Mil-OSS LANT Welcome & Open Source within SSC-LANT

pielibraryInternet and Web Development

Dec 4, 2013 (4 years and 27 days ago)

72 views

Mil
-
OSS LANT Welcome &

Open Source within SSC
-
LANT



Presented by:

Ms. Kathryn Murphy

54000 Computer Applications,

Services, Integration & Infrastructure


Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.
2

We are a Navy Information Technology (IT)
Command

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

3

Strategic Plan

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

4

We work for…

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

5

Open Source (OS)


Open distribution/access to design and implementation specifics


No license restrictions for access to “compiled” capability or “source”


Inclusive of derived works


Can be distributed as part of a Open/Closed source system


Distributed/Community Involvement and Governance to develop and maintain capability


Like cloud, we are returning to our “roots”


Early operating system and application development was only open source


Hardware/Electronics


Microprocessors (e.g., OpenRISC/SPARC)


Data Center/Computing Hardware design (e.g., Facebook Open Compute)


Content


Books and Reference (e.g., Wikipedia, Project Gutenberg)


Software


Operating Systems (e.g., Linux, Android)


Applications (e.g., LibreOffice, OpenOffice, Firefox, Thunderbird, GIMP, Google Earth)


Services (e.g., Apache Family, Drupal, MediaWiki, OpenStack)




Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

6

Open Source in the DoD…What it takes

Culture

Technology

Acquisition

Culture


Address the politics of reuse


How does it become part of our
day to day


Acquisition


How do we buy it


Governance, how do we mange it


How do we maintain it


Technology


Leveraging current OS
technology as building blocks


Contributing back to the
community




Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

7

Open Source…Culture


Politics of Reuse


Getting past
Not Invented Here (NIH)


Challenges of trust (Human Nature)


Embracing Open Source as part of our Culture


Look to leverage before looking to build


Open Source as a habit


Creating a community


Contributing back


Incentivize adopters



Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

8


How do we buy and license Open Source


Addressed at a strategic level by DoD CIO/ DoN CIO


Acquisition strategy and rules still unclear at a Tactical level


DoD CIO Memo, October 16, 2009


Open Source Software is software for which the human
-
readable source code
is available for use, study, reuse, modification, enhancement, and redistribution
by the users of that software.


To effectively achieve its missions, the Department of Defense must develop
and update its software
-
based capabilities faster than ever, to anticipate new
threats and respond to continuously changing requirements.


DoN CIO Memo, June 5, 2007


DoN

…will treat OSS as COTS when it meets the definition of commercial
item



SECNAV Instruction 5230.15 referenced by this memorandum defines
commercial items as having some form of vendor support


Open Source…Acquisition

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

9

Open Source…Technology


[

Enterprise

] Open Source Software


Maintained/supported by vendor (e.g., Linux: RedHat for Fedora, Canonical for Ubuntu,
Novelle for SUSE)


[Community] Open Source Software


Support can be contracted for (e.g., Apache/Linux derivatives)


Government Open Source Software (GOSS)


Government develops/retains software, retains code rights (e.g., OWF, NSA/TexeltTech)


Government Off
-
the
-
Shelf (GOTS)


Government developing and/or contracting for capability


May include an amalgamation of all types


Commercial Off
-
the
-
Shelf (COTS)


Vendor developed, controlled (e.g., MS, Oracle)


Contracted/purchased and implemented, can be further customized

but cannot be
distributed without license purchase


Freeware


Software in the wild, not supported by community or vendor
-

use is prohibited

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

10

Open Source Software and Security Profile


OSS is Trusted:


NSA, NASA Google, Amazon, RackSpace, Facebook


NGA has recently mandated OSS only


New York and Tokyo Stock Exchange


http://www.whitehouse.gov


As long as OSS is treated as COTS, the
security concerns are the same


DADMS oversight/approval, FIPS 140
-
2 compliance,
Common Criteria, risk analysis


Open Source has matured as a paradigm


In 2009, Average of 280 OSS programs had 0.25 defects
per KLOC


36 projects were released with no known defects


By 2011, Gartner predicted > 80% of all commercial
software solutions would be based on OSS


Surveys show 49.7% of mission critical applications are
using OSS in
some manner



Government Open Source Software (GOSS)
treated much the same as OSS in general


Can also further define community boundaries for
which it is fully “Open”


Open Source Security


NSA Security
Enhanced (SE) Linux Project


Built on 10 years of NSA’s OS Security Research


Fine
-
grained control over kernel services


Transparent to application and users




Breaking down barriers helps build better
barriers!


Participation


Scrutiny


That being said, “barriers” still remain


Improve DADMS to also provide enterprise visibility of
software risk


Sharing of information with other Government agencies
(e.g., NSA)


Criteria for adequate risk assessment software
products

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

11


ONR LTE


Limited Technology Experiment


Combat System to Command and Control


NAVY P8A


Adoption of the CANES ACS Stack


JEOD DSS


DISA JCTD’s


Adaptive Planning


TRANSCOM


Building out Development Environment


NAVY NTCSS


3
rd

Party Application adoption of CANES ACS


NAVY Tactical Switching


NSA METERMAID


Satellite Server for Patch management on high side


NAVY TACMOBILE


NAVY ENMS


The Navy is already heavily invested in OSS


CANES


Afloat Core Services (ACS)


US Air Force Air Operating System 10.2


ACS


Adaptive Core Services (Reuse from CANES)


USMC MAGTF TSOA


DISA FORGE.MIL


CollabNet
/
SourceForge


DISA NCES


Deployable Services


NAVY ADNS


DCGS


NAVY


NAVY C2RPC


Command and Control Rapid Prototyping Capability


NAVY ERP


DISA NSLDSS


National Senior Leaders Decision Support System


NAVY CCOP


Cryptologic Carry On Program

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).

Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

12


Questions?

12/4/2013

12

Questions?