Updated 13 Jun 2003

Image of Pentagon oval  

Presenter: John Stenbit, ASD (Networks and Information Integration)
Friday, June 13, 2003 - 11:00 a.m. EDT

Briefing on New Defense Department Internet Protocol

(Briefing on DoD's adoption of the next-generation Internet protocol. Also participating was Bryan Whitman, deputy assistant secretary of defense for public affairs (media operations). )

Whitman: Same faces! Thank you for joining us for our second briefing of the morning.

I'd like to kind of reintroduce to you Mr. John Stenbit. He's the department's chief information officer. Many of you probably remember him as the ASD C3I. His title has recently changed a little bit when he became the assistant secretary of Defense for Networks and Information Integration. He continues to transform DoD's command and control systems, but this change reflects the creation of the new position, undersecretary of Defense for Intelligence.

The purpose of today's briefing is to inform you about DoD's adoption of the next-generation Internet protocols and the implication that it has for war fighting, as well as for business managers.

So with that, let's go ahead and get started. Mr. Stenbit?

Stenbit: All right. Thanks. Hi. Good to see you.

I thought this was a significant enough issue that we should chat about it and put it in context, so that you have an understanding of what we were doing.

You've heard many of us at this podium, well beyond myself, talk about the transformation from -- of the department towards a network- centric activity, and that means different things to different people. But from my point of view, there's been a lot of activity about programs, and we've talked about a lot of them recently -- lasers in space and the Global Information Grid Bandwidth Expansion program, which we actually had a milestone meeting on yesterday, although Bloomberg, I think, twisted my words when they put it in their press release. I clearly said we had the meeting, and we have a couple of things to work out before it's approved. But he leapt to the assumption that they will be worked out. I actually assume the same thing. Just not true today.

But we are now getting to the point we are having milestone decisions about programs. Many of you reported on the FCS, the Future Combat System, Milestone B, which is about a month ago now. The heart and soul of that entire program is network operations, gluing together the entire family of vehicles. And so we're now getting from beyond the point of talking about it and into the point of actually getting programs done.

It's really important that the programs that move forward, and in particular the ones that I was concerned about were, like FCS and the laser communication satellites, which is also coming up on a milestone here later this year -- that they were able to face a certain world about what the crucial issues of the network were that they were going to have to interface with, as opposed to an uncertain world of what it was that actually was going to be the heart and soul of the DoD network.

Now, the Internet has been around for a long time. It currently operates on what is called Internet Version 4. There are lots of issues that have come up with Internet Version 4 in the past; there are lots of commercial fixes to fix some of these kinds of problems. The three major ones, one of which is not of particular import to the DoD, but is to the Europeans, and that's the number of addresses you can actually access. So here we have just a simple problem of how many bits are in the address field.

There are a couple that are much more interesting to the DoD. One is some changes enable us to do a better job of end-to-end security. Another, which is important both commercially -- actually, I shouldn't say that that's not important commercially, but it's certainly important to us. Another which is important to all of us is what's called quality of service. And I don't want to belabor it, but today, if you send a packet on the Internet, nobody's guaranteeing you that it's going to get to the other end. And if ever you have watched a video conference on an Internet channel, or even spoken on a voice over IP phone, you know that that guarantee won't be given very shortly because every so often those packets drop out and it jumps or the voice sounds a little funny.

Part of the workarounds with respect to Internet 4, that are going to move into Internet 6, are to improve this. It's called quality of service. It allows somebody to be able to tag some packets that they go with other groups, as opposed to being independent, and then allows some deviation in how those are handled. Those are important parameters for the DoD, very important.

So we believe that the evolution of the Internet Protocol Version 6 debate, which has got far enough along so that people now deliver hardware and software that are compatible with both standards -- the current IP 4 standard and the prospective IP 6 standard -- that we need to make it clear to our programs that are of major development activities, that are going to come online in the 2008, 2009, and 2010 time frame, that they can be certain that the IP 6 standard, as it evolves, is what we're going to be using as a department standard. And that allows us to think about how we would go from end-to-end in the communications system where the GIG bandwidth expansion program may attach to an intelligence center and gather some packets of information, get it through the GIG bandwidth expansion to a terminal that would go to the laser satellite, which would then go down to either a future combat system or somebody else using JTRS radios or other kinds of radios. We -- if we're going to send those packets end-to-end, we have to have a standard that's going to be our standard for all of these systems. Now -- so that's why we did what we did.

