How Open Source is Driving Innovation in Cybersecurity

Protecting against today’s relentless and adaptive cyberthreats requires continuous monitoring and ensuring that rigorous security protocols are built into agency solutions and systems. But providing the investment and support needed for sophisticated security technologies can strain government budgets already stretched thin. Additionally, it can often seem like cybersecurity and technological innovation contradict each other.

That’s why government should look to open source strategies and solutions for their cyber needs. In fact, secure, open source solutions are being used throughout the federal government already, from processing Medicare claims at the Centers for Medicare and Medicaid Services (CMS), to handling airplane traffic at the Federal Aviation Administration (FAA).

To learn more about how open source solutions can achieve the security and innovation government needs, GovLoop sat down with Shawn Wells, Chief Security Strategist for North America Public Sector at Red Hat. Red Hat is a company dedicated to delivering the latest software technologies that are secure while allowing access to a community of experts, making software the open source way.

“Open source is a method to bring organizations together with common problems,” Wells said. “For example, everybody has insider threats and everybody needs a web server. So why not identify areas of commonality where different mission elements are really doing the same thing? Why not work together on creating secure web servers?”

Open source helps agencies identify common solutions by bringing together communities of developers, practitioners and even those who simply want to learn about how the latest innovations can combat the latest cyberthreats. By adopting an open source strategy, agencies are also changing the ways they innovate and partner with external stakeholders. Traditionally, when a new benchmark or requirement was issued, agencies found new needs to address, so they would request that private sector companies develop solutions.

Wells explained though, that the open source process is allowing agencies to directly contribute to innovations and emerging security solutions by enabling individuals to develop strategies and tools that improve an agency’s security posture.

“When government agencies start participating in the development of the technology, prior to the production and manufacturing, they get an intrinsic voice in how the technology innovates,” he said.

For example, a U.S. intelligence community element needed to develop a capability to process large amounts of signal and satellite data. The data feeds came from multiple defense, intelligence, and civilian agencies — meaning different classifications, such as Secret and Top Secret. However, mission success was dependent on merging the data together during analysis. The solution was to build one of the first cross-domain supercomputers in the U.S. Department of Defense (DoD). Lockheed Martin, as the prime contractor, began working on an open source solution. By working with a community of developers to share ideas and potential code, the U.S. intelligence element was able to create a secure and innovative platform that fulfilled mission need and complied with the security protocols of over 12 different agencies.

The DoD found that other coders in the intelligence community were also having trouble creating secure supercomputing platforms that could simultaneously process multiple classifications of data. By open sourcing the core baseline, the DoD and intelligence community were able to spread this solution and help other agencies. The community of practice continues to institutionalize an open culture to find solutions to other common issues.

Agencies may need cloud computing, virtualization, big data or other innovative technologies to improve mission capabilities. Regardless of which technology innovation your agency may need, open source strategies and solutions can help you achieve your agency’s goals while strengthening cyber posture.

Red Hat solutions offer these features:
• Security is written into the software. When your vendor co-develops with you, your agency can build in the security capabilities needed, rather than trying to add them after the software’s release.

• Compliance is made easy. Pre-configured baselines are delivered that have already been tested and accredited with government’s most rigorous security requirements, including FISMA and DoD’s Security Technical Implementation Guides (STIGs).

• Security exceeds traditional standards. Red Hat’s Enterprise Linux 6 and 7 platforms, for example, offer NIST- certified encryption that protect your agency’s data at rest and during transport across networks. More importantly, with Common Criteria certification for both hypervisors and containers, Red Hat allows you to create and secure virtualized IT environments in the cloud.

• Vulnerability updates are delivered automatically. With Red Hat, 98 percent of critical vulnerabilities have had updates available the same day or next calendar day.

As agencies plan their technology investments, they must carefully balance their innovation needs for improved efficiency and performance with an equally strong need for security. Secure, open source solutions and strategies can help your agency achieve these goals, even despite constrained resources. With Red Hat, you get open source’s agility and the ability to quickly innovate while also satisfying uncompromising requirements for security.