Open source code is used increasingly across the entire federal government and the U.S. military. But a new digital rubicon is looming: the use of open source code as a condition within U.S. Defense Department and intelligence community software acquisition contracts.
The efficiencies of using and embedding open source software (OSS) carry many risks. In the advent of free repositories and millions of open source projects, the notion of any reasonable centralized authentication about the origin or any assurance as to correctness is virtually impossible. As a result, users should cultivate trust relationships with a few suppliers and keep them up to date.
When the Department of Defense (DOD) launched its Everything Over IP initiative nearly 10 years ago the focus was to bring traditional telecommunications technology—phone calls, streaming video and even faxes—to the digital world.
At that time, unified communications (UC), especially in the government workplace, was a relatively new concept. Remember, this was a time when voice over Internet Protocol (VoIP) phones were still seen as cutting edge. Now, though, UC has become not just a business tool, but a strategic offering that can connect employees in disparate locations, including the frontlines.
Open source containers, which isolate applications from the host system, appear to be gaining traction with IT professionals in the U.S. defense community. But for all their benefits, security remains a notable Achilles’ heel for a couple of reasons.
First, containers are still fairly nascent, and many administrators are not yet completely familiar with their capabilities. It’s difficult to secure something you don’t completely understand. Second, containers are designed in a way that hampers visibility. This lack of visibility can make securing containers extremely taxing.
Layers upon layers
In February 2018, the Department of Defense (DOD) Defense Digital Service (DDS) relaunched Code.mil to expand the use of open source code. In short, Code.mil aims to enable the migration of some of the department’s custom-developed code into a central repository for other agency developers to reduce work redundancy and save costs in software development. This move to open source makes sense considering that much of the innovation and technological advancements we are seeing are happening in the open source space.
NATO is building a wide range of technological capabilities, including open source intelligence, counterterrorism, artificial intelligence, space-based surveillance, electronic warfare and biometric solutions, some of which were previously left to the individual nations or other international organizations.
The flurry of activity amounts to a complete metamorphosis of NATO’s intelligence, surveillance and reconnaissance (ISR) assets, according to Matt Roper, the joint ISR chief within NATO’s Communications and Information Agency. Roper notes that the alliance’s new direction results directly from the 2012 summit in Chicago.
The U.S. government is likely the largest combined producer and consumer of software in the world. The code to build that software is volatile, expensive and oftentimes completely hidden from view. Most people only see the end result: the compiled and packaged application or website. However, a massive worldwide community, the Open Source Initiative, centers on the exact opposite.
The National Geospatial-Intelligence Agency (NGA) now delivers unclassified geospatial intelligence (GEOINT) to verified government users via an application for tablets and mobile devices. Tearline, available though the Apple App Store and Google Play, is open to the intelligence community, U.S. Defense Department, allies, and academic and private sector partners sponsored into the system.
NGA’s GEOINT Pathfinder project developed the app. The shell is delivered from the app stores, but from that point, users need credentials to access secure servers.