and we don't have the pressing need \nbecause we control more than 70 percent of those 4 billion \naddresses to date.\n    Chairman Tom Davis. If the world stayed at IPv4 at this \npoint, we would not be disadvantaged competitively, it would be \nthe other countries and that is where the impetus is?\n    Mr. Powner. Correct, but I think if you look from a mission \nperspective and why DOD has this very detailed effort in place \nto transition from a mission perspective, we would like to stay \non the cutting edge. There are implications for homeland \nsecurity applications where we could really benefit from what \nthe new protocol could provide.\n    Chairman Tom Davis. Would you say this is not comparable to \nY2K because we are not dealing with a time certain at this \npoint? This continues to be a work in progress as it emerges. \nAs Ms. Evans said, market-based and we will see how quickly it \ngets up to snuff?\n    Mr. Powner. It is clear we don't have a firm deadline like \nY2K but I think it is nice we have a target the administration \nis now throwing out for 2008. Clearly it is similar to Y2K in \nthe sense that it affects a lot of equipment that is out there. \nOur phones, our PCs, operating systems, network routers, it is \nwidespread in terms of what will need to eventually be swapped \nout.\n    Chairman Tom Davis. Reading the papers today with constant \nreports of intrusions and security breaches, it appears the \nInternet is relatively insecure. With full implementation of \nIPv6, do you think it would provide greater security \npotentially?\n    Mr. Powner. Clearly with the new protocol, there is a \nfeature in it that allows for more robust authentication and \nconfidentiality of the day. In the long term, it is believed \nthat protocol will allow for greater security.\n    The issue where it is insecure as Mr. Rhodes demonstrated \nis there is a lack of awareness that agencies currently have, \nIPv6 in their networks today? If they knew that occurred, they \ncould effectively mitigate those risks.\n    Chairman Tom Davis. Let me ask the entire panel, should the \nU.S. Government obtain its own block of IPv6 address space now?\n    Mr. Rhodes. I don't think it is actually necessary for the \nUnited States to do that when you are talking about a huge \nvolume of addresses. Locking in your own set is not the same as \nit was with IPv4. That is one of the great benefits of IPv6 \nthat there is plenty for everyone. If you lock in your own, \nthat is fine because then you have contiguous sets of IP \naddresses that you can work but it is not the same struggle \nthat we had with the current set of addresses that you need to \nworry about in IPv6.\n    General Moran. The Department of Defense is in the process \nof pulling together an area of how many we think we will need \nand we are processing forward to establish that and get it \nallocated to us.\n    Chairman Tom Davis. Do you think the transition to IPv6 is \nan economic imperative and do you think the Federal Government \nis losing its lead in technology by not moving more quickly? \nMr. Powner, do you have any thoughts on that?\n    Mr. Powner. Clearly, I think we are in a far better \nposition if we lead than lag. Being in a position where we can \ntake advantage of some of the applications that IPv6 could \nprovide would put us on sound footing, especially when you look \nat some of the capabilities we need to secure, the Department \nof Homeland Security.\n    Mr. Rhodes. Mr. Chairman, as a scientist and as an \nengineer, I can only say if we allow other people to adapt \nbefore us, they will be the ones who build the killer \napplications and we won't because they will be able to work \nwith it everyday. The Chinese already have an IPv6 router that \nthey are just waiting for market share on. They have an IPv6 \ndedicated and enabled network.\n    If you look at the implementations in Japan and look at the \nequipment being built in Japan, they are the ones working with \nit on a regular basis in day-to-day operations. We would like \nto have a voice over IP; they are already working on it because \nthey get the quality of service benefit from IPv6. Somebody is \ngoing to be ahead of us if they are working with it every day.\n    If we relegate it to being networks sitting inside \nuniversities, that is fine but that is research. As Ms. Evans \npoints out, that is not the market driving it.\n    General Moran. From the Department of Defense perspective, \nit is an operational imperative that we move to IPv6 because if \nyou look at the future warfighting concepts, whether they be \nland, air or sea, we must have an IPv6 environment in order to \nmove the information we are going to require to be successful \nin the environment. Therefore, the DOD I think has moved out so \naggressively.\n    Chairman Tom Davis. Do you think IPv6 quality of service \nstandards meet the needs of DOD and will IPv6 give DOD less \nquality of service than we have currently?\n    General Moran. I am not a technologist but I do believe in \norder to get the quality of service capabilities that we \nrequire across our global information grid which is going to be \nour part of the network, we are going to need to have the IPv6 \nquality of service implementation.\n    We are involved through the department level to ensure that \nthe definitions of those standards meet our requirements.\n    Chairman Tom Davis. But basically what you have is Asia and \nEurope moving ahead on their own. Whatever we do, we will have \nto adjust to these standards. Either we will be left behind or \nthe more proactive we are, we will be able to continue a \nleadership role.\n    General Moran. It is my personal belief that we need to be \nin a leadership role so that we get the standards developed in \na way that from the Department's perspective, we get the \ncapabilities we require.\n    Chairman Tom Davis. I appreciate the leadership role DOD is \ntaking.\n    Mr. Gutknecht, any questions?\n    This is new stuff for a lot of members. A lot of us are \nstill trying to figure out how to plug in the computers but it \nis critically important for us, not just for operation of \ngovernment but for global competitiveness.\n    From the GAO perspective, I appreciate your report. This \nwas very, very helpful to others in kind of laying this out. \nThis is the first congressional hearing on this but it is \nsomething we will continue to try to ride herd on here. \nHopefully the interest will spread to other committees as we \nunderstand the national security implications, the global \ncompetitiveness, economic ramifications of this and this is a \nbig bite for you, Ms. Evans, as well. I hope you are getting \ncooperation within the Government as you continue to take your \nleadership role on this.\n    If there aren't other questions for this panel.\n    General Moran. I really want to make one statement about \none item you just mentioned and that was the question about \nY2K. I do believe the reason the Department has been so \nsuccessful is that our leadership is using the Y2K model to \nmanage this. That is what has forced the leadership to deal \nwith the realities of this change that is required. Even though \nwe don't have a day and time that we have to be on IPv6, the \nmanagement strategy the Department is using is exactly what we \nused in Y2K. I would argue that is why we were so successful.\n    Mr. Wauer. If I can inject one other thing, one of the \nthings the Department has found is this is a highly complex \nprocess. It is spread out over a myriad of different \napplications. It is not a trivial thing, both from a technical \nand management standpoint.\n    We actually stood up a transition office. This is not a \npart-time job for a group of people. This is going to require \nsome dedicated staffing and some real emphasis being placed on \nit to get this thing done right.\n    Chairman Tom Davis. Is there dedicated funding for this at \nthis point or are we kind of taking a little here and there?\n    Mr. Wauer. The first 2 years, there was some dedicated \nfunding for the transition office itself. We are now in the \nroll. It is spread across because the way we manage true \nprograms, it is spread out across the programs.\n    Chairman Tom Davis. Explain to me what happens if we sit \nback and do nothing. If we were to sit back at this point and \ntake a very relaxed point of view and let everyone else move \nahead, what are the ramifications of that? Ms. Evans.