UK Government Prefers Open Source

March 16, 2013

Those of you who have read this blog from time to time already know that I am a proponent of the open source model of software development.  I’ve talked about its use in a number of different cases, including the development of the Linux operating system, and the development of systems for the US Department of Defense.  Even Microsoft, whose chief executive, Steve Ballmer, once likened open-source software to “a cancer”, seems to have gotten religion; for example, it now uses Hadoop open-source software for “big data” projects, and supports the use of Linux virtual machines in its Azure cloud service.

According to an article at Computer Weekly, the government of the United Kingdom is preparing the launch of a new set of mandatory standards for development of new digital public services.  The new Government Service Design Manual, now in a beta edition, includes a clear preference for open source:

In a section titled “When to use open source”, the manual says: “Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.

This strikes me as eminently sensible, especially the last phrase, “in particular for operating systems …”  Considering operating systems as an example, it seems to me extremely improbable that the UK would require unique OS capabilities not needed elsewhere.  Perhaps more bluntly, it seems to me very unlikely that the UK (or the US, or anyone else) has some special, valuable insight into how an OS should be built.  (The evidence seems to suggest that, at least for general purpose computers, the approach initially embodied in the UNIX OS works pretty well; UNIX’s descendents include Linux, of course, as well as Android, OS X, and Google’s Chrome OS.)

The new standards do allow for use of proprietary software in rare cases; but the manual cautions that, in these cases, it is important to specify open interface standards, to avoid vendor lock-in.  The article quotes government chief technology officer Liam Maxwell, on the advantages of the open-source approach:

Nobody makes packaged software for digital public services. With the software we are making, we have a preference for open source, because it means other countries can use it too and help make that software better. This approach will also ensure we are not locked in to some mad oligopoly outsource.

The new standards also state that new software developed for the government should be published under an open-source license.  The UK government has also entered into an agreement with Estonia for joint development of some public service systems.

As I’ve said before, the ideas underlying the open-source approach have been around since the early days of computing (and even longer in the natural sciences).  Governments everywhere seem to be struggling with the conundrum of how to do more with less.  Using open source software (and getting rid of the Not Invented Here syndrome) should free up some significant resources now devoted to wheel re-invention.

National Strategy for Information Sharing and Safeguarding

December 23, 2012

The US government, through its various intelligence operations, collects an enormous amount of information; especially recently, private organizations and businesses have assembled some pretty impressive collections of their own (think Google or Facebook).  These collections have the potential to tell us a lot about the emergence of threats to either physical or information systems assets.  The problem has always been that it is much more challenging to sift through and analyze the information than it is to collect it in the first place.  I’m sure most readers have heard the narrative about all the warning signs of the 9/11 attacks; they were not hard to find after the fact, but no one “connected the dots” beforehand.  Furthermore, even among government agencies, information was not always shared, either because of inter-agency politics, or just inertia.  Information exchange between government and private-sector entities was even more problematic.

In the last decade, there have been efforts made to improve this situation.   As part of that overall effort, this past week the White House released a new National Strategy for Information Sharing and Safeguarding [PDF here, 24 pp. total].  As the title implies, the Strategy recognizes that information must be shared, but in a controlled way; sharing everything with everyone risks giving too much information to potential adversaries.  Citizens’ rights and privacy concerns also need to be taken into account.

Our national security relies on our ability to share the right information, with the right people, at the right time. As the world becomes an increasingly networked place, addressing the challenges to national security—foreign and domestic—requires sustained collaboration and responsible information sharing.

It also recognizes that many entities, not all of them governmental, are involved:

The imperative to secure and protect the American public is a partnership shared at all levels including Federal, state, local, tribal, and territorial. Partnerships and collaboration must occur within and among intelligence, defense, diplomatic, homeland security, law enforcement, and private sector communities.

To the extent that this reflects a shift toward looking at this problem as a whole, and not just at individual pieces, this is a welcome development.

I have had a quick preliminary read of the Strategy; although it is, like many similar documents from large organizations, over-supplied with jargon, its basic thrust seems sound.  The approach is based on three basic principles:

  • Information is a National Asset
  • Information Sharing and Safeguarding Requires Shared Risk Management
  • Information Informs Decisionmaking

The last is perhaps the most important, in the context of recent history.  Information in a form that cannot be used to inform decisions is not worth much.

The Strategy identifies five broad goals going forward:

  • Drive Collective Action through Collaboration and Accountability
  • Improve Information Discovery and Access through Common Standards
  • Optimize Mission Effectiveness through Shared Services and Interoperability
  • Strengthen Information Safeguarding through Structural Reform, Policy, and Technical Solutions
  • Protect Privacy, Civil Rights, and Civil Liberties through Consistency and Compliance

Each of these is discussed, and further broken down to more specifics.  The Strategy then goes on to identify objectives for action going forward.

As is often the case with security policy issues, the devil is very much in the details of implementation; but it is encouraging that a reasonable framework has been developed as a starting point.

%d bloggers like this: