Inconsistencies in the transition process from presumably obsolete IPv4 to IPv6 leave systems open to attack, particularly in industrial manufacturing. Full transition to remain unfeasible in the foreseeable future.
In a recent interview by a German magazine focused on cybersecurity, US expert James Lyne has drawn the planned transition from IPv4 addresses to the newer IPv6 protocol into question.
Lyne referred to two main security issues plaguing the newer web convention: security staff often being unprepared for IPv6 and older systems being left open to attack. He specifically mentioned the risks this poses for legacy systems, which are often in operation in industrial manufacturing contexts.
This issue touches on one of the most crucial challenges to the internet as a whole. The IPv4 protocol has been scheduled to be phased out since around 2006 when IPv6 became available to replace it. This is because the number of IP addresses under IPv4 is limited to about 4.3 billion, of which only 3.7 or so are available to users. IPv6, in turn, offers a virtually unlimited amount of possible addresses. Beginning with Asia’s APNIC in 2011, Regional Internet Registries (RIRs), organizations that assign the available IP addresses, have started to run out of original IPs.
Despite this, the conversion to the IPv6 protocol has been progressing unexpectedly slowly. “So far, the opportunities of IPv6 have not been able to outweigh its largely uncertain risks to most corporate customers,” says Vincentas Grinius, CEO of Heficed, a provider of IP-focused network infrastructure solutions. “Our infrastructure is fully ready to run IPv6-based systems, too, of course, but IPv4 remains consistently relevant.”
The risks Lyne identified emerge in two main areas: on the one hand, security technology is often not yet ready for the switch. Efforts have been ongoing, but many systems providers have yet to make their security software workable under the new standard. Even industry greats such as Google have so far been somewhat ignoring support for IPv6 in their most popular applications.
“On the other hand, security industry professionals are often not yet ready either – IPv6 includes many new concepts that require extensive training for security personnel to be effective. So far, IPv6 has often been introduced in an offhanded manner, resulting in cases where system administrators were unaware of the protocol being used in their systems until a potential security breach had already occurred,” comments Grinius.
Meanwhile, far from being a finite resource, IPv4s are still readily available, albeit on the second-hand market. Here, companies like the Heficed market, manage and maintain existing IPv4 addresses to provide dedicated solutions to their customers, who are often dependent on the continued availability of IPv4, despite the availability of IPv6.
This is because, as Lyne pointed out in the recent interview, there are several systems that are simply not ready for the switch to IPv6. These include a large number of so-called legacy systems, computer systems that run on already obsolete structures.
Many manufacturing robotics applications, for example, require a finely tuned harmonization of hardware, software, and network services that make upgrades to newer operating systems prohibitively expensive. Merely running them using IPv6, however, would leave those systems open to attack, at least until software and maintenance personnel have been brought up to par with the new IP protocol. “Because the transition is so unpredictable, our customers cannot assume that systems in their fields are ready for the security challenges that IPv6 brings,” says Vincentas Grinius.
Also, the way network security works pose a further difficulty to private parties. “Like a chain link, network security depends on every user being more or less on par with general security requirements. If some operator doesn’t make an effort or isn’t aware of the risks inherent in the IPv6 protocol, that gives attackers a weak point to exploit the whole system,” concludes Grinius.
While IPv4 addresses are still available, and security risks concerning IPv6 prevail, the general transition envisioned by Internet governance organizations is unlikely to progress in the immediate future. It, in turn, means that, for the time being, the maintenance of IPv4-based systems needs to be ensured. As the only remaining source of crucial IPv4 addresses, companies like Heficed are thus inevitably going to play a vital role in this upkeep effort in the foreseeable future.
Headquartered in London, Heficed provides full-range services for IP lease, monetization, and management services. Heficed serves around 60 multi-billion industries starting from hosting to automotive or healthcare. With the millions of IP addresses and 12 years of industry experience and the operations globally, Heficed can meet any demand needs. That includes automated provisioning bare-metal solutions and cloud services in 9 locations around the world.