Open for the Future
Programs such as the Army’s Future Combat Systems and organizations such as the Defense Information Systems Agency and the Defense Intelligence Agency are using open technologies using on-proprietary software.
Some analysts tout open source software as one of the next great technology waves, comparable in its disruptive effects to personal computing and the Internet. That future is already partly here for the U.S. military, with programs such as the Army's Future Combat Systems (FCS) and organizations such as the Defense Information Systems Agency (DISA) and the Defense Intelligence Agency (DIA) using open technologies.
Open source technologies are making inroads among Department of Defense acquisitions as a result of potential benefits such as low cost, flexibility of use and modification, and the lack of vendor lock-in.
Open source technology refers to non-proprietary software that is continually developed and improved by a community of thousands of developers around the world. These systems freely disseminate their source codes and make use of open standards and interfaces. The operating system Linux is a prime example of open technology development.
Open technologies provide two related advantages over their proprietary alternatives. They reduce the cost of software development and cut the time in which innovations in software can be incorporated in systems.
A roadmap for the adoption of open technologies was released last year by the deputy under secretary of defense for advanced systems and concepts. That paper proposed adopting open source infrastructure and technologies and applying open source to collaborative technologies being implemented by DoD.
Still, the adoption of open source by the military remains a slapdash endeavor rather than a concerted effort. A survey conducted by DISA several years ago found a surprisingly high level of open source technology in use. But the adoption of open source has remained a local effort rather than a departmentwide initiative. Although DoD leaders have expressed interest in moving toward open technologies, the department has yet to refine policies or procedures that would take DoD in that direction in a big way.
"The adoption of open source technology is widespread but uneven in the Defense Department," said Bernard Golden, chief executive officer of Navica, a systems integrator. "There has clearly been an expanded awareness and penetration of open source. Some groups don't do it at all, some use it and don't even know it, and some actually advocate its use."
Security Issues
One of the advocates of the open source approach is Brigadier General Nickolas Justice, Army program executive officer for command, control and communications tactical.
Justice acknowledges that many in the military acquisition community remain wary of open source. "They are concerned about the security of open source products as well as the level of maintenance they require," he said.
Acquisition officials also wonder whether DoD personnel possess the requisite skills to successfully implement open source technologies and whether the department can move from a culture of complete control over software to one where the technology is shared, according to Justice.
For now, "all senior level types in the acquisition community understand there is something called open source out there," he added.
Open source boosters assert that the collaborative open source process yields better quality and security than the closed technologies of proprietary software. "You publish your code and while you're asleep, someone in New Zealand is taking it apart piece by piece," said Andre Boisvert, chief executive officer of Pentaho, an open source business intelligence software company. "They can't wait to publish all of your flaws on their blog."
Open source also encourages greater and faster software innovation, according to Boisvert. "If you don't innovate they will 'fork' you," he said, meaning that developers and users simply take existing code and develop it in their own direction. "It could be happening in China, Brazil or anywhere."
Boisvert insists that open source is a tough business from the vendor perspective and that the most benefits go to the users because they get a better product. Open source vendors generally distribute software for free. What they charge for are things like packaging and support. "A lot of people are using our software for free by downloading it off the internet," said Boisvert. "If you need support then you need to get the pro version of the product and that costs."
Besides the issue of cost, the increasing scope and complexity of military software requirements encourages the use of open source. "If the project is of a sufficient scale, you cannot get there without an open source approach," said Dewey Houck, a senior engineer at Boeing, the lead systems integrator for the Army's FCS.
Linux is being deployed as the operating system for the Future Combat Systems (FCS), Houck noted. Other open technologies are being incorporated in FCS's System of Systems Common Operating Environment.
"This means that under FCS, brigade level activities will be almost completely supported by open technologies," Houck said. "In addition, there are proprietary components."
Justice is an open source believer because of the flexibility it provides warfighters in the field. "On the battlefield, the enemy gets a vote," he said. "The software has to change if the business changes. We want young sergeants and captains to be able to change things in their battle command applications as conditions change."
Business Intelligence
Open source business intelligence tools are beginning to penetrate the U.S. military, as is evident from some early success being enjoyed by Pentaho. "We used open source to build the next generation business intelligence [BI] system," said Boisvert. Business intelligence refers to a group of tools that collect, integrate, analyze and present business information to support better decision-making.