\n    Ms. Evans. I would like to venture an answer that we could. \nAs a Nation, we could sit back because we do own over 70 \npercent of the address in space. We could invest and make that \naddress in space continuously work for us and gain greater \nefficiencies but I think as pointed out by several others here, \nif you want to drive innovation, you have to create an \nenvironment where people can think about what if. You saw that \nas we were going through the big dot com boom. Everybody was in \nthe what if, the Internet presented so many different \nopportunities.\n    This isn't a concept, a technical concept that sometimes is \na little hard to grasp but it provides the opportunity to \nprovide an environment out there that you can ask that question \nagain, what if. What if I want to do this for Homeland \nSecurity, what if I want to do this for the Department of \nDefense so that I can expand? Industry, I believe, would \nrespond because of the way that innovation has always been here \nwithin the United States. So we could sit back and continue to \ninvest in the current technology that we have and make it more \nefficient or we can invest in the possibilities of the future.\n    The administration acknowledges that with proper planning \nand proper resources, IPv6 would allow the country to be able \nto move forward to deal with all those issues.\n    Chairman Tom Davis. Mr. Rhodes.\n    Mr. Rhodes. Just wanted to give you one practical homeland \nsecurity application. We are very concerned about chemical, \nbiological, radiological and nuclear unconventional devices. \nOne of the solutions to that is to place sensors. Each one of \nthose sensors is going to be on a network, each one of those \nsensors is going to require an IP address, they are going to \nhave to send their information back somehow.\n    If you want to really have ground truth either from the \nstandpoint of the soldiers, sailors, airmen and Marines or the \nfirst responders, you are going to have to have this. Yes, we \ncould sit back but you just don't have enough Internet \navailable to you at this moment in its own configuration.\n    Chairman Tom Davis. Thank you very much.\n    We will take a 2-minute break and call our next panel.\n    [Recess.]\n    Chairman Tom Davis. Thank you all for being here.\n    You heard our first panel of witnesses and some of the \nquestions. Hopefully we can get into some other questions as we \nmove through this.\n    We have on this panel: John Curran, chairman, American \nRegistry for Internet Numbers; Jawad Khaki, corporate vice \npresident, Microsoft Corp.; Stan Barber, vice president, Verio, \nInc.; and Alex Lightman, chief executive officer, Charmed \nTechnologies, Inc.\n    [Witnesses sworn.]\n    Chairman Tom Davis. Mr. Curran, we will start with you and \nmove down the line. Try to keep it to 5 minutes but if you need \ntime, it looks like we have a small group of members, so we \nwill have some time if you need a couple extra minutes to make \nyour point.\n\n  STATEMENTS OF JOHN CURRAN, CHAIRMAN, AMERICAN REGISTRY FOR \n   INTERNET NUMBERS; JAWAD KHAKI, CORPORATE VICE PRESIDENT, \nMICROSOFT CORP.; STAN BARBER, VICE PRESIDENT, VERIO, INC.; AND \n ALEX LIGHTMAN, CHIEF EXECUTIVE OFFICER, CHARMED TECHNOLOGIES, \n                              INC.\n\n                    STATEMENT OF JOHN CURRAN\n\n    Mr. Curran. Good afternoon.\n    My comments are formally a part of the record, so I am not \ngoing to read them but I will summarize them for the sake of \nbrevity.\n    I am John Curran. I was one of the founders of the American \nRegistry of Internet Numbers. I have been the chairman since \nits inception in 1998.\n    I would like to say I welcome the chance to come here and \ntalk about U.S. leadership and the IPv6 arena. I think it is a \nvery important topic.\n    I want to say for background not everyone is aware of how \nIP addresses are allocated. ARIN is one of the five regional \nInternet registries that handle address management. We handle \nit for North America which includes Canada, the United States, \nmuch of the Caribbean. Our counterparts are AfriNIC, APNIC, \nLACNIC and RIPE NCC which handles Europe. Combined, these \nregistries form a bottoms up policy formation process that all \nInternet service providers worldwide participate in. This is a \nvery important concept to keep in mind as we talk about \nInternet numbers and how they are allocated and the transition \nto IPv6.\n    I have background in industry as well which is relevant to \nthis. I have been involved in three Internet companies as chief \ntechnology officer including BBN which was the builders of the \nIBERnet, the original IP network; XO Communications out in \nVirginia; and most recently a company called ServerVault.\n    My involvement in the Internet actually goes back quite \nsome time. I was involved in the Internet Engineering Task \nForce back when it was time to form the IP Next Generation \nDirectorate, the group that took on the problem of the IP \naddress depletion issue. I would like to review what happened \nat that time because it is very important to this proceeding to \ngive context as to why we are talking about IPv6 now.\n    Back in 1993, the emerging research network and commercial \nInternet was very successful. We had the regional networks \ngrowing by leaps and bounds, we had the very start of the \ncommercial Internet providers. A group of people got together \nand figured out that we were going to have an address depletion \nproblem. Back at that time, that problem looked like it could \noccur as soon as 2005, potentially as late as 2010.\n    As a result, the IETF formed a group called the IP Next \nGeneration Directorate which was challenged with forming the \nrequirements for the next generation Internet protocol. The \nresult of that group and the follow on efforts in the IETF was \nthe IPv6 protocol. That protocol as we all know has a much \nlarger address space and has numerous technical enhancements. \nThis is all covered very well in the GAO report and I won't go \nthrough it.\n    It was envisioned that larger address space was needed \nbecause we were going to run out of address spaces again very \nearly in 2000. Luckily, there were some changes in address \nallocation policy at the same time. These changes resulted in \nthe usage of IPv4 address space being reduced substantially, \nthe rate at which we were using them, and as a result, we have \nno problem today. IPv4 address space is being used but there is \nplenty available for organizations worldwide to connect.\n    The reality is that we do forecast this a bit. The \nforecasts show 2018 being one of the earliest forecasts but it \nis a moving target. You can have a few years of increased usage \nthat will cause that forecast to come in.\n    The important point here is that whether we are looking at \na number of 201, 2015, there is ample time for organizations to \ntransition to IPv6. There is not a crisis, per se. This is \nimportant to remember because the transition to IPv6 is a very \nchallenging item. We had the prior panel discuss the planning, \nthe business case and the security issues associated with that.\n    I would like to highlight the fact that we have been \nallocating IPv6 addresses to organizations since 1999. The \nInternet community is standing by ready to transition. We have \nthe protocol done, we have the address allocation authorities \ndone, there are test networks for IPv6. So we are ready to go. \nThat is not a challenge.\n    The challenge is that you need to have a transition plan \nand you need to have business cases. These are very complicated \nfor industry to form. One of the things that led in the United \nStates to a lot more analysis of transition issues was the \nDepartment of Defense's adoption of a Statement of Migration to \nIPv6. That caused not only within the Department of Defense \ncommunity but in the contractor community and in the vendor \ncommunity, a focus on all of the issues necessary to enable \nthis.\n    The reality is that is what we need, more industry \ninvolvement. This industry involvement can be achieved by \ninvolving more Federal agencies in the planning process. Per \nse, industry will help facilitate the transition to IPv6, but \nwe don't need anything other than the impetus provided by more \nFederal planning.\n    As some of the largest users of IT technology, it is \nappropriate that Federal agencies are the ones that start the \nplanning process as early as possible because they have large \nissues that are associated with their scale.\n    I just want to say that ARIN supports the increased \ninvolvement of more Federal agencies in this planning process. \nThe Internet community is ready to transition to version 6. \nThere is time to get the job done and we look forward to this \ncommittee's and the GAO's involvement in encouraging more \nFederal agencies to move in this direction.