Open Source - Mil-OSS

Download Report

Transcript Open Source - Mil-OSS

Mil-OSS LANT Welcome &
Open Source within SSC-LANT
Presented by:
Ms. Kathryn Murphy
54000 Computer Applications,
Services, Integration & Infrastructure
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
We are a Navy Information Technology (IT)
Command
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
2
Strategic Plan
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
3
We work for…
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
4
Open Source (OS)
▼ Open distribution/access to design and implementation specifics
 No license restrictions for access to “compiled” capability or “source”
− Inclusive of derived works
− Can be distributed as part of a Open/Closed source system
 Distributed/Community Involvement and Governance to develop and maintain capability
▼ Like cloud, we are returning to our “roots”
 Early operating system and application development was only open source
▼ Hardware/Electronics
 Microprocessors (e.g., OpenRISC/SPARC)
 Data Center/Computing Hardware design (e.g., Facebook Open Compute)
▼ Content
 Books and Reference (e.g., Wikipedia, Project Gutenberg)
▼ Software
 Operating Systems (e.g., Linux, Android)
 Applications (e.g., LibreOffice, OpenOffice, Firefox, Thunderbird, GIMP, Google Earth)
 Services (e.g., Apache Family, Drupal, MediaWiki, OpenStack)
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
5
Open Source in the DoD…What it takes
Culture
 Address the politics of reuse
 How does it become part of our
day to day
Culture
Acquisition
 How do we buy it
 Governance, how do we mange it
 How do we maintain it
Acquisition
Technology
Technology
 Leveraging current OS
technology as building blocks
 Contributing back to the
community
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
6
Open Source…Culture
▼ Politics of Reuse
 Getting past Not Invented Here (NIH)
 Challenges of trust (Human Nature)
▼ Embracing Open Source as part of our Culture
 Look to leverage before looking to build
 Open Source as a habit
▼ Creating a community
 Contributing back
 Incentivize adopters
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
7
Open Source…Acquisition
▼ How do we buy and license Open Source
 Addressed at a strategic level by DoD CIO/ DoN CIO
 Acquisition strategy and rules still unclear at a Tactical level
▼ DoD CIO Memo, October 16, 2009
 Open Source Software is software for which the human-readable source code
is available for use, study, reuse, modification, enhancement, and redistribution
by the users of that software.
 To effectively achieve its missions, the Department of Defense must develop
and update its software-based capabilities faster than ever, to anticipate new
threats and respond to continuously changing requirements.
▼ DoN CIO Memo, June 5, 2007
 DoN “…will treat OSS as COTS when it meets the definition of commercial
item”
− SECNAV Instruction 5230.15 referenced by this memorandum defines
commercial items as having some form of vendor support
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
8
Open Source…Technology
▼ [“Enterprise”] Open Source Software
 Maintained/supported by vendor (e.g., Linux: RedHat for Fedora, Canonical for Ubuntu,
Novelle for SUSE)
▼ [Community] Open Source Software
 Support can be contracted for (e.g., Apache/Linux derivatives)
▼ Government Open Source Software (GOSS)
 Government develops/retains software, retains code rights (e.g., OWF, NSA/TexeltTech)
▼ Government Off-the-Shelf (GOTS)
 Government developing and/or contracting for capability
 May include an amalgamation of all types
▼ Commercial Off-the-Shelf (COTS)
 Vendor developed, controlled (e.g., MS, Oracle)
 Contracted/purchased and implemented, can be further customized—but cannot be
distributed without license purchase
▼ Freeware
 Software in the wild, not supported by community or vendor - use is prohibited
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
9
Open Source Software and Security Profile
▼ Government Open Source Software (GOSS)
treated much the same as OSS in general

▼ OSS is Trusted:




Can also further define community boundaries for
which it is fully “Open”
▼ Open Source Security – NSA Security
Enhanced (SE) Linux Project



Built on 10 years of NSA’s OS Security Research
Fine-grained control over kernel services
Transparent to application and users
▼ Breaking down barriers helps build better
barriers!





▼ As long as OSS is treated as COTS, the
security concerns are the same

DADMS oversight/approval, FIPS 140-2 compliance,
Common Criteria, risk analysis
Open Source has matured as a paradigm
▼
•
Participation
Scrutiny
▼ That being said, “barriers” still remain
NSA, NASA Google, Amazon, RackSpace, Facebook
NGA has recently mandated OSS only
New York and Tokyo Stock Exchange
http://www.whitehouse.gov
In 2009, Average of 280 OSS programs had 0.25 defects
per KLOC
•
•
36 projects were released with no known defects
By 2011, Gartner predicted > 80% of all commercial
software solutions would be based on OSS
Improve DADMS to also provide enterprise visibility of
• Surveys show 49.7% of mission critical applications are
software risk
using OSS in some manner
Sharing of information with other Government agencies
(e.g., NSA)
Criteria for adequate risk assessment software
products
Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
10
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
The Navy is already heavily invested in OSS
▼ CANES

▼ ONR LTE
Afloat Core Services (ACS)
▼ US Air Force Air Operating System 10.2

ACS – Adaptive Core Services (Reuse from CANES)
▼ USMC MAGTF TSOA
• Building out Development Environment
▼ NAVY NTCSS
•
▼ NAVY C2RPC
Command and Control Rapid Prototyping Capability
▼ NAVY ERP
National Senior Leaders Decision Support System
Cryptologic Carry On Program
Statement C:
3rd Party Application adoption of CANES ACS
▼ NAVY Tactical Switching
▼ NSA METERMAID
• Satellite Server for Patch management on high side
▼ DISA NSLDSS

Adaptive Planning
▼ TRANSCOM
Deployable Services
▼ NAVY CCOP
▼ NAVY P8A

▼ DCGS – NAVY

Combat System to Command and Control
▼ DISA JCTD’s
CollabNet/SourceForge
▼ NAVY ADNS


▼ JEOD DSS
▼ DISA NCES

Limited Technology Experiment
• Adoption of the CANES ACS Stack
▼ DISA FORGE.MIL


▼ NAVY TACMOBILE
▼ NAVY ENMS
Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).
Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
11
Questions?
▼ Questions?
3/28/2016
12
12