Convincing the Military to Embrace Open Source

drewmoney writes "Misconceptions about what 'open source software' means has made elements of the US Defense Department reluctant to deploy in a live environment. DoD proponents of shared-source projects are now working to reverse this trend by educating IT decision-makers and demonstrating OSS usefulness. 'The cost of cleaning up a "network spill" that introduces classified material on an unclassified network is running about US$11,000 per incident on the Navy/Marine Corps Intranet (NMCI), so the free Secure Save tool could produce monetary savings for the Navy. Additionally, it would cover more file formats than the costly commercial redaction product currently available on the NMCI.'"

NT 4.0 and US naval ships...

[G3ckoG33k]

NT 4.0 and US naval ships...

I think Linux floats here. Just check www.top500.org

I can't guarantee that all other open source projects will float as well. But, who could?

Article confuses two different problems...

[MyNameIsFred]

The article confuses two different problems. One problem is redaction, the other is a network spill. The two are very different. Redaction is "editing problem," deleting classified material from a document to make it unclassified. In a network spill, classified information is accidentally put on an unclassified system. A spill is a much more complicated problem. You have to determine how many systems were "infected," and sanitize those systems. And sanitizing may require the destruction/confiscation of the system. You also have to determine whether anyone without a clearance had access to the material. And I would guess that the vast majority of the cost is labor, not software.

FCS runs on Linux

[Anonymous Coward]

The entire Future Combat System [wikipedia.org] runs on RedHat Linux. The systems timeframe is a little lengthy, but it will be field tested in 2008. It certainly is based on Open Source technology, and it's going to be deployed service wide.

Re:Stop talking about "open Source"

[Anonymous Coward]

Yeah, but when the software suddenly breaks, and the company hasn't issued a patch yet to fix your problem, you're S.O.L.

With OSS, you can fix it yourself.

Future Combat Systems

[samkass]

The entire "Future Combat Systems" of the US Army is based on SOSCoE, a virtual environment that currently runs on linux. It includes development environments for C/C++/Java, but not Microsoft or .NET (yet, anyway). I'm not sure where the meme came in that the DoD is anti-linux. They are certainly proportional in their linux market share as the rest of the world, I'd say.

I'm in the Navy; my perspective on this.

[palegray.net]

The military is starting to use open source software in more ways than people on the outside may realize. MediaWiki [mediawiki.org] is used in some interesting ways, as is a certain open source instant messaging platform. Without going into detail on things that are best not discussed outside classified environments, there are other large open source software projects that have made their way into the server room.

The issue with Microsoft dependency is a long-standing problem having to do with extremely long certification processes. Another issue is the fact that in order to use anything new, the military winds up spending insane amounts of money on retraining personnel, restructuring documentation, testing in live combat environments, etc. Essentially, it's all the major problems of large corporate uptake of open source projects, with additional dependencies.

Things are slowly improving. The military uses what works, and for much of what we use in our infrastructure solutions developed on Microsoft platforms still work. That's not saying they're necessarily the best answer to a given technology need, but they're already in place and it will take some time for new ideas to get adopted.

Re:Stop talking about "open Source"

[palegray.net]

This doesn't apply in the military. If something breaks, it will get fixed pronto or heads will roll at the vendor. In the unlikely event that the vendor is seriously dorked up, I assure you it will still get fixed through other channels. These sorts of mission-critical software failures are not commonly seen in most military environments, however, due to extremely long certification processes for anything that has blinky lights on it.

As much as I love open source software (my servers run on Debian, my workstations are Ubuntu 64, and I publish open source software in my limited spare time from active duty service), you're not going to see the Navy adopting a patch created in the last few days by Joe Developer. Things just don't work that way.

Re:first

[Anonymous Coward]

I hate to break it to you, but you failed miserably. In fact, the magnitude of your failure is so large that it would take me 30 years just to describe it accurately. Instead, I think I would prefer for you to just step in front of a train. It would make life easier for everyone involved.

"Convincing"?

[Courageous]

I work as an integrator and inserter of technology into military organizations.

Hence, I can say with some authority that they are, for the most part, Talready convinced. To best characterize them, it would be: "interested, but cautious". "Convinced, but careful". They want to save money, believe that open source can be good, but have certain matters of due dilligence that they need to attend to.

There remain "paperwork" issues of getting open source into SCIFs, particularly when the provenance of the open source is questionable. Not all open source is born equal, you know. Some is pretty shitty, and some is even written by people in countries that actually DO have active spying programs against us (if you were to say that because the source is there, and open for everyone to see, that this reduces risk, I would agree with you, however this statement that the risk "ought" to be less is sometimes insufficient for these classified area types, dontcha know).

BTW, there is a new DoD directive that has been issued, ordering all defense procurement to include an assessment of open source products as an alternative to proprietary software. How is this "not convinced"?

C//

Re:Excellent!

[wongaboo]

The nicest thing about NMCI might be that it scares the Navy/Marine Corps off of all commercial software solutions. The system is incredibly dysfunctional and expensive. Moving a computer from one user to another or from one side of the room to the other usually costs several hundred dollars and weeks of delay. Moving a whole unit is a nightmare. Most software will not work on the network and users seem to devote themselves mostly to hacking printers and external drives onto the system because that is the only way they can get their work done. Open source software encourages the user to solve problems. If you know how to fix it, do so. If the Marine Corps/Navy adopted this concept (as opposed to just some open source software, rigidly controlled) it would be a perfect about face from the NMCI system where you have no access of any kind to your own machine and neither does the S-6 shop (the computer shop) in your unit. Instead you have to rely on some under trained and, in any case, unavailable, tech located on the other side of the world. We are literally ceding an advantage to our enemy with NMCI and Open Source (which in many ways had it's birth in DARPA) is the perfect solution to this strategic disaster.

*nix and Windows

[Agarax]

On Navy ships workstations are Windows 2000 for office work and for Sailors to email home (everyone has a UNCLAS account).

The more specialized gear (Aegis, and various consoles) are usually Unix or Linux, depending on the piece of gear and the Aegis baseline.

A few pieces of gear run on Windows variants, the Navigation gear (Voyage Management System) the most notable. I think it is a civilian product the military uses.

From what I can tell the Navy doesn't give two shits about what the software runs on, so long as it works. Contractors do all of the upgrades and major overhauls anyway. Sailors just troubleshoot.

Not to mention that hardware and software varies greatly from ship to ship. A Aegis tech from the original Arleigh Burke destroyer would be hard pressed to trouble shoot a system from the latest variant of that class of ship, if he was able to accomplish it at all.

Navy enlisted techs are usually sent to a specific school for a certain piece of gear to help alleviate this problem, though it complicates the Navy's already dire manning problems as certain pieces of gear may only be on a few ships. It is no wonder that civilians do so much these days.

Just my two cents.

Re:Windows is the kids menu

[timmarhy]

WTF does chicken nuggets and your kid being a spoilt brat have to do with anything I said?

can you be more abstract? I think maybe there's a japanese conceptual artist out there that thinks your analogy is good, everyone else thinks it's dumb.

Re:Future Combat Systems

[c6gunner]

For those that don't know SOSCoE is a closed source attempt (and failure) to allow application to actually talk to each other. ...your tax money being put to good use!

Well, thank you for your input! After all, what better place is there to get reliable information about classified military systems than from an Anonymous Coward?