\n    That concludes my comments. Thank you and I look forward to \nquestions.\n    [The prepared statement of Mr. Curran follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.041\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.042\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.043\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.044\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.045\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.046\n    \n    Chairman Tom Davis. Thank you very much.\n    Mr. Khaki, thank you very much for being with us.\n\n                    STATEMENT OF JAWAD KHAKI\n\n    Mr. Khaki. My name is Jawad Khaki. I am the corporate vice \npresident for Windows Networking and Device Technologies where \nI have worked for 16 years.\n    I consider it a great honor to be with the committee today. \nBeginning in July, I will serve on the Federal Communications \nCommission's Technical Advisory Council which was designed to \nprovide the FCC with technical advice on emerging technologies.\n    In both this hearing today and as part of the FCC Council, \nmy goal is to help America maintain its tradition of \ntechnological excellence and role as the global leader in \ninformation technology.\n    The success of the Internet today is due in large part to \nthe efforts of the U.S. Government providing initial financial \nincentives including supporting academic research and Microsoft \nand other key industry partners providing Internet capable \ndevices and applications.\n    Broadband Internet access is now commonly available \nworldwide and combined with the latest IP devices and services \nsuch as mobile telephones, multi-player games, voice-over \nInternet protocol, video conferencing, IP-based TVs are placing \nincreasing requirements on the Internet's infrastructure. IPv6 \nbrings relief to this strained infrastructure.\n    International IPv6 efforts continue to pick up momentum, as \nyou noted most notably in Asia, specifically in Japan and \nChina. In September 2000, the Japanese Prime Minister, Mori \nYoshiro made IPv6 a Japanese national priority akin to the U.S. \nGovernment's approach to the Internet 30 years ago.\n    We anticipate that Japan will roll out robust, commercial \nIPv6 networks capable of supporting tens of millions of \nbroadband subscribers over the next few years. Chinese and \nJapanese efforts are designed not only to deploy IPv6 Internet \ntechnologies but also to promote domestic industry. Domestic \ncompanies in China receive substantial government funding for \ntheir efforts. We also see similar efforts in India, Europe and \nother parts of the world. IPv6 adoption has proceeded slowly in \nthe United States but is likely to accelerate as IPv6 network \nsolutions and applications become more available, robust and \naffordable.\n    The conversion from IPv4 to IPv6 is a large task that will \naffect network architectures, applications, systems and \noperational procedures but we believe the benefits would \noutweigh the costs. It appears private industry efforts are \nworking well at this stage of IPv6 planning and deployment. \nCompanies continue to support IPv4, increasing providing IPv6 \ncompatibility and many are preparing for an eventual transition \nto an IPv6 network.\n    It is difficult to codify an exact cost amount of either an \norganizational or national level IPv6 transition since the \ncosts will depend heavily on the way entities deploy IPv6. \nTransition technologies provided as an inherent part of the \nIPv6 protocol support are in the short term the most cost \neffective, fastest and least disruptive way to introduce IPv6 \nconnectivity into an existing IPv4 environment.\n    In the long term a full native IPv6 deployment can be \nachieved gradually by adding IPv6 into the network through a \nregular technology refreshed cycle. Microsoft understands the \nimportance of IPv6. Our research and development teams \nparticipate in the IETF IPv6 Open Standard Activities and the \nnext version of the Windows operating system, code-named \nLonghorn, will be fully IPv6 capable.\n    While we are working toward developing a comprehensive set \nof IPv6 capable applications and services, we remain acutely \naware that any IPv6 deployment should be a phased transition \nthat results in minimal infrastructure upheaval. Ultimately, \nMicrosoft believes that marketplace dynamics with the \nGovernment being an engaged customer, will gradually lead to \nwidespread use of IPv6 in the United States and around the \nworld.\n    As we look at the Government's role, we would not recommend \nmandates or regulations to artificially force IPv6 deployment \nbut rather, active political support and efforts to strengthen \nthe domestic economy and stimulate commercial innovation.\n    On the academic front, U.S. Government funding of research \ngrants and programs that provide a guiding light on evolution \nof the Internet should be continued. As Bill Gates stated at \nthe Library of Congress in May, ``Our universities and \nlaboratories must be invigorated with first class research \nprograms and thinkers to continue to blaze the technology \ntrail.''\n    We suggest that international efforts to stimulate adoption \nof IPv6 be evaluated and that the U.S. Government learn from \nand if appropriate, adopt some of these emerging practices. \nProviding economic incentive programs typically show faster \nresults than policy recommendations alone.\n    U.S. Government procurement actions have a profound impact \non commercial product strategy and delivery plans. Strong IPv6 \nsupport from the U.S. Government such as current efforts by DOD \nwill only strengthen the perception that IPv6 is an important \ntechnology for American business and the public sector.\n    In conclusion, Microsoft is excited about the IPv6 \npotential to enable pervasive collaborative computing. The U.S. \nGovernment has a great opportunity to foster an environment in \nwhich we have industry and academic IPv6 thought leadership. We \nare eager to work with you to achieve this environment.\n    Thank you once again for the opportunity to speak before \nthe committee. I look forward to answering your questions.\n    [The prepared statement of Mr. Khaki follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.047\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.048\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.049\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.050\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.051\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.052\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.053\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.054\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.055\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.056\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.057\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.058\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.059\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.060\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.061\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.062\n    \n    Chairman Tom Davis. Thank you very much.\n    Mr. Barber.\n\n                    STATEMENT OF STAN BARBER\n\n    Mr. Barber. It is a distinct honor to speak to you today \nabout the next generation Internet and the transition to \nInternet protocol version 6.\n    My name is Stan Barber, the vice president of engineering \noperations at Verio, Inc. Verio is one of the world's leading \nInternet service providers and one of several so-called Tier 1 \nInternet backbone providers, the networks with sufficient \nreach, scale and traffic to afford their customers and \ncustomers of other interconnecting networks, including U.S. \nGovernment users, global connectivity. Verio is based in \nEnglewood, CO, and is a subsidiary of NTT Communications Corp. \nand an affiliate of NTT America, Inc.\n    The committee is to be congratulated for its focus on the \nnext generation of Internet services. We all recognize that the \nInternet has become in a few short years a fundamental aspect \nof our economy and essential to the productivity of business \nand delivery of government services. To some, the term ``next \ngeneration'' suggests speculation about future technological \ndevelopments, and wide expanses of time and opportunities to \nidentify and address issues. However, we live on Internet time, \nand, ``next generation'' in that context means ``now.''