Now, let me tell you exactly what we did. We're anticipating moving the department to the use of IP 6 in about 2008. For us to even come close to doing that, we need to start to have people face the reality that we're going to do that and start to buy things now. So, the actual policy, which I believe there's a copy -- Ken, is that correct?

Staff: Yes, sir.

Stenbit: -- that talks about the fact that we're going to insist that acquisitions and programs that move on after the first of the next fiscal year, which is October, will be IP 6-compatible. So, we need to build the inventory of systems that have procured software and hardware on a scale which is actually slower than the replication that happens in the commercial world -- they usually sort of roll over all of this stuff every two years or so. We tend to be a little bit slower than that. So, we're trying to give ourselves five years to go through what is, in effect, an obsolescence criteria here.

In the meantime, we're going to select several large portions of the DoD establishment to switch over to IP 6 earlier, so we can get a good handle on what actually occurs. But we will pick subsets that are large enough to be interesting, but controlled enough that we can actually control the input so that we have a valid experiment. And while we have some ideas about what those are, there's a process going on where we're going to decide that. But I would anticipate we're going to have a major part of the DoD move to IP 6 in 2005. We will look at what happens. We will pick another one in 2006 and we'll pick another one in 2007. And it will be the results of those three experiments that will set the criteria about whether we actually pull the switch in 2008.

I guess I need to only say one thing: Whenever you do this, somebody's not going to have moved. So, we've got to start the problem of how do we interface with those that haven't moved, whether they're ours or people out on the Internet. But you've got to start that process sometime. And once again, I'd rather that the future system start with the idea it's IP 6 and start worrying about how they look backwards, as opposed to sort of delaying that decision as long as they can.

So, that's the purpose of the issue. I think it's an important validation of the work that's gone on, absolutely, outside the Defense Department, although we have participated in the forums; but that the Internet community is moving forward; they've recognized these problems -- those are the kind of problems we have. We're comfortable that they're moving toward solutions, however they come out, that we'll adapt our systems to.

So that's basically what I wanted to talk about. And if any of you have any questions, I'd be happy to take them.

Q: Can you explain what this means in terms of the commercial spin-offs and how individual computer-users might benefit from this DoD move to promote --

Stenbit: We're actually -- we're actually taking advantage of the commercial movement that's going on. The commercial industry has its own transition difficulties. There are people who have vested interest in staying in the past because that's how they made their money, building this little patch on IP 4 that makes something go away and makes people happier in their service. There are other people who would like to get this stuff all into a standard.

I think the real pressure here on the commercial side, at least as I understand it -- and this is not -- I don't go out and -- this is not how I spend my life -- the Europeans really need more addresses. So I think the actual push to move from IP 4 to IP 6 will not be driven by us. Our announcement today, and our execution on this policy will move it along because we are a large buyer of Internet-compatible devices and communications. But I think it's the commercial people that will actually cause this trigger to be pulled, and we're assuming that will happen in a time scale which is consistent with what I have just been describing.

Q: And what kind of devices -- can you give us, in simple language, a rundown of the impact that this would have on the sorts of devices, both that DoD buys and that industry and consumers buy? Will they need new --

Stenbit: Fundamentally, devices that either attach to the networks, or are the networks -- so routers. If you have a PDA, a Palm Pilot that you can now pull down the Internet or e-mail, that uses IP 4 to do that communication. Software which is written that uses the Internet in an effective way of sharing data and applications different from having it all in the same machine, uses assumptions about the Internet Protocol about where to go pick the bits in order to do their job.

So this is actually a pretty intrusive change. But as I say, it's not driven by the DoD's use. It is, in fact, driven by commercial uses. And we have basically made the choice that we're going to -- we're comfortable enough with the progress that's been made in the commercial world that we're going to stick with that, however it evolves, because it will change over time, but we're going to change with it because our suppliers are going to change with it to meet that standard.

Q: And what happened to IP 5? You're going from 4 to 6.

Stenbit: Don't ask me. You have to ask some Internet person. I don't know.

Q: But is there such a thing --

Stenbit: Probably. Could be. I have no idea. I assume they are logical people, and I assume there was one and they decided that wasn't the way to go.

Q: How defined is this standard? Is there a world body that defines it somewhere? And if so, who is on it? And does DoD play a role? How does this work?

Stenbit: Once again, you'd be better served by asking some of the commercial people. But basically, the Internet is uncontrolled.

Q: Right.

Stenbit: There is a group, which is an ad hoc group. And Marilyn, do you know the name of it?

Staff: Internet Engineering Task Force.

