DHS project aims to bring open-source software to state and local agencies
The Homeland Security Department is funding a program that will help federal, state and local agencies better understand their options for using open-source software.
DHS' Science and Technology Directorate will fund the Homeland Open Security Technology (HOST) project, which will start with a one-year, $1.5 million contract and possible additional years to follow. The University of Southern Mississippi and the Open Source Software Institute (OSSI) will conduct the work, and the Navy's Space and Naval Warfare Systems Command will handle the contracting and help with guidance for the program.
HOST will provide a way for agencies, particularly at the state and local level, to better understand how to use open-source software, said Doug Maughan, a cybersecurity program leader in DHS’ Science and Technology Directorate. Open-source software could make first responder and other homeland security agencies more responsive in their software development.
The potential advantage of open-source software "comes down to agility and cost-savings," Maughan said.
The first year of the project will focus on "figuring out what we have, how we can get the pieces to interoperate better and how to make [sure] these resources [are] available to those who need them," said John Weathersby, OSSI’s executive director.
The work will involve a number of tasks. After establishing an advisory panel, the program will create a portal through the GovernmentForge.org site that will link to open-source software projects and provide a forum for government managers to discuss using such projects. Weathersby said the new portal will not duplicate the efforts of other open-source repositories, such as Forge.mil, but instead serve as a directory for such projects.
HOST will also generate documentation that could be useful for agency managers curious about using open software. And project leaders will reach out to various open-source software communities to gauge their interest in working more closely with the government community. Weathersby said some open-source tools, such as Snort for intrusion detection and prevention, are already widely used in government.
Finally, project leaders will examine how the government currently certifies software, such as the process for validating encryption modules for the Federal Information Processing Standards, Maughan said.
Those processes are mostly geared toward commercial products, and private companies foot the sometimes-expensive bill for certifying a piece of software. As a result, government agencies might not be aware of potentially useful open-source software that has no commercial backer.
The HOST program will look at ways of "making the process work equally well for open-source as well as for commercial entities," Maughan said.
He added that the program will build on the government’s earlier efforts to adopt open-source software, such as the military’s use of open-source tools documented in a 2003 report by Terry Bollinger, an IT analyst at Mitre.
Another antecedent is a DHS-funded project led by security analysis software provider Coverity that scanned open-source software for bugs.
"DHS is trying to figure how to most wisely use open-source resources," Weathersby said. "And in its strategy, it wants to get down to the state and local level.”
Joab Jackson is the senior technology editor for Government Computer News.