\n    Indeed, the next generation of the Internet, IPv6, was \ndefined as an open source, non-proprietary protocol in the \n1990's and has already found its place extensively in major \ncomputer operating systems such as Windows XP and Linux and in \nmany public and private networks around the world. I believe \nthat my company, Verio, is the world's most experienced \ncommercial IPv6 service provider and operates the most \nextensive commercial IPv6 network.\n    Most networks today still operate in the older IP version 4 \nprotocol, but the transition to the later technology is \nessential and inevitable because of the inherent advantages \nbuilt into IPv6. IPv4 does not today provide for sufficient \naddresses to accommodate efficiently connectivity to all \npotential users worldwide. IPv6, on the other hand, increases \nthe number of directly addressable nodes exponentially. While \nsecurity for IPv4 is provided where practical as a ``patch,'' \nusing overlay systems, IPv6 builds in high level security \nprotections, such as secure remote node authentication and \nencryption, directly into the network layer, assuring more \nreliable and ubiquitous protection.\n    IPv6 generally increases flexibility and functionality with \nadditional benefits, such as more efficient routing of traffic \nand more effective usage with wireless devices. The result is \nlower costs and improved services, like end-to-end \ncommunications and communications with devices other than PCS, \nsomething we call m2m-x communications. That is why Internet \nequipment manufacturers and the leading software providers, \nservice providers and private network operators have started to \ntransition from v4 to v6, and those that have not as yet, will \ninevitably find that flexibility, efficiency and security \nrequires the conversion.\n    Other countries are ahead of the United States in this \ntransition. This does not reflect any genuine technological \nadvantage over the United States. Indeed, it may be said that \nthe United States continues to lead the rest of the world in \nInternet and related technology. Other countries have advanced \nto IPv6 primarily because of an initial lag in Internet \ndevelopment. Consequently, they have been more keenly focused \non the need to address the shortage of Internet addresses and \nless extensive legacy networks in need of transition.\n    For example, the European Commission created a task force \nto design a plan of action for development, testing and \ndeployment of IPv6 in 2001. The task force is coordinating \nefforts in individual member counties and regions and seeking \ncooperation with other countries.\n    The Chinese government has established an IPv6 network \nlinking major universities. The government is also funding a \nplan to develop a more extensive IPv6 infrastructure.\n    Taiwan is also developing a national information \ninfrastructure built on IPv6.\n    India has established the IPv6 Forum to coordinate \ndevelopment and implementation of IPv6.\n    In Japan, the home of our parent company, the government's \ne-Japan Strategy has been promoting the transition to IPv6 \nInternet. In addition, an e-Government Creation Plan \nfacilitates the procurement of IPv6-capable devices. In the \ncommercial sector, the IPv6 Promotion Council helps address \nissues related to the transition.\n    I have described these initiatives in other countries not \nto advocate any U.S. Government mandate or funding of \ntransition to IPv6 in the private sector, but to note the clear \nrecognition by policymakers abroad of the potential of IPv6. \nThis committee is showing its characteristic leadership in \nbringing to the attention of the public the need for an \neffective transition from legacy Internet technologies in \ngovernment and more generally.\n    The report of the Government Accountability Office \nrequested by this committee demonstrates a deep understanding \nof the issues raised by this technological transition. The GAO \noffers solid recommendations to save government money and to \nprotect against security threats.\n    In addition to GAO's comments, it is also useful to \nrecognize that the transition to IPv6 need not be disruptive or \ncostly. Verio and NTF Communications employ the so-called \n``dual stack'' transition strategy globally in which we run \nsimultaneous IPv4 and IPv6 systems. Use of the IPv6 system is \nselected where a peer has that capability; the legacy protocol \nis employed where the peer cannot be reached in IPv6. Thus, the \ntransition is transparent to users and existing software and \nequipment.\n    Software and equipment that does not accommodate IPv6 can \nbe updated in conjunction with normal upgrades or as specially \ndesignated by management. The key point is that, as recognized \nby the GAO report, government and private sector management \nshould at least be surveying their essential IT operations to \naccommodate the inevitable transition. In this regard, the GAO \nand this committee are also to be congratulated for \nhighlighting an extremely important issue of security related \nto on-going employment of legacy IPv4 networks in the \ntransition to IPv6.\n    As I have indicated, some operating systems, including such \nubiquitous systems as Windows XP, Apple's OS X, Linux and Unix-\nbased systems, already accommodate IPv6, although they are used \nprimarily in this country in conjunction with the legacy \nnetwork protocol.\n    Similarly, many software applications today accommodate \nIPv6. Not all IT managers are aware of the potential of a grave \nsecurity threat to their systems by allowing unauthorized \nparties access to software using ``ghost'' IPv6 addresses \nunrecognized by their systems because they are buried within \nIPv4 addressed packets. Or, if they are aware of the threat, \nthey do not have the budgets and other resources to address the \nproblem.\n    Even as government agencies and the private sector \ntransition, as they must, from the legacy platform to IPv6, \nthey must be vigilant in adapting firewalls and other equipment \nand software to prevent unauthorized parties from using IPv6 \ncapabilities accessed covertly over existing IPv4 networks.\n    Mr. Chairman, I thank you again for the opportunity to \naddress this committee about these critical issues of \ntechnological development and implementation, and for your \nleadership in identifying and making the public aware of these \nimportant matters. Verio stands ready to continue to assist the \ncommittee further in any way we can.\n    [The prepared statement of Mr. Barber follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.063\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.064\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.065\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.066\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.067\n    \n    Chairman Tom Davis. Thank you very much.\n    Mr. Lightman.\n\n                   STATEMENT OF ALEX LIGHTMAN\n\n    Mr. Lightman. Thank you for allowing me to share my \nobservations on the possibilities, opportunities and challenges \npresented to the U.S. Federal Government by the looming and \ninevitable transition to Internet protocol version 6.\n    As the name of this hearing, ``To Lead or Follow,'' \nimplies, this is an urgent time for Internet leadership. The \nFederal Government invested the first $50 million in the first \nInternet, and as a result, the United States led the world in \nthat technology.\n    The United States has 50 percent of the Internet service \nbusiness, and the Internet has impacted thousands of \nindustries, creating an estimated $500 billion a year in extra \nFederal revenues, and adding over $1 trillion in wealth via \ncompanies like Google, Yahoo!, Amazon, eBay, and hundreds of \nother public companies.\n    Similarly, the new Internet has the potential to create 10 \nmillion new American jobs and trillions of dollars in revenue \nfor the United States, but leadership is slipping away to other \ncountries, and it will soon be difficult, if not impossible, to \nrecover. One company, Japan's NTT, has more IPv6 customers than \nall American companies combined. In fact, over 99 percent of \nIPv6 traffic is occurring outside of the United States. In the \nfirst Internet, we had 99 percent of all Internet traffic in \nthe early stages. To answer your question from earlier, we are \nway, way, way behind the eight ball.\n    Japan, China, Korea, and Europe have invested over $800 \nmillion in the new Internet compared to about $8 million for \nthe U.S. Federal Government, and are now changing the new \nInternet to reflect their political priorities, which are very, \nvery different from America's political priorities, and even \nAmerican laws.