Stenbit: Thank you very much. Internet Engineering Task Force. But basically, it's people that get together and discuss how the Internet is going, what the problems are, and where we should go. And it is a self-governing institution. But what happened in the past is that that particular body has been sufficiently effective at coming to convergence that people like Cisco or Microsoft or IBM or somebody starts embodying those things into their products. And that's what really happens, because it's sort of a two-way issue. They talk about it for a while, and then they say, okay, we're going to go make these changes. Some of them are application overlays. We're now talking about one that's a little bit more fundamental, so it's got to happen on the equipment that makes the Internet run. It's got to operate on the equipment that connects in a communication sense to the Internet, and it's got to work with the applications that then connect to the Internet to get data.

So this is a bigger deal. It's going to take longer. It's been going on for quite a long time. Today if you go buy most equipment of the Internet-specific variety like Cisco, it's already delivered with Internet 4 and Internet 6 compatibility. So if somebody decided tomorrow to switch the Internet to IP 6, some people would be able to switch; some people wouldn't. What we're trying to do is get our folks in the position that whenever the decision is made on the outside to switch, we're ready. And more importantly, on our own internal systems, which we control a little bit more, we're going to then be prepared -- as I say, we're taking a target date of 2008, so it's not like we're thinking about it tomorrow.

Q: Well, when you say switch, is this -- are these changes incremental, or does somebody sort of at one point in the Internet world at large flip a switch and say, "Okay, now we're on 6"?

Stenbit: I think that's what's going to happen. And then what's going to happen is that there will be businesses that connect from 6s back to IP 4. But the business -- but the future business will then be dominated by moving forward on IP 6 instead of looking backwards to "how I fix IP 4." That's what I'm trying to get us ahead of the power curve on. But you are correct, this is not going to be a magic thing that occurs simultaneously worldwide. It will be an evolution. We'll do the same evolution as everybody else. I already described that we intend to partition our world into at least three subsets that we're going to try first to see how it all goes before we actually commit to going the whole way.

Q: NIPRNET and SIPRNET currently are on version 4?

Stenbit: Absolutely.

Q: And could they be transitioned to 6 before the rest of the mainstream Internet goes to 6?

Stenbit: Not today. Not without doing what we are just talking about.

Q: Theoretically though, they could be one of those three subsystems?

Stenbit: Absolutely, they could be. In fact, one of them is considered -- I'll leave that out. One of them is being considered. But there are others. And I hate to do the list, but let me give you as an example, one that might be considered is NMCI, which is a very large population of users using still, from our point of view, more non-standard applications than we would wish, although we're getting a standardization on the applications. But let's assume we got to our Nirvana, and it was all -- it was standards applications, and it was an integrated system with configuration control and end-to-end security. There's a refresh in that contract coming up in a couple years. Were we to say that refresh gets it all ready to go to IP-6 and use that as one of the ones, that's the kind of experiment that I think might be useful because it's large, it's configuration-managed, and we can sort of isolate its effects from other people's effects. But that's not a statement that it's one of them. Admiral Munns still has a lot of work to do.

Q: Okay, thanks.

Q: Is there any estimate as far as how much this is going to cost and if the services are going to have to start building that into their requirements or acquisitions going forward?

Stenbit: There's two kinds of costs. The one, which is to buy the software that is compatible with both or the hardware that's compatible with both, and that's basically going to slowly but surely become part of the price that the actual vendors put out. And they're still going to compete with each other. So no, I don't think at that level, you're going to see an enormous amount of cost change. Were you to all of a sudden, on one day, decide you had to shift everything from one to the other, and you gave an enormous order to somebody, it's entirely feasible that you might not get the best deal you've ever seen. But that's not our intention. That's why we're giving ourselves five years.

The cost that's real is that if you for awhile run a router that has to work both ways, it's going to go slower. If you have to run a software that works both ways because of some form of transition difficulty, it's going to run slower. So those are costs that are real.

On the other hand -- and I'm not trying to be a Pollyanna about this -- processing speeds these days are going up much faster than whatever we think we can find applications to run. So while I believe that to be real cost, it doesn't keep me awake at night.

Q: Is there anything about this transition that reminds you -- should be or could be compared to the preparations for Y2K? That was the last time that the world geared up for a major transition change, made all these kinds of investments and such. How would you relate this to that sort of a event, in terms of --

Stenbit: This is a lot more voluntary.

Q: (Off mike.)

Stenbit: Well, no, I mean it seriously. I mean, some people looked at some issues, discovered some classic vulnerabilities that said when the date rolls over, some things are going to be strained when it gets to be zeros. Some things are going to be -- I mean, the system I use at home to keep track of my checks went back to 1900. Okay? It has a hard time balancing my checkbook, because it thought it was out of date or whatever.

