Cresting the Open Source Wave

1
Cresting the Open Source Wave

• Building a Case for
• Open Source/Open Technology
• Adoption within
• DoD/DON IT Environments

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
2
Introduction

• Open Source Software Institute
• DONCIO OS Policy Working Group
• CNMOC Open Source CRADAs
• FIPS 140-2 validation for OpenSSL
• Open Technology Development
• NRL/DC OpenCrypto Management Program/NRL

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
3
OSS BCA FIPS OpenSSL

• FIPS validated OpenSSL for DoD
• FIPS NIAP/NSTISSP No. 11
• DMLSS, OSSI, HP, IBM, OpenSSL Group
• gt150,000 (lt1m man hours over 5-years)
• DMLSS project savings lt200,000
• Program savings for DoD lt20m
• 200 programs x 100k 20m
• WHY 5-years to complete 9-month validation?
• Cresting the Open Source Wave/Paradigm

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
4
Assumptions/Truths

• The mission of the United States Navy is to
  maintain, train and equip combat-ready naval
  forces capable of wining wars, deterring
  aggression and maintaining the freedom of the
  seas.
• IT is an integral part of USN's infrastructure
  and is vital to its ability to operate
  successfully.
• IT costs are increasing, budgets are not.
• No breaks coming soon
• Got to work smart

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
5
Resources and Innovation

• Open Source software is currently part of the
  Navy's IT fabric
• Commercial IT market has embraced open source
• Mature enterprise-level solutions
• Secure, viable, available
• Technology tools to use
• Not a zero-sum (IT) game
• Open Source AND Proprietary

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
6
Challenges Tango Bravo
Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
7
Opportunities with OSS

• More Control Over IT Budget/Management
• gt acquisition expense
• gt maintenance/customization
• gt upgrades

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions
Four years into its work, the DD(X) software
development is actually on cost and on schedule
a rare feat in the software realm. COTS Journal
The DD(X) program's business model calls for a
standards-based competition plan that competes
every four years,... The final winner was IBM's
Opteron Blade Servers with Red Hat Linux. COTS
Journal
8
Vendor/SI Participation

• Vendors/SI will follow suite
• Business model paradigm shift
• Access to more development/support resources
• OTD Working Group
• DoD drive demand
• Policy
• Leadership

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions
9
New Legacy

• Open Standards
• Open Architecture
• Navy Open Architecture Computing Environment
  (NOACE)

Don't Re-Invent the Wheel!
Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions
Pieces of the TSCEi (Total Ship Computing
Environment infrastructure) used in DD(X), which
comprises the hardware, software middleware can
be leveraged on board existing vessels.
10
Policies Protocols

• Policies should not be used as a barrier to entry
  for new technologies.
• Acquisition policies
• Security policies
• Development Implementation

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
...upsetting the applecart...
11
Cresting the Wave

• Acknowledge/Address the Issue
• Open Source/OTD is a process not a product.
• A true paradigm shift
• Affects Acquisition, Development, Usage
• Make it work for you

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions
12
Strategies Initiatives

• Open Technology Development
• Open Source Software
• Open Standards
• Open Innovation
• Interoperability
• OSD, NII, DON, USAF, DHS, DISA
• Navy Open Architecture (NOACE)
• DONCIO OSS Policy

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions
13
Ride the OSS Wave

• See where OSS/OTD can serve your purposes
• Support DONCIO's policy efforts
• Demand excellence

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions
14
OpenSSL...?

• FIPS validation imminent (0.9.7)
• 0.9.7 scheduled
• NRL/DC hosting OpenCrypto Management Program
• .mil hosting
• revolving validation effort
• DoD-wide access
• OpenSSH, ModSSL/Apache, Stunnel, Curl

Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?
15
Additional Information
Introduction BCA OpenSSL Assumptions Resources Ch
allenges Opportunities Vendors New
Legacy Policies Cresting the Wave Strategies Solut
ions OpenSSL?

• Open Source Software Institute
• www.oss-institute.org
• www.fipsopenssl.org
• www.governmentforge.net