• United States



Defense Department needs to embrace open source or military will lose tech superiority

Aug 31, 20163 mins
Data and Information SecurityOpen SourceSecurity

The Center for a New American Security warns that if the DoD doesn't embrace open source, it will be 'left behind'

open source keyboard
Credit: Thinkstock

The Department of Defense needs to move past open source myths that have been debunked and jump on the open source bandwagon or the Department of Defense (DoD) and U.S. military will not be able to maintain tech superiority, warns a Center for a New American Security (CNAS) report.

To maintain technological superiority, the DoD needs “to acquire, develop, deploy and maintain cutting-edge software” systems. “Unless the department is able to accelerate how it procures, builds and delivers software, it will be left behind,” said the authors of “Open Source Software and the Department of Defense” (pdf).

“From game-changing weapons to routine back-office systems, the DoD is entirely reliant on its ability to identify, acquire, certify, deploy and manage software,” the report states. “Unfortunately, software development is not currently a high-profile, high-priority topic in the discussion about diminishing U.S. military technical superiority. It should be.”

Open source software is used in the Pentagon, which should strongly suggest that open source is not an unsecure and vulnerable hot mess. Yet the DoD overall is stuck in the past, clinging to “erroneous and unfounded misunderstandings about open source software.” Those misconceptions often mean open source is not even considered as a viable option for DoD software projects.

The report pointed out that open source licensing does not mean that any changes to code must be shared publicly. “The ability to see source code is not the same as the ability to modify deployed software in production.” Additionally, using some open source components is not the same thing as creating an entire system that is open-sourced.

One of the most important objections to open source defense systems is the apparently deliberate squandering of technological advantage. Some fear that if DoD source code is readily available to U.S. adversaries, those actors may be able to use it to their advantage. This apprehension is misplaced.

Does the DoD want to be more like Google or Microsoft?

“Without open source, Facebook, Google, Amazon and nearly every other modern technology company would not exist,” the authors wrote. Google and Facebook contribute to open source projects even for competing products; Tesla Motors took a page from the open source movement and released patents with an eye toward advancing electric vehicle tech. “These decisions hinge on the desire to develop their fields and the recognition that secrecy hurts invention, profits and security more than it helps them.”

The authors added:

“Information security concerns have been debunked because increased public scrutiny of code has led to identification and reconciliation of problems that were not discovered through ‘closed’ quality checks. Further, ‘closed source [versions of] products like Microsoft have been riddled with security flaws and issues,’ some of which were significant zero-day exploits of widely used, commercially available products.”

Although “open source cannot cure all of the DoD’s software ills,” it could improve software for the DoD as it has for civilian organizations, as well as cost less than the DoD’s proprietary and closed systems.

The U.S. military’s technical superiority does not come “from source code, but from the effective integration and adaptation of its doctrine, organization, training, materiel, leadership and education, personnel, and facilities (DOTMLPF). Software is a vital enabler of U.S. military capability, but it is the configuration of and the data housed in these systems that provide advantage, not the source code itself.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.