A Foot in the Door: Can Open Source Find Traction in Government?
The U.S. government is the largest purchaser of information technology products and services in the world. In 2003, the government will spend approximately $60 billion buying, updating, managing, and maintaining an expansive network of computer products and programs.1
Open source software seems a likely choice for budget-strapped bureaucrats; indeed, the current climate seems ideal for open source to grab a bigger piece of the government’s IT pie. Although open source software is no longer considered an outsider inside Washington, it continues to face challenges on the road to official acceptance as a major player in the government’s collective IT system.
WHAT’S OLD IS NEW
Open source has a long (but quiet, and sometimes unofficial) history as an integral part of civilian and Department of Defense (DoD) networks. Programs such as Linux, Berkeley Software Distribution (BSD), Apache, Samba, MySQL, PostgreSQL, Perl, Python, and Zope are common in most government IT systems. As is often the case in corporate America, most of the support for open source comes from the working ranks of programmers and administrators. Users reported early success with open source programs within the Department of State, Department of Commerce, General Service Administration, and the Postal Service—not to mention numerous programs at National Aeronautics and Space Administration (NASA), the U.S. Naval Oceanographic Office (NAVOCEANO), and, of course, the longtime support of the government’s research community.2 This first attracted attention from the managerial staff and then curious inquiry from policy makers. The concept of open source (“You mean we don’t have to pay for this?”) continues, however, to present a quandary for many in policy-level positions.
Public-policy makers generally perceive open source software as a dichotomy. On the one hand, open source offers a unique opportunity: Free software and full control of the development and management of IT systems because the source code is included. This can result in increased technological efficiencies, as well as significant financial savings. In addition, open source helps diminish the reliance on any one vendor for service or support.
On the other hand, policy makers see open source software as a disruptive technology because it disregards established development regimes and fails to provide an extensive vendor network that can be held accountable for crashes, updates, and quality control. They want to know exactly whom to yell at when things go wrong (someone who works for a company that the policy folk have heard of). This isn’t limited to government—corporate adoption of open source has faced the same hurdle.
FORTUNE 500 TO THE RESCUE?
The recent flood of support and product offerings by major IT vendors, including Hewlett-Packard, IBM, Intel, and Oracle, has tempered the argument over product support. This increased commitment from large corporate vendors has, as you might expect, significantly raised the interest level of many government officials.
In addition, increased technical recognition provided by numerous government-sponsored reports has helped stimulate interest in open source software and has encouraged agencies to explore and even adopt open source policies.3
MOUNTING MOMENTUM, CONTINUING CHALLENGES
Recent internal studies performed by the MITRE Corporation for the DoD identified more than 100 open-source software applications being used within the DoD.4 Studies performed for members of the intelligence community and military agencies have highlighted a variety of open source software used within their IT systems, as well as documenting benefits derived from the software.5
The official adoption of open source programs throughout the DoD has been limited, however. One reason is that, according to a recent federal mandate,6 all software programs interacting with any system related to national security are required to achieve stringent DoD certifications. Key open source projects are engaged in the various DoD certification processes,7 but the lack of existing fully certified open source software has hampered adoption efforts into critical defense systems thus far.
The DoD is optimistic that the certification will be attained and that open source has a future within its systems. DoD chief information officer John Stenbit recently issued a policy statement, “Open Source Software in the Department of Defense,” which acknowledges the DoD’s “current policy [on open source software] and provides additional guidance on the acquisition, use, and development [of open source software] within DoD.”8
The release of this statement was heralded by many in the open source community as a sign of a leveling of the playing field in the contest between open source and proprietary programs within DoD.9 It is also assumed that this statement provides a permissive nod to those inside DoD who wish to explore and/or implement open-source programs—while continuing to require open source software to meet the same standards and required certifications as commercial software.10
Things are looking up.
1 “The Feds Love Linux,” Erica Brown, Forbes, June 20, 2003, http://www.forbes.com/2003/06/20/cz_eb_0620linux_print.html.
2 “OSSI Works with Navy,” OSSI, http://www.oss-institute.org/ossinavy.html, (for password, e-mail firstname.lastname@example.org). “ Open Source Permeates Navoceano Systems,” John Lever and John Weathersby, CHIPS, Summer 2002, http://www.oss-institute.org/newspdf/CHIPSarticle.pdf.
3 “A Business Case Study of Open Source Software,” Carolyn A. Kenwood, MITRE Corporation, July 2001, http://www.mitre.org/work/tech_papers/tech_papers_01/kenwood_software/kenwood_software.pdf. “Open Source Permeates Navoceano Systems,” John Lever and John Weathersby, CHIPS, Summer 2002, http://www.oss-institute.org/newspdf/CHIPSarticle.pdf. “Open Source Software (OSS) in the Department of Defense (DoD),” John P. Stenbit, Department of Defense, May 28, 2003 (PDF copy of the memo), http://www.egovos.org/pdf/OSSinDoD.pdf.
4 “Use of Free and Open-Source Software (FOSS) in the U.S. Department of Defense,” MITRE Corporation, January 2, 2003, http://www.egovos.org/pdf/dodfoss.pdf.
5 “A Business Case Study of Open Source Software,” Carolyn A. Kenwood, MITRE Corporation, July 2001, http://www.mitre.org/work/tech_papers/tech_papers_01/kenwood_software/kenwood_software.pdf.
6 National Information Assurance Acquisition Policy: “National Security Telecommunications and Information Security Systems Committee Fact Sheet No. 11,” January 2000, http://niap.nist.gov/niap/library/nstissp_11.pdf.
7 “OpenSSL Enters Evaluation for FIPS (Federal Information Processing Standards) 140-2 Certification,” Open Source Software Institute Press Release, April 28, 2003, http://www.oss-institute.org/newspdf/OSSI-OpenSSL-fips_PR.pdf. OpenSSL FIPS Cryptographic Module by Open Source Software on website, April 28, 2003,http://www.oss-institute.org/newspdf/OSSIFIPSRef.pdf.
8 “Open Source Software (OSS) in the Department of Defense (DoD),” John P. Stenbit, Department of Defense, May 28, 2003 (PDF copy of the memo), http://www.egovos.org/pdf/OSSinDoD.pdf.
9 “Stenbit Tells Open Source Users: Check That Legality,” Joab Jackson, Washington Technology, June 3, 2003, http://www.washingtontechnology.com/news/1_1/daily_news/20857-1.html.
10 National Information Assurance Acquisition Policy: “National Security Telecommunications and Information Security Systems Committee Fact Sheet No. 11,” January 2000, http://niap.nist.gov/niap/library/nstissp_11.pdf.
JOHN M. WEATHERSBY, JR. is the founder of the Open Source Software Institute (http://www.oss-institute.org). The nonprofit organization’s mission is to promote the development and implementation of open source software within federal and state government agencies and academic entities.