The DHS S&T Cyber Security Division, through its Homeland Open Security Technology (HOST) program, is conducting interviews with state and local governments to gather information about their involvement with implementing or considering open source solutions. The interviews will result in a best practices and lessons learned report based upon state and local government experiences. This analysis will also help inform Federal R&D efforts to leverage open source software for intergovernmental solutions that benefit the broader homeland security enterprise.

Approach

The mission of the Homeland Open Security Technology (HOST) program is to investigate open security methods, models and technologies and identify viable and sustainable approaches that support national cyber security objectives. The foundational technology for the purposes of HOST is based on open source software.

HOST program activities include three key areas of focus:

Discovery

The HOST program will investigate new and existing open security projects and techniques that support and protect government cyber assets. This will be achieved in part through the development and sharing of comprehensive, public accessible inventory of open source projects, tools and applications as well as best practices and lessons learned.

Collaboration

Coordinating development activities and encouraging working relationships between public and private-sector R&D communities is core to increasing the sustainable use of Open Security Technology. Cross-industry events, designed to serve as platforms for collaboration, are already underway.

Investment

DHS is committed to providing seed investments in advanced R&D activities that support national cybersecurity objectives and have the potential to create sustainable project communities. This is achieved in part by enabling broad adoption and participation by public and private-sectors.

HOST Program Activities

Suricata Open Source Intrusion Detection System (IDS)

Funding for the Suricata IDS project was provided by S&T and the private companies that form the Open Information Security Foundation (OISF) consortium. The OISF is a multi-national group of the leading software developers in the security industry organized to build a next generation IDS engine. OISF has also engaged the open source security community to identify current and future IDS needs and desires. More information on Suricata can be found on the project website.

Federal Information Processing Standard (FIPS 140-2) validated OpenSSL Cryptographic Module Library

The OpenSSL software is the basis of many, perhaps the majority, of all validated software cryptographic products, but validation of the OpenSSL cryptographic library starting from source code is a first. S&T has provided funding and guidance to help secure FIPS 140-2 validation for the most current version of the OpenSSL cryptographic module which is made freely available to government and non-government users under an open-source license. More information on OpenSSL can be found on the project website.

Open Security: Open Source Software’s Role in Government Cybersecurity

A presentation was given by Dr. Douglas Maughan, director of the S&T Cyber Security Division, at the 2012 Palmetto Open Source Software Conference. It covers how open source software fits into the federal cybersecurity strategy and goals of the HOST program.

Open Source Software in Government: Challenges and Opportunities

In 2011, extensive interviews were conducted with a wide range of state, local and federal government information technology professionals, industry experts and others to gain a fuller understanding of how open source is being used in U.S. government today and where the opportunities and challenges reside.  For more information, please see the Challenges and Opportunities document.

Open Security Catalog

The program maintains a catalog, which is updated quarterly, of cybersecurity related open source software. The eventual program website will be a central source for this information.

Fact Sheet

More information on the HOST program can be found on the HOST fact sheet.

HOST Program News and Update

Cyber Security HOST Project Receives National Honor

The HOST project was awarded the Open Source for America (OSFA) 2011 Government Deployment of Open Source Award. HOST won the award in the category of “Open Source Deployment in Government”. More information on the annual OSFA awards can be found on the OSFA website.

GovLoop Webinar (June 7, 2012 at 2pm Eastern) – Open Source Software in Government: Challenges and Opportunities

GovLoop, the HOST program, and RedHat hosted the GovLoop Webinar on June 7, 2012 at 2PM ET to discuss a HOST report. Main topics of the GovLoop Webinar included: Current open source software roadblocks; the state of the collaborative development of software; open source software security; opportunities for open source software in government; and available solutions.

Presentation: Realizing The Value Of Open Security: Leveraging The Technical, Economic And Operational Benefits Of Open Source Software Technologies In Support Of National Cybersecurity Objectives

Protection of our citizenry, critical infrastructure and national security interests from cyber threats requires continual development of advanced technologies, methods and techniques to keep us ahead of the threat curve. As the scope of adversarial threats expand, governmental budget constraints require that we think more with our head and less with our wallet. The Cyber Security Division invested in several programs, such as HOST, designed to identify and leverage the technical, economic and operational benefits of the open source software development model in support of national cybersecurity objectives. This presentation explained the DHS strategic vision and provided examples of how and where open-source software can serve as a valuable part of a comprehensive cybersecurity strategy.

Contact

Program Manager: Dr. Dan Massey

Email: SandT-Cyber-Liaison@hq.dhs.gov

Mailing List: host@hq.dhs.gov

Performers

Prime: Georgia Tech Research Institute (GTRI)