\n    I got a 300 page document from a friend of mine in Spain \nwhere they are basically trying to make IPv6 anonymous so that \nyou can't see who is using it and doing what. In China, they \nhave 70,000 people, 50,000 now and 20,000 about to be hired \nwhose whole job is to scour the Internet finding people doing \nthings they don't like and then grabbing them. These are two \nopposite extremes from the way America would like to do it. We \nwould like to have peaceful, non-terrorist uses of the Internet \nbe private but we want to be able to reach out and protect the \ncountry when we have to.\n    With Federal leadership in the new Internet, the U.S. \nFederal Government will create a service export boom, with \nmillions of innovative new jobs, increased competitiveness for \nhundreds of industries, and thousands of new startups, \npotentially creating a booming economy. American leadership in \nthe new Internet will also add thousands of new products vital \nto our military and homeland defense, better security, and \nunderpin sustainable technological leadership for the United \nStates.\n    The promise of the products and services enabled by the new \nInternet is huge, an affordable way to show high quality \ntelevision over the Internet, a possible way to deal with spam \nand attacks on networks, and hundreds of applications to make \nAmerican lives easier and safer.\n    Over $9 trillion of America's nearly $13 trillion economy \nrelates to services, subscriptions, and transactions, and we \nkind of take it for granted people can't come in and grab those \naway from us. IPv6 will help keep the trust and keep hundreds \nof millions of customers loyal to American companies. If we \ndon't show leadership in the new Internet, we get a loss of \nmillions of jobs and market shares across thousands of \ncompanies.\n    This is my big concern. A loss of public trust and \nreputations in transactions over U.S. networks using the \nexisting, highly vulnerable IPv4 protocol, coupled with an \nincrease in trust of IPv6 networks in Japan, Korea, China, and \nthe 25 nations of the European Union, could have a devastating \nimpact on America's service economy. Internet Service \nProviders, telecommunications giants, banks, brokers and even \nour defense contractors will lose business.\n    Where the U.S. Government showed leadership, as we did with \nthe post office, the interstate highway system, airplanes, \nlasers, radar, computer chips, and satellites, none of which \nwould have happened if we had left it to the market, we are \nworld leaders even decades later.\n    Where our Government did not show leadership, where there \nwasn't a Congressman Davis to hold hearings and get involved \nwith it, including color televisions, big screens and high \ndefinition television, digital cameras, and DVDs, America plays \nalmost no role in these and related areas, except as a consumer \nand our trade deficits reflect that, almost $700 billion this \nyear, importers of food, importers of goods. God help us if we \nbecome importers of services, subscriptions and transactions. \nWe are a follower, not a leader, in these fields. If we do not \nshow leadership in the new Internet, this same thing will \nhappen to us, but on a much broader basis, it will be in \neverything the new Internet touches, which is almost \neverything.\n    Mr. Chairman, the opportunity exists for the American \nGovernment to show leadership in the new Internet, to make a \nreal difference for our national security and our industries \nand workers. By supporting the transition of the Government \nagencies to the new Internet standard, as the Defense \nDepartment has already started to do, we will not only support \na more efficient and effective government, that is, help \nfacilitate fundamental government reform, but will send a \nsignal to the world that America is still a technology leader \nin the 21st century. And for anything as important as a new \nInternet standard, it will not be left behind, but will march \nin front, and our Coalition Partner governments will join with \nus and rally to our standards banner. I confirmed this at the \nCoalition Summit which you honored us by being the opening \nkeynote speaker.\n    Mr. Chairman, there are many specific actions that your \ncommittee could take to support the promotion of the new \nInternet in our Government, and to support the government \nreform that will be possible when all of government talks with \nthe same technical language, so to speak, with this new \nstandard. Here are three: one, mandate IPv6 for the entire \nFederal Government by 2010; two, choose a leader who has the \nauthority, responsibility, and accountability as well as the \ncreativity, passion, and integrity, to galvanize thousands of \nother leaders to get excited and committed to making the \ntransition to IPv6 on schedule.\n    I point to the case of the Coalition Summit where 30 \ndifferent Coalition partners, people who fight and die beside \nus in Iraq, said who is your IPv6 leader. We have our person in \nSweden, the same person who managed the transition for the \ngovernment from IPv4. Japan has their leader who reports \ndirectly to the Prime Minister in monthly meetings about this. \nChina has its leader, Korea has its leader. Everyone has a \nleader but us.\n    Finally, enable this leader to create a Federal IPv6 \nTransition Office to serve as the central engine for the \nFederal IPv6 transition, overseeing a budget which I put this \nnumber out there 6 months ago and nobody has even taken a shot \nat it, of $10 billion, with the budget of FITO itself of about \n$50 million a year.\n    This office will assist in managing the complexity of an \nInternet transition, something we did before, in the early \neighties when the Internet was only one-millionth as large as \nit is today. It is worth pointing out there was a protocol \nbefore IPv4 called NCP. Ten years after TCIP was introduced, \nthe Federal Government said, we are going to get rid of this \nless useful protocol and we shut it off for 1 day. People \nhowled and we shut it off for 2 days. Then we shut it off \nentirely.\n    Because of this hearing and what is set in motion, there \nwill come a point at which we realize there is no sense having \nIPv4 and we will shut it off like we shut off NCP. Let us have \nAmerica be the ones to determine when that shut off is rather \nthan other countries that might stop routing our packets.\n    If I had to summarize what the Federal Government should \nknow about IPv6 it would be: the transition to IPv6 has costs \nand benefits. The benefits far outweigh the costs. Failure to \ntransition to IPv6 for the whole economy by 2012 will cause a \nloss of Federal revenues that is roughly comparable to a tax \ncut, with these funds flowing to Europe and Asia rather than to \nAmerican taxpayers.\n    Thank you, Mr. Chairman and members of this committee, for \nyour time and attention, and for the proud leadership role in \ntechnology and innovation for America that you represent.\n    [The prepared statement of Mr. Lightman follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T2510.068\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.069\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.070\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.071\n    \n    [GRAPHIC] [TIFF OMITTED] T2510.072\n    \n    Chairman Tom Davis. Thank you very much.\n    I want to thank all of you. Internet and related areas is \none of the few areas where we are generating a trade surplus.\n    From almost unanimous testimony, it appears if nothing \nelse, the transition to IPv6 is going to give more innovation, \nthat is where the innovation is coming from. What are they \nrolling out in Japan right now in products from using IPv6 that \nwe don't see over here? Does anybody have an answer to that?\n    Mr. Lightman. What they found is that first of all with \nbuilding controls, they have loan way and other companies which \nthey found they can save 29 percent of building operating \ncosts, enough to pay for an entire building within 20 years by \nhaving each room have up to 250 controls all managed \nautomatically by IPv6.\n    They installed voice over IPv6 in college dorm rooms and \nwere giving students free calls all over the country. They have \nhad over 800 taxicabs in Goya, Japan using IPv6 to decide where \ntaxis should go to more efficiently pick up people. So it is \ninvolved in services, it is in cars, it is in elevators, it is \nin trains and there are 370 companies doing projects on IPv6. \nAll I am talking about is the academic projects of two \nuniversities.