Posted on 07/27/2004 12:53:19 PM PDT by GeorgiaFreeper
Inadequate Security Poses National Security Threat
Dan O'Dowd, CEO, Green Hills Software Inc.
Linux is being designed into future U.S. defense systems, including the Army's Future Combat System (FCS), the Land Warrior, and the Global Information Grid, which will connect future military systems into one network. This spread of Linux into defense systems is cause for serious concern. Linux security is inadequate for defense use.
The operating system used in defense is the foundation of its overall integrity. The operating system controls all of a system's functions, communications, and security; if it is compromised, an enemy can spy on, disable, or commandeer the entire system.
The Linux operating system is developed by an open source process. With the knowledge that Linux is going to control our most advanced defense systems, foreign intelligence agencies and terrorists can easily infiltrate the Linux community to contribute subversive software. The risk is particularly acute since many Linux contributors are based in countries from which the U.S. would never purchase commercial defense software. Some embedded Linux providers even outsource their development to China and Russia.
It would be incredibly naive to believe that other countries and terrorist organizations would not exploit an easy opportunity to sabotage our military or critical infrastructure systems when we have been doing the same to them for more than 20 years!
Linux in the defense environment is the classic Trojan horse scenario--a gift of "free" software is being brought inside our critical defenses. If we proceed with allowing Linux to run these defense systems without demanding proof that it contains no subversive or dangerous code waiting to emerge after we bring it inside, then we invite the fate of Troy.
One of the greatest misconceptions about Linux is that the free availability of its source code ensures that the "many eyes" with access to it will surely find any attempt at sabotage. Yet, despite the "many eyes," new security vulnerabilities are found in Linux every week in addition to dozens of other bugs. Many of these flaws have eluded detection for years. It is ridiculous to claim that the open source process can eradicate all of the cleverly hidden intentional bugs when it can't find thousands of unintentional bugs left lying around in the source code.
Linux is being selected for defense systems because of the perception that it is more secure than Windows. However, this conventional wisdom is unsupported by quantitative data. In fact, the U.S. National Institute of Standards and Technology (NIST) security vulnerabilities database lists more vulnerabilities for Linux than Windows in the last ten years. In addition, under the internationally recognized Common Criteria for IT Security Evaluation (ISO 15408), Windows has been certified to Evaluation Assurance Level 4 (EAL 4), a higher level of security than the EAL 2 that Linux has achieved.
Even if Linux were as secure as Windows, Windows is the wrong benchmark. Defense systems should be held to a higher standard.
The Federal Aviation Administration (FAA) requires software that runs commercial (and many military) aircraft be approved as part of a DO-178B certification. DO-178B Level A is the highest safety standard for software design, development, documentation, and testing. It is required for any software whose failure could