DoD Wary of That "Open" Word

joabj writes, "Why is the U.S. Defense Department still reluctant to use open source software, despite assurances from within the DoD itself? Blogging for Government Computer News, I found at a recent D.C. conference that to some extent the roadblock might be with that word 'open'."

Thats funny

[macaulay805]

The last time I checked, the DOD has an enterprise license for RedHat Enterprise Linux.

Re:Appearance is everything

[kfg]

There's a reason our fighter planes aren't called the Kitty or the Puppy.

The Puppy [theaerodrome.com]

KFG

Re:NMCI

[blofeld42]

It's a money scam, but the perp isn't Microsoft.

Before software goes onto NMCI it has to be certified. The certification process is obscure and not well documented, so the people doing the certification clean up--it takes around $30K of contractor work to get the software certified. It's full employment for DoD contractors who know something about NMCI certification.

A handful of reasons

[NitsujTPU]

1) Liability. Contractors want somebody to sue if something goes wrong. The DoD will blame the contractor.
2) Specs. Usually, the system is being developed is meant to replace another system that is in-place. The only things to be changed are what are specced out. This doesn't prevent things from being entirely rewritten, but it usually stays on an existing DoD platform.
3) Speaking of platforms, check out the existing specced out platforms. Lots of people go with DIICOE, or GCCS for various reasons. Some might include a desire to get something included as a DIICOE segment, which is profitable, or GCCS, because it's ubiquitous.
4) STIGs. If there isn't a STIG written for it, you're going to have a harder time getting approval to operate it on a classified network. Even if all of your major apps are covered, you'll have to get extensions regarding applications that are not covered. Extensions are not intended to be waivers... so, you're only supposed to get an extension if you intend to replace it. It is hard to justify an extension for new software. Why not just write it in a compliant fashion? Because the security audit will be more of a PITA, they avoid any step into the unknown. Some of this is just inertia.
5) Security through obscurity. It sounds asinine, but the DoD doesn't rely on security through obscurity.... they rely on anything that is considered a good practice, obscurity is just one of those many practices. It's not that they are using telnet or anything silly like that. It's just that they want as many layers as possible.
6) Common open source is embraced. Everyone runs Apache. It's as ubiquitous as IIS. It's the things that are considered more "out there" that aren't.

All of that aside, there have been open source initiatives, but contractors have been reluctant to bite. Reasons vary, but this is the essential dynamic. The DoD retains the rights to most of the source code for projects that they fund, so, they already have the source code... they give it to anybody that they please, including the next contractor to work on the project. Contractors don't want to share source with each other for competitive reasons. Since they're all bidding to produce identical products, giving other contractors the ability to develop experience with a product can only hurt their business, this experience is their primary bargaining chip when bidding (that and the ability to undercut their competitors, or qualify for special considerations, such as being a small business).

Then there is the concern of enabling foreign interests to develop commensurate technologies. Nobody wants to share code to decode IFF signals, or to build similar systems. Thinking that the government would publish code to do these things is just asinine.

You always have your crumudgeons who also will just resist open source... which is the same even outside of DoD interests, but the DoD comes with a host of other concerns. All of these in mind, I'm not sure that the DoD is necessarily stilted against open source. Some sectors of the DoD have embraced it quite readily... these are just the faster-moving sectors who adopt technologies more readily. The DoD is a very large entity, and, as such, slow adoption, when combined with very well established platforms results in this exact behavior.

Open source is EVERYWHERE in the defense community

[Anonymous Coward]

I work for a defense contractor, and there are supposedly some rules from on high that open source is frowned upon, as is any software not written by a company in the United States.

I routinely bring software in to use on various projects, and I favor open source or, more spefically, free software, except in cases where a proprietary product is clearly better (example: BitKeeper is better than any open source SCM tool). It's simple, really. If I can start using it tomorrow rather than ask the businesspeople to purchase something and use it next week if I'm lucky, that's just easier for me.

The reason I say 'tomorrow' is because it's not quite hassle-free. I have to turn in a form to justify putting software X on the classified network. The form, of course, was not written by anyone who even considered the possibility of open source. It asks what company wrote the product (I do my best to oblige and say something like "Free Software Foundation" or "The ____ Project" if I really can't find any organization) and where that company is headquartered (I just try and put anything at all that seems to fit, such as an address found in a whois request).

To the people who really insist that open source has no place on a defense networks, I say, do you have any idea how many Linux machines are already being used on said networks? Do you realize how many GNU tools are being used, even on the proprietary machines? That gcc, for example, is the compiler of choice, at least where I'm working? The people who make these statements have no idea what they're already running.

Not the only reason, but a possible one.

[ArmyLT]

One of the problems is that it is free, meaning they don't pay for it. The Army doesn't ever get something for free. There are policy's against it.

The idea is that, eventually Guido is going to want you to repay the favor. The Army can't get something for free because, later on, it might be seen as biased.

Also, they want to be seen as supporting American buisnesses. When you use open-source, and get it for free, it is almost like you are taking it away from the economy.

Now, I don't dispute that there are more reasons... Someone to blame and all that kind of stuff. But it is not necessarily cloak and dagger, nor just being against change.