\n    Chairman Tom Davis. Does anyone else want to add to that?\n    Mr. Khaki. I would characterize the Japanese deployment to \nbe in its early stages and the examples that Mr. Lightman gave \nare accurate. I think what is impressive is the investments \nthey are making for the long term infrastructure for their \ncountry in partnership with telecommunications operators.\n    As I commented earlier, they are building the next \ngeneration communications infrastructure. They will deliver \nsecurity services for IT as well as content services for the \nhome. It is a longer term investment that I think is more \nimpressive than what we are seeing in terms of early adoptions. \nAlmost every company in Japan that creates consumer electronics \ndevices or network infrastructure has a strong IPv6 plan and \nthose products may position Japanese industry in much more \ncompetitive position than they would have been with IPv4.\n    Chairman Tom Davis. Mr. Barber.\n    Mr. Barber. There are also a number of groups that are \nformed in Japan to foster the use of IPv6 in non-traditional \ndevices as I mentioned in my testimony, non-PC communications. \nThose range not only from things like cell phones which already \nhave Internet today in many parts of the United States, but to \nmore atypical devices like you mentioned in your opening \ncomments, refrigerators, security systems in the home.\n    There was a discussion about taxicabs that was mentioned \nearlier but they are also using it to provide real time \ninformation in the car so when you are driving from point to \npoint, you can pick up information on the current traffic \npatterns or perhaps weather in the area you are about to enter, \nthings like that. The capabilities they are exploring in Japan \nare extensive and they are possible because of IPv6.\n    Chairman Tom Davis. Mr. Lightman talked about the United \nStates would be wise to mandate any transition by a certain \ndate, 2010, and if we didn't do it by 2012, you talked about \nperhaps some fairly serious economic ramifications. How do the \nrest of you feel about that?\n    Mr. Curran.\n    Mr. Curran. I think it is important to have a transition \nplan for every Federal agency. This is something that is \nnecessary, a transition is inevitable and the activity of going \nthrough and building the plan to do transition on an agency by \nagency basis is necessary. Just going through and having that \nplan as we have seen the activity that has followed the DOD \ncommitment to a migration plan and a commitment to move to IPv6 \nwill cause industry activity within the United States.\n    I believe a specific date may not be required but the fact \nof having a plan which calls for transition and having that \nplan submitted by a date is a very wise idea.\n    Chairman Tom Davis. Do you think we are behind the eight \nball at this point or do you think we are OK?\n    Mr. Curran. You have to recognize that my view on this is \nsomewhat skewed because of my experience with the Internet over \nthe last 15 years in the addressing field. I believe that it is \nnot a question of whether or not we have to move quickly to \ncatch up. Earlier you asked the members from Government whether \nor not it was important for the Government, for example, to go \nget its own block of IPv6 address space. That is not necessary. \nThe address space will be there. IPv6 provides an ample address \nspace so it will be there when agencies go to get it.\n    I think the more important question is that it is important \nto raise the awareness of IPv6 within the United States, it is \nimportant to get all of the people involved in technology, \nmanufacture, the vendors to produce IPv6 capable products and \nnot just know it is a switch they have to turn on but someone \nis going to actually turn that switch and use it.\n    The act of the DOD committing to version 6 caused to work \nout interoperability problems that would not have otherwise \nbeen found. The commitment of agencies to do the same will \ncause the U.S. industry to catch up on version 6.\n    Chairman Tom Davis. Does everyone who requests a block of \naddresses receive it?\n    Mr. Curran. The regional registries all have allocation \npolicies that they follow for issuing those address blocks. \nThese are set on a region by region basis. The challenge is if \nyou meet the guidelines, you get your address space. There are \napplications in every region of the globe that don't meet that \nregion's addressing policy and get turned down.\n    Chairman Tom Davis. Is that a business case you have to \nmake to get that address?\n    Mr. Curran. It is simply showing that you have valid uses \nfor the address space. One of the challenges we face as the \nstewards of the address space is ensuring that people indeed \nhave equipment to use the addresses on. We don't want a \nhoarding situation.\n    Chairman Tom Davis. That is the next question. If I'm a \nlarge consumer products manufacturer and I would put IPv4 in \nevery product I make, say $20-40 million, can I get that block?\n    Mr. Curran. That question actually came up a number of \ntimes 2 and 3 years ago. We were approached, for example, by \nthe cellular industry. The cellular industry was directed that \nwide scale deployment of devices with embedded addresses should \nlook in the direction of version 6.\n    We are trying to make sure that the future is looking to \nversion 6 particularly for these embedded applications.\n    Chairman Tom Davis. Mr. Higgins.\n    Mr. Higgins. Thank you, Mr. Chairman, for your leadership \non this very important issue.\n    The United States represents about 5 percent of the world's \npopulation and about 50 percent of its economic strength, and \nabout 40 percent of its technological output. The U.S. \nleadership position is eroding as evidenced by the pervasive \nand growing trade deficit which is about $600 billion today, \nmeaning that Americans who used to make things and sell them to \nthe rest of the world are now a consumer nation. We consume \nabout 6 percent more than we produce. This indicates there are \neconomic troubles currently and on the horizon. It is a much \ndifferent world than we dealt with ever before.\n    Tom Friedman, the New York Times columnist and author just \nwrote a book called, ``The World is Flat'' and in it he argues \nthat the old vertical model, the old economic model of knowing \nwho is on top and knowing who is on the bottom is gone, the \nworld is flat, it is horizontal. Knowing who is up, who is down \nand who is emerging is much more difficult.\n    He argues that this is a consequence of the convergence of \ninformation technology which now makes the tools of innovation \nand collaboration available to all. Depending on the motivation \nthat you bring to these tools, positive or negative outcomes \nare determined.\n    The one interesting parallel he outlines in his book in the \nfinal chapter in particular is, he says in February 1999 two \nairlines were started. One was started by a bright American \nentrepreneur by the name of David Kneitelman of Salt Lake City, \nUT. He financed through American banks the purchase of a whole \nnew fleet of jets. He outsourced the pilot training to a flight \nschool throughout the United States and he outsourced the \nreservation system to retirees and housewives in Salt Lake \nCity. When you call Jet Blue, which is his airline, and make \nyour reservation, you are talking to someone who is in their \nliving room in Salt Lake City. He built in Jet Blue one of the \nmost successful and financially strong airlines in the entire \nworld.\n    The other airline was started in Afghanistan by Osama Bin \nLaden. He financed a purchase of jets through various \nfinanciers in the Middle East; he outsourced the pilot training \nto a flight school in Miami; and outsourced the training or \nplanning to Ali Sheik Muhammed.\n    Both airlines were designed to fly into New York City, Jet \nBlue into LaGuardia and JFK and of course Al Queda into lower \nManhattan.\n    The thesis of his book is a very urgent reminder of what \nAmericans have to do in order to not only regain their economic \nsuperiority but to also stay competitive in the world so as to \nensure that our national security is strong and secure as well. \nI don't know if you have read the book or read his column, I am \ncurious as to what the panelists think about the thesis that \nFriedman outlines.