The US military has turned to an unusual strategy to check for security holes in its networks: it's giving up some power over a key internet resource. Kentik and the Washington Post have learned that the Defense Department gave Florida startup Global Resource Systems control of roughly 175 million IPv4 addresses. The company started managing the long-dormant addresses on January 20th, but that number grew quickly over the next three months.
Brett Goldstein, the director for the Pentagon's Defense Digital Service, told the Post that the move was part of a "pilot effort" to study and prevent unauthorized use of the military's IP addresses. It would also help spot "potential vulnerabilities," Goldstein said.
The Defense Department stressed that it still owned the IP addresses.
It's unclear exactly what officials hope to accomplish, though, and the company itself is mysterious. GRS only established itself in September 2020, and it doesn't even have a public website. Kentik's Doug Madory suggested that a data flood directed at the IP addresses could help the military gather information on threats or exploits. And when some Chinese companies use similar IP address numbering schemes for their internal networks, there's a chance some of their data could be directed to the US.
Whatever the reasoning, it could be an important move. The military might use knowledge from the pilot to prevent hostile governments or cybercriminals from hijacking dormant IP addresses. This also makes sure the US can manage the IP addresses so that it can use them if it likes, a Post source said. As odd as this move is, then, it might be important in light of the SolarWinds hack and other threats to government systems.