Mil-OSS LANT Welcome & Open Source within SSC-LANT

Mil-OSS LANT Welcome & Open Source within SSC-LANT

Presented by:Ms. Kathryn Murphy

54000 Computer Applications, Services, Integration & Infrastructure

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012). Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

2

We are a Navy Information Technology (IT) Command

Statement C: Distribution authorized to U.S. Government Agencies and their contractors (admin/ops) (11 May 2012).Other requests for this document must be referred to SPAWARSYSCEN Atlantic.

3

Strategic Plan


4

We work for…


5

Open Source (OS)

▼ Open distribution/access to design and implementation specifics No license restrictions for access to “compiled” capability or “source”

− Inclusive of derived works− Can be distributed as part of a Open/Closed source system

Distributed/Community Involvement and Governance to develop and maintain capability▼ Like cloud, we are returning to our “roots”

Early operating system and application development was only open source▼ Hardware/Electronics

Microprocessors (e.g., OpenRISC/SPARC) Data Center/Computing Hardware design (e.g., Facebook Open Compute)

▼ Content Books and Reference (e.g., Wikipedia, Project Gutenberg)

▼ Software Operating Systems (e.g., Linux, Android) Applications (e.g., LibreOffice, OpenOffice, Firefox, Thunderbird, GIMP, Google Earth) Services (e.g., Apache Family, Drupal, MediaWiki, OpenStack)


6

Open Source in the DoD…What it takesCultureAddress the politics of reuseHow does it become part of our day to day

AcquisitionHow do we buy itGovernance, how do we mange itHow do we maintain it

TechnologyLeveraging current OS technology as building blocksContributing back to the community


7

Open Source…Culture

▼ Politics of Reuse Getting past Not Invented Here (NIH) Challenges of trust (Human Nature)

▼ Embracing Open Source as part of our Culture Look to leverage before looking to build Open Source as a habit

▼ Creating a community Contributing back Incentivize adopters


8

▼ How do we buy and license Open Source Addressed at a strategic level by DoD CIO/ DoN CIO Acquisition strategy and rules still unclear at a Tactical level

▼ DoD CIO Memo, October 16, 2009 Open Source Software is software for which the human-readable source code

is available for use, study, reuse, modification, enhancement, and redistribution by the users of that software.

To effectively achieve its missions, the Department of Defense must develop and update its software-based capabilities faster than ever, to anticipate new threats and respond to continuously changing requirements.

▼ DoN CIO Memo, June 5, 2007 DoN “…will treat OSS as COTS when it meets the definition of commercial

item”− SECNAV Instruction 5230.15 referenced by this memorandum defines

commercial items as having some form of vendor support

Open Source…Acquisition


9

Open Source…Technology

▼ [“Enterprise”] Open Source Software Maintained/supported by vendor (e.g., Linux: RedHat for Fedora, Canonical for Ubuntu,

Novelle for SUSE)▼ [Community] Open Source Software

Support can be contracted for (e.g., Apache/Linux derivatives)

▼ Government Open Source Software (GOSS) Government develops/retains software, retains code rights (e.g., OWF, NSA/TexeltTech)

▼ Government Off-the-Shelf (GOTS) Government developing and/or contracting for capability May include an amalgamation of all types

▼ Commercial Off-the-Shelf (COTS) Vendor developed, controlled (e.g., MS, Oracle) Contracted/purchased and implemented, can be further customized—but cannot be

distributed without license purchase▼ Freeware

Software in the wild, not supported by community or vendor - use is prohibited


10

Open Source Software and Security Profile▼ OSS is Trusted:

NSA, NASA Google, Amazon, RackSpace, Facebook NGA has recently mandated OSS only New York and Tokyo Stock Exchange http://www.whitehouse.gov

▼ As long as OSS is treated as COTS, the security concerns are the same DADMS oversight/approval, FIPS 140-2 compliance,

Common Criteria, risk analysis

▼ Open Source has matured as a paradigm• In 2009, Average of 280 OSS programs had 0.25 defects

per KLOC• 36 projects were released with no known defects

• By 2011, Gartner predicted > 80% of all commercial software solutions would be based on OSS

• Surveys show 49.7% of mission critical applications are using OSS in some manner

▼ Government Open Source Software (GOSS) treated much the same as OSS in general Can also further define community boundaries for which

it is fully “Open”

▼ Open Source Security – NSA Security Enhanced (SE) Linux Project Built on 10 years of NSA’s OS Security Research Fine-grained control over kernel services Transparent to application and users

▼ Breaking down barriers helps build better barriers! Participation Scrutiny

▼ That being said, “barriers” still remain Improve DADMS to also provide enterprise visibility of

software risk Sharing of information with other Government agencies

(e.g., NSA) Criteria for adequate risk assessment software products


11

▼ ONR LTE Limited Technology Experiment

Combat System to Command and Control

▼ NAVY P8A• Adoption of the CANES ACS Stack

▼ JEOD DSS▼ DISA JCTD’s

Adaptive Planning

▼ TRANSCOM• Building out Development Environment

▼ NAVY NTCSS• 3rd Party Application adoption of CANES ACS

▼ NAVY Tactical Switching▼ NSA METERMAID

• Satellite Server for Patch management on high side

▼ NAVY TACMOBILE▼ NAVY ENMS

The Navy is already heavily invested in OSS▼ CANES

Afloat Core Services (ACS)

▼ US Air Force Air Operating System 10.2 ACS – Adaptive Core Services (Reuse from CANES)

▼ USMC MAGTF TSOA▼ DISA FORGE.MIL

CollabNet/SourceForge

▼ DISA NCES Deployable Services

▼ NAVY ADNS▼ DCGS – NAVY▼ NAVY C2RPC

Command and Control Rapid Prototyping Capability

▼ NAVY ERP▼ DISA NSLDSS

National Senior Leaders Decision Support System

▼ NAVY CCOP Cryptologic Carry On Program


12

▼ Questions?

04/22/23 12

Questions?

Documents

Mil-OSS LANT Welcome & Open Source within SSC-LANT