\n    Mr. Lightman. I read the book and I think he missed trust \nin a big way. Recently there was a story publicized all across \nEngland. I spent the last 2 weeks in England raising money for \nan IPv6 fund. People said, oh, the Indians let out the bank \ndata; well, I am never going to outsource anything to them \nagain. So with all the stories of all the people doing things, \nif people can't trust your networks, and all it takes is one \nrelease of critical data, then it can cause devastation. \nMillions of Indians will lose their jobs or will not gain them \nbecause of the loss of trust.\n    As far as outsourcing, if China succeeds in putting in its \nown IP Sec and its own complete transparency and can track \nevery person and everything they are doing, and you are a \ngovernment that is a dictatorship, say you are one of the 100 \ncountries in the world that doesn't have a democratically \nelected government, whose Internet are you going to buy? Are \nyou going to buy it from China which has said look, we have \nproven we can take care of our dissidents or are you going to \nbuy the American one which is designed that way? There are a \nthousand political decisions to be made and the problem for \nIPv6 that there has been no elected official, somebody who \nbasically has the legitimacy as an elected official to do this.\n    What makes the transitions in Korea and Japan so powerful \nis that the people in charge of them are elected officials and \nthey are unique in the world. That is why these hearings are so \nimportant. Outsourcing will ground to a halt if people can't \nbelieve they will be treated as honestly in India or China or \nanywhere else as they would be treated at home. If we lose that \ntrust, it is worth trillions of dollars a year in our GDP.\n    I want to mention one other thing. We have been a Net high \ntech importer for the last 2 years according to Business Week, \nso we are not an exporter, we are an importer of high \ntechnology. This year we have become an importer of food. What \nis left is services, subscriptions, transactions and media. \nThat is it. IPv6 touches all of them right at the very guts.\n    Chairman Tom Davis. We talked about mandating a transition \nby a certain date. Mr. Curran, you answered. I didn't to Mr. \nKhaki and Mr. Barber. I would also ask should the United States \nfund those transition efforts like other nations have done?\n    Mr. Khaki. Our viewpoint is that the natural market forces \nwould be the right kind of forces to work out the transition \nissues. There has to be careful thinking of the business case \nand the scenario planning along with all the transitional \nissues. So we strongly believe that the market forces will \neventually lead the transition of things.\n    There is a role the Government has to play in terms of \nencouragement which I alluded to earlier in my testimony with \nregards to supporting the research and education sectors \nthrough procurement policies of the Government. I think those \ncan be a good catalyst. So we believe the transition will take \nplace left to the market forces.\n    Chairman Tom Davis. Mr. Lightman has argued for elected \nofficials in government to take a lead.\n    Mr. Lightman. I explained it in an article I wrote recently \nwhich I will send you a copy, which says ``Twenty Myths and \nTruths about the IPv6 transition.'' I leave two points to let \nthe market decide. The Department of Commerce went out and got \nrequests for comment which said let the market handle it and \nthey are so embarrassed about it that they won't release the \nreport because the position is insupportable.\n    I will give you three examples. One, there is one man who \nis the primary examiner in the U.S. Patent and Trademark Office \nwho has 150,000 patent applications as of a month ago. It is \nprobably 160,000 today where people and companies like \nMicrosoft, like AT&T, like many people are trying to say, I \nhave a patent, I want exclusive use on that so no one else can \nuse it without my permission for 20 years.\n    The reason the Internet works at all is because the Federal \nGovernment paid for it, didn't try to get a patent and gave it \nto the world. How well do we think it is going to work if we \nleave it to the market but leave it to 10,000 different \npatents, say you use this security protocol for this kind of \npacket, so therefore you are infringing on my patent. It is not \ngoing to work.\n    Chairman Tom Davis. I didn't want to start an argument, but \nI hear you.\n    Mr. Barber. I believe that the transition needs to have two \ncomponents to it in the United States. The Government needs to \ntransition its own operations to support its own mission. So if \nthe Department of Defense believes they need IPv6 by such and \nsuch a date, they should absolutely do that by whatever date \nthat is that meets their mission objectives.\n    The fact there are many agencies that don't have their \nplanning far enough along to even project dates is of concern. \nSo it is my belief that they should all establish some very \nfirm transition plans that include some sort of a date by which \nthey will at least have their transition far enough along to \nhave IPv6 operational in their networks.\n    Notice I didn't talk about turn off IPv4, I only talked \nabout turning on IPv6. When you turn off IPv4, I think is a \ndifferent question and has a different set of characteristics \nassociated with that and that will be driven by really \nattrition, in my opinion. When do you turn IPv4 off should be \nan attrition driven question, not one driven by some sort of \ndeadline.\n    From a market perspective, I agree there should also be \nmarket forces at work that encourage industry to deploy IPv6 as \nit is to their advantage. Certainly the Government will \ninfluence that by having each agency have a mission specific \ntransition plan but I don't think we need to have some big date \nout there in the future where everyone has to be on version 6 \neverywhere in every office in the United States.\n    Chairman Tom Davis. Mr. Khaki, how are you using IPv6 in \nyour products and services?\n    Mr. Khaki. We are a Windows operating system platform \nprovider. It was very important for us to provide platforms \nthat would enable software innovation for scenarios that are \nyet to be imagined. We have had a strong commitment in IPv6. We \ninclude IPv6 support in the Windows XP operating system. Our \nprimary focus was to enable developers to develop new kinds of \nscenarios and those operating systems are being used worldwide \ntoday.\n    For your information, we have a global IPv6 network that \nintegrates all our development centers spread across the world. \nWe are using the transition technologies that I mentioned \nearlier in achieving this connectivity. The biggest \napplications we see are the ones that require pervasive \ncollaborative communications because today's limitations of \nadded space prevent data being transmitted and created undue \nburden on the network.\n    I would like to respond to a point made earlier on \nintellectual property. The 30 years of leadership the U.S. \nGovernment has shown in IPv4 was important to the academic work \nthat was done. There is a similar role the Government has to \nplay to make sure that academic research continues so that we \nhave good prior art, that we remain competitive, that we do \nencourage industry to innovate. There are incentives, \ncommercial incentives, tax incentives, government matched \nfunding to enable these commercial forces to work.\n    I think the biggest thing we will see is the Government \nprocurement itself be a key driver. As I have been active in \nthe IPv6 efforts since 2001 visiting Japan and China and other \nplaces, clearly the announcement by the Department of Defense \nin 2003 was a major event that actually made a lot of companies \nin the United States more aware and brought more urgency to the \nissue.\n    Chairman Tom Davis. What fields do you think will most \ndirectly benefit from the exploitation of IPv6?\n    Mr. Khaki. If I can give you an example, you can think of \nthe IPv4 address limitation today in some ways similar to the \nmemory limitations in the early days of the PC. In the early \ndays of the PC, there was a 640K memory limit. A lot of \ndeveloper creativity, a lot of IT creativity enabling new \ncapability was being used to overcome the limitation that was \nthere using things like LEM M, EMM and High MEM. The IPv4 \naddress space limitation is similar to that limitation that was \nthere.