But in any case, those kinds of issues you knew were going to happen on a given day, and so Y2K was a process of "Okay, let's see how rigorously we can go out and re-grab configuration control and make sure that that doesn't happen to us."

That led to a pretty healthy increase in sales from all the people that -- they decided, "I'm not going to go work that with my old system. Now is the time to go buy the new stuff, which is certified and so forth and so on."

I don't think that's what's going to happen with IP 6. I think you're going to see a curve which has a slope of acceptance, and there will be more and more people doing it. And at some point the lever will switch and the number of people making money doing IP 4-based systems will go down, and the number of people making IP 6 money will go up. And once that starts to happen, it's the economy that causes the speed. But it happens rather quickly.

Q: When do you think that might happen? When's your own best guess?

Stenbit: Well, my best guess is it's going to happen commercially before 2008, or I wouldn't have chosen 2008. But I am fully prepared to -- whenever it happens, we're going to have to start to worry about that. So, I'm comfortable that the policy we just chose is a correct one, which is if we don't start buying this stuff today, we're in trouble whenever it happens. We're not going to do it internally because we have a larger -- a longer time to recapitalize our systems, but we'd like to give them a head start to get ready for it. And so, it's anybody's guess about where that tilt occurs. But when I go ask people about it, the range of estimates is 2006, 2007. I think I heard somebody say 2005.

But we chose 2008 for a different reason. 2008 is a time frame where programs that get started now start to get into the stage where they're actually really building things, as opposed to just developing them. But they have to develop them with an idea of what it is they're going to build. And they're going to start to get deployed towards the end of the decade. And I don't want it to be ambiguous for them what world they're going to live in. And we do have to make some provision that it goes end-to-end, because otherwise, we won't be network-centric.

So, this is the first of many. And I think it's worthy of coming down and getting hot in front of the lights to talk about it.

Q: Could you be a little more specific about the benefits to DoD of moving to IP 6?

Stenbit: Yeah. They're really embodied in the fact of going net-centric, which are real, and we can -- if you want, I would be happy to talk about that, too. But the bottom line is that there are -- as I say, there are three major issues, plus one just common-sense one. The common-sense one is if the commercial world's going to go to IP 6, we're not going to stay on IP 4. That would be silly. I mean, we are a captive of the standards process. There's no question about that. So, that's pragmatic, okay. That wouldn't have me come down to give a speech about it, I think.

The real issues are end-to-end security is done differently in a network-centered world than it is in a communications-of-telephones or in a broadcast -- which is basically what we do today. That's done by encrypting the links -- you sort of know where the link's going from to -- the little less control after it gets to the other end; how many people get documents copied and so forth and so on. But in fact, we have procedures to do all of that end-to-end security. But it's done as if the person who -- it's sort of a document mentality or a telephone mentality, which is the person that started it decides what the classification is, encrypts it at that classification. If the person at the other end doesn't have the crypto that works, they won't get the data; if they do, they will. And then they have control mechanisms about how they store it and so forth and so on.

In a network, you don't know who you're sending to and you don't know from whom you're receiving. So the packet itself has to include the crypto -- the security sufficiently to do the end-to-end encryption because it's not as linear and dramatic as a circuit-based system. So that's the security issue. The quality-of-service issue, I already talked about. Those are the three that I think are the important ones.


Q: You talked about DoD being a major user. Can you give some sense of where DoD stacks up in the world of Internet use?

Stenbit: Our doing this successfully will accelerate, I believe, this particular process a little bit, but the people that want to make their money on IP 6 are probably happy with this and -- at the margin.

Q: How would you measure or quantify DoD's use of Internet services?

Stenbit: We're not -- we are neither a large user of the bandwidth or the number of nodes. And you're talking about the regular Internet when you're doing this. I mean, the real issue is we have intranets, which are interior nets, that operate on exactly -- I mean, we buy Cisco routers that are the same as the Internet providers buy Cisco routers. I'm really talking about what we're going to do on our intranet, some of which today are not nets, they're --

Q: This all really refers to what you're going to do on your intranets.

Stenbit: Yes. But it affects how we interface with the Internet, as well.

All right. If there's no more questions, we'll bring it to a close. Thank you very much.

Q: Thank you.

Q: Do you have any tutorials that you recommend to anybody for sort of brushing up on this basic issue?

Stenbit: Deal with Ken. He'll direct you to things that might be helpful.

Staff: There are any number of IP 6 tutorials available on the Internet.