Pentaho assembled an end-to-end business intelligence suite by pulling the best BI tools, such as data mining and reporting, from around the world and publishing them using open source standards. "What took other companies 15 years to accomplish took us four years through open source," said Boisvert.
The Naval Air Systems Command has deployed the Pentaho Open BI Suite within its Military Flight Operations Quality Assurance Program, a knowledge management process that uses flight data to provide information on crew and aircraft performance, Boisvert noted. The Pentaho product enables reporting and analysis of data form flight data recorders and avionics equipment.
DISA installed a Pentaho reporting and analysis tool as part of its Joint Operation Planning and Execution System, part of its Network Centric Enterprise Services suite, to analyze equipment and troop deployment, scheduling and logistics.
The Multinational Information Sharing Initiative (MISI) is part of Operation Enduring Freedom-Trans Sahara, the U.S. military component of the Trans-Sahara Counter Terrorism Initiative. MISI is designed to enable collaboration among DoD, the U.S. Department of State and the nine northwest-African nations participating in the program. That project is also making extensive use of open source technologies.
"MISI is different than the usual DoD type of application because it is designed to be unclassified," said Navica's Golden. "The people within DoD who designed MISI wanted to use open source technologies to enable other nations to install it on their own local environments."
Among the open technologies being used by MISI are Drupal, an open source content management platform, and Asterisk, a telephony application. MISI "added a new kind of identity management capability to Drupal," said Golden. "They went to someone in that community and contracted with them to build it."
MISI is currently being installed for the first time in the nation of Chad. "MISI is completely open source," said Golden. DoD engaged Navica to work with the MISI project team to develop and implement a governance policy for the open source technologies that the project employs.
Open technology governance issues include questions of code vetting, licensing, distribution, and intellectual property ownership. Open source software licenses impose obligations that must be observed in order to obtain its benefits. Legal consequences, such as liability for copyright infringement, can flow from the failure to observe license conditions. Open source technology, then, is relatively-but not completely-open.
For example, the Apache software license requires that documentation accompanying a product containing Apache-licensed software include an attribution reflecting the presence of the Apache-licensed code. Others, like the GNU General Public License, impose source code distribution restrictions on organizations.
"If you want to use open source, you have to live by the ethos of the open source community," said Golden. "Overall, open source licenses offer freedom but also obligations. To work with open source, you have to adhere to the letter and the spirit of the license."
MISI's governance challenge is to keep track of and comply with some 60 open source licenses. Like other organizations, the MISI team is challenged to keep track of open source technology, said Golden. Because the software is available for free download, it may unobtrusively infiltrate an organization's code base.
The lack of a highly developed and widely recognized governance regime for open source is one of the factors preventing a wholesale, top-down adoption of the concept at DoD, according to Justice. Navica has developed an open source governance framework that is being implemented by MISI. (See sidebar.)
Software Supply Chain
Governance considerations usually arise after open source is being used by an organization and after its IT group may have tried to stamp it out, according to Golden. "Open source stays because of its proved business value," he said. "Then you have to put something in place to manage it.
"This is important for DoD in particular because it does lots of contracting and subcontracting," he added. "DoD has to keep track of its software supply chain. Does everyone know what they are supposed to do with open source?"
Another consideration for organizations committed to using open source is how to decide what tools to use. Over 100,000 open source products are available for download at the click of a mouse.
"Even if one-tenth of 1 percent of them are potential candidates for use, that represents a pool of more than 100 products that must be assessed for their maturity for a particular organization," said Golden. To that end, Navica has created an Open Source Maturity Model, which evaluates a product based on its functionality, support, training, documentation, integration and services, and assigns a numeric score.
A simpler solution for open source selection comes from Bob Gourley, currently the chief technology officer for Crucial Point, an IT consultancy, and former CTO for DIA. DIA makes extensive use of open source software, including the Sun Microsystems Solaris operating system.
"There needs to be a process for managing the movement of open source code into any enterprise, especially into the government's most sensitive domains," said Gourley. He suggests that the "default answer" should be that "any well managed open source software is automatically granted authorization to operate on government networks unless some specific reason is known that would call its performance into question."
Adoption of such a policy would reduce the costs of getting software tested and approved for use on government networks and would enable the government to field capabilities faster, Gourley argued.
As more DoD projects and organizations recognize and use open technologies, the department will no doubt develop overarching policies and procedures for acquiring and deploying those technologies. And that means that, according to Gourley, "More open is in everyone's future." ♦