\n    A lot of energy is being spent in drawing on new \ncapability, IT departments and developers are working around \nlimitations, so we are not really moving ahead, we are kind of \nmaking what we have work slowly. That would be a key benefit. \nAnother important one is security. IP SEC is an important \naddition to the IPv6 protocol, it is better integrated. Those \ncapabilities will help us build a much more secure \ncommunications infrastructure.\n    Besides IP SEC there is also other lower layer technologies \nthat are in IPv6 that help IPv6 networks to be more secure than \nIPv4. It is important that we look at that. Things like \nwireless networks, LANS were not really around when the \noriginal IPv4 was invented. So there are limitations on those \nprotocols and IPv6 addresses that.\n    Chairman Tom Davis. Let me ask this to each of you. Mr. \nCurran made his comment. Do you think there is no short term \nshortage of IP addresses in the United States?\n    Mr. Lightman. As Mr. Curran admitted, they don't give them \nto you if they don't feel they like your business plan, so it \nis not a market based decision. For instance, if I wanted to \nhave 50 million addresses, say I work for General Motors, I am \nconsultant and I want to get a block of addresses, they can \nsay, well, we don't really like the idea of IPv4 addresses in \ncars, so here is the basic point. If you don't give away the \naddresses, you never have a problem with them.\n    In any case, you can always come back and blame the United \nStates for hoarding them because the U.S. DOD has a very large \nblock and we could give it back, then there would be no \nshortage. It is not a commercial thing, it is not a market \nbased solution. On the one hand, people say, leave it to the \nmarket but on the other hand, the market is not working in the \nway addresses are allocated today.\n    Chairman Tom Davis. Anyone else?\n    Mr. Barber. I think for the future of the Internet \napplication, for ubiquitous connectivity to everything, we will \nrun into a limitation at some point. If we make the investment \nin trying to make this work for IPv4, we are investing in a lot \nof patchwork to get the same kind of innovation that we would \nhave with IPv6 because of its native architectural features. I \nbelieve the innovation future as someone in the previous panel \nsaid from OMB, the innovation future is with IPv6, not with \nIPv4, regardless of the number of addresses available.\n    Mr. Khaki. The way I feel about the current situation is we \nare making do with the limitations we have and in the process, \nwe are slowing things down. The IPv6 address space will relieve \nconcerns that are there and the way I think about this is \nrestoring the hygiene, the end to end computing model on which \nthe Internet was founded. Today the hygiene of the network is \nnot there because you end up with these devices that prevent \ncommunications taking place end to end and a lot of breakage is \nan extra cost.\n    Chairman Tom Davis. Do you think the United States has the \nnecessary infrastructure, wireless and broadband, to exploit \nany of the key features of IPv6 on a national level today?\n    Mr. Khaki. I believe we have a good infrastructure in this \ncountry and more is being done each day. I think the work the \nGovernment did with regards to unregulated wireless spectrum \nwas excellent. It actually has helped us deploy new \ncapabilities with YFI. I think those are great things. There is \na lot of movement in the industry around wireless technologies. \nThat is healthy. Broadband deployment is increasing by the day. \nSo those are good things.\n    I do believe that the existing version 4 Internet \ninfrastructure is suitable also for migrating us to version 6. \nThe way we think about this is to separate out the \ninfrastructure migration and the application migration because \noftentimes they can be thought of as a chicken and egg. Is it \nthe chicken or the egg? By using appropriate transition \ntechnologies and using appropriate conversion tools, you can \nmigrate either the infrastructure or the application.\n    Chairman Tom Davis. Anyone else?\n    Mr. Curran. I would like to respond to something said \nearlier.\n    To the extent an organization doesn't get an IP address \nspace, it is because the ISPs in that region have formed \npolicies and those policies for that region simply state these \nare the valid purposes for assigning them. There is no question \nor judgment of business plan. If a business in the Far East got \nturned down for address space, it is because the ISPs that make \nup that region came up with allocation policies to balance \navailability and stewardship. So there isn't per se a shortage, \nwe are simply enforcing the policies that the Internet \nproviders worldwide have adopted.\n    Chairman Tom Davis. But you would agree that there comes a \ntime when you do end up with a shortage?\n    Mr. Curran. Absolutely. In fact, as we go forward, it only \nmakes sense to make sure the policies for allocation of address \nspace get increasingly frugal to ensure that people know yes, \nyou need to balance the business case between transition versus \ngoing forward on version 4.\n    Chairman Tom Davis. I get it.\n    Mr. Lightman. I would like to make one comment on \ninfrastructure. The Soviet Union is still alive and well, \nliving in American networks. There was a Russian invention \nwhich was made for people living in apartment buildings where \nthey had one phone number for the apartment building and a \nphone on all ten of the floors where it would ring on every \nfloor. The person living with that system made up something \ncalled NAT, Network Address Translation, so people say, you \nhave Network Address Translation, good Russian technology and \nit enables you to take one IP address and have 100 different \npeople use it or even go to 100 NATs and go on and on and on. \nSo you can have a NAT behind a NAT.\n    Basically if you buy into that flawed argument, you don't \nneed any IP addresses but the refutation to that is the \ntelephone that you have. You have a number and you can see what \nit is. That is end to end. It is not going to an operator. The \nwhole invention of the switch was because the guy who had a \nfuneral home thought he was missing calls from the operator who \nwas switching his calls.\n    Why are we stuck with this Soviet technology in America's \nnetworks instead of having end to end and having everyone be \nidentified? I would love to know that everybody who went into \nthe Internet was part of what Microsoft brilliantly calls a \ntrusted bubble. I want for the U.S. Federal Government and all \nof its commercial providers of services to be inside the \ntrusted bubble and leave the people who don't watch their \nhackers and want anonymity to be in the untrusted bubble.\n    Chairman Tom Davis. Plus, the rest of the world is \ninnovating off an IPv6 model. They are getting new products off \nthat and we are still sitting here with the Russian telephone. \nIs that your point?\n    Mr. Lightman. Yes. Also, it is important to say IPv6 is \nonly about 20 percent finished. There are hundreds of what are \ncalled RFCs which still have to be decided on and the U.S. \nGovernment has made no more than five comments in the last \ndecade of what it wants and doesn't want. We have checked out \nand gone brain dead about participating in those standards \nefforts.\n    There was one in particular the gentleman before mentioned \nwhich is the sensor nets for doing nuclear hazardous materials. \nThat is what they are discussing right now, how do you do ultra \nlow power, ultra low bandwidth sensors because you don't want \nto put a lot of power into billions of sensors. There is no \ngovernment participation. There is not even any government \ncontractor. We have just abandoned this which leaves it other \ngovernments to go and monkey with it.\n    Chairman Tom Davis. Thank you all very much. This has been \na great hearing. I think other committees will be looking at \nthis as well but we have the responsibility for \nintragovernment, within the Government itself as we move \nforward. This has been very, very helpful.\n    Thank you very much and the hearing is adjourned.\n    [Whereupon, at 12:40 p.m., the committee was adjourned.]\n    [The prepared statements of Hon. Jon C. Porter and Elijah \nE. Cummings and additional information submitted for the \nhearing record follow:]\n\n[GRAPHIC] [TIFF OMITTED] T2510.076\n\n[GRAPHIC] [TIFF OMITTED] T2510.073\n\n[GRAPHIC] [TIFF OMITTED] T2510.074\n\n[GRAPHIC] [TIFF OMITTED] T2510.075\n\n[GRAPHIC] [TIFF OMITTED] T2510.077\n\n[GRAPHIC] [TIFF OMITTED] T2510.078\n\n                                 <all>\n\x1a\n</pre></body></html>\n"