National security agencies seem to understand what most government agencies do not yet – open technologies (open standards, open architecture and open source software) must figure prominently in mission critical systems and solutions.
Proprietary tech companies frequently argue that open source is unsuitable for military and security agencies. Clearly, defense agencies around the world disagree. And their actions speak louder than vendor words. Then again, their words speak pretty loudly too …
U.S.: A recent Department of Defense report entitled Open Technology Development Roadmap Plan says it plainly: “[Open source] and open source development technologies are important to the National Security and National Interest of the United States.” Specifically, open standards and targeted use of open source are vital for:
o Enhancing the military’s agility to adapt to changing needs and capabilities.
o Securing infrastructure and increasing security by having greater technical visibility into software in defense networks.
o Enabling rapid response to changes in technology and the actions of adversaries.
o Facilitating more efficient use of resources through collaboration and code sharing.
True, defense agencies study everything. However, this is not just an academic exercise. Defense agencies around the world – friend and foe alike – are moving from study to adoption of open technologies faster than most other government agencies. This is true despite (or rather BECAUSE of) security concerns. They are leaders in open technologies.
Open source will be core to the U.S. Army's Future Combat System of robotic reconnaissance; mobile command and control platforms; ground and air missile platforms; and advanced targeting systems.
The U.S. military is not alone.
China: Its military was an early adopter of open source to guard against “back door” access and malicious code putting vital military information at risk.
Russia: Its Ministry of Defense and Ministry of Internal Affairs depend on a domestically developed, Linux-based operating system, not only to provide greater network security but also to end Russia’s dependence on foreign software production.
South Korea: Its military is investing some $400 million won to build an education center for open source software and establish systems to run war-game simulations and other defense exercises.
France: Ministry of Defense and Ministry of Interior are both open source users, to gain security-through-diversity in technology and avoid dependencies on any one technology (or vendor). Today, while 80% of French gendarmes use OpenOffice for daily work, the Ministry of Defense is funding a project to boost the security certification of Linux.
Finland: The Ministry of Defense, to ensure stability and security in key operational processes, uses open source to handle messaging, its intranet and other core services.
Vietnam: Under a directive from the Prime Minister, the Ministry of Defense is directly engaged in the experimental application and development of open source software for defense purposes.
You might expect open source to be a tough sell to national security agencies. After all, it provides you and your enemies access to source code. But it is not. What attracts militaries to open source?
o The transparency of open source builds trust in the software.
o It enables an agency to break lock-in and regain control over software maintenance, upgrades and costs.
o It helps build self-reliance in software needed for critical weapon system development.
o Open source is ideal for militaries because it is technically flexible and customizable, giving them tactical agility.
National security agencies often have advantages over other agencies – they usually have substantial IT security expertise and resources in house. Still, less endowed public agencies have options. They can invest in long-term training for personnel. They can use public - private partnerships to access expertise.
What do defense agencies know that others have yet to learn? Organizations of any real size need to integrate open source into their technical architecture and overall business strategy.