Actually Not

[YetAnotherBob]

I worked on a secret level access facility for the Air Force a few years ago. There were two computer systems. All classified materials were to go on the Sun network. Cables had to be mounted below the ceiling, where they could be visually inspected constantly, etc. The Microsoft boxes were limited to personal use only. Yes, Microsoft has a security level approval (pretty much granted by Congress over protest.) But, if you read it, there are all kinds of limitations. No network connections allowed, no removable media, etc. Truth is, the Military knows that Windows cannot be secured. My son was in the Army and he confirms. All sensitive and above information was kept on Unix or Linux. Windows is not suitable for such use. (this was as of a few months ago.) that doesn't mean it doesn't get used that way, just that it's the reason for a lot of the leaks that have happened in recent years, and that is recognized.

I have used Open Source within DoD

[usgrant]

I have used RedHat Linux and OpenOffice in the Army. They are there and implemented in combat. The soldier isn't aware of this because they work behind the scenes, but open source is being used in several applications.

They'll change their mind

[Simonetta]

They'll change their mind when they go to war with a country that has paid Microsoft more than they have (or a country that Microsoft has purchased). And the entire Defense department falls apart from deeply embedded backdoors that have been sold to the 'enemy'.
    Global corporations are just that, they don't owe loyality to any nation or any nation's war machine. The Americans will probably learn this (as they learn everything) the hard way.

    In a similar vein, I would believe that all the ultra-high tech weapons that the Americans have sold to their more dubious allies do actually have back-doors that allow the Americans to disable these weapons should they be used against Americans by a country that has had a revolution. This was the lesson of Iran in the late 1970's. Hopefully it will be learned before all the high-tech weapons sold/given to Egypt over the past thirty years are used against the Americans and Israelis after the fall of Murabak's regime and the assendency of an Egyptian Islamic Republic.

Re:Tech or Politics?

[Yaztromo]

Doesn't Microsoft already have shared source with select partners?

Shared Source != Open Source.

Open Source is about more than just being able to look at and build the source code. It's about the freedom to redistribute the software with your changes at will. It's about being able to hire on whatever development company you desire to enhance and improve the software.

Shared Source is mostly just a rouse to appear open, to try to stave off a migration to more truly open options. Shared Source doesn't really give you much in the way of additional freedoms -- Open Source does (and by Open Source, I am specifically referring to software that is licensed in such a way that it conforms to the Open Source Definition [opensource.org]).

Yaz.

"Free Software" intentionally invokes Cold War

[twitter]

The term "free" is an intentional echo of cold war terminology and works for military types. Freedom is what they are all about and they are never supposed to obey an unlawful order. The American ideology of the Cold war carried over from the defeat of the German dictatorship and Japanese Empire but was firmly rooted in American history, writing and law. The core of that ideology is that free, moral people working in honest cooperation and competition are happier and more prosperous than people toiling under centralized dictatorships. Interesting expressions of these ideas can be found in the writing of Robert A. Heinlein, especially Starship Trooper [wikipedia.org], which is recommended reading in the US Marine Corps. Free software is an honest effort to make things work, guided by a free meritocracy. It works and has become best of class because people agree not to screw each other over, standards to modularize their work make it so things are interchangeable and the fittest work survives.

Officers with higher degrees will instantly appreciate the peer review nature of free software. People who have published scientific articles understand first hand the practical requirements of repeatability too. To them, if you can't repeat it yourself you have to take it on faith and no military person wants faith in anything but the almighty when they can have proof instead.

The non free people tried to call free software, "software communism" but failed and may have it thrown back in their face. Any military person will tell you that Communist contries are really nasty little fiefdoms, where who you know is more important than what you know and the top guy is in absolute lawless control of everything until murdered. This more resembles the distrustful, back stabbing and intentionally wasteful world of non free software in methodology and results.

I'll quote the gnu.org sites, see what you think:

... what else could we say about a system based on dividing the public and keeping users helpless? ... One [non free propaganda] assumption is that software companies have an unquestionable natural right to own software and thus have power over all its users. ... [another is that] we would have no usable software (or would never have a program to do this or that particular job) if we did not offer a company power over the users of the program. [gnu.org] and Consider these four practices of the Software Publishers Association (SPA): [gnu.org]

1. Massive propaganda saying it is wrong to disobey the owners to help your friend.
2. Solicitation for stool pigeons to inform on their coworkers and colleagues. Raids (with police help) on offices and schools, in which people are told they must prove they are innocent of illegal copying.
3. Prosecution (by the US government, at the SPA's request) of people such as MIT's David LaMacchia, not for copying software (he is not accused of copying any), but merely for leaving copying facilities unguarded and failing to censor their use.

All four practices resemble those used in the former Soviet Union, where every copying machine had a guard to prevent forbidden copying, and where individuals had to copy information secretly and pass it from hand to hand as ``samizdat''. There is of course a difference: the motive for information control in the Soviet Union was political; in the US the motive is profit. But it is the actions that affect us, not the motive.

The first firearm sniper.

[fuego451]

From Wikipedia:Sniper [wikipedia.org]:

The first modern firearm snipers may have been trained in 16th century Japan as a type of ninja or shinobi. They were supposedly trained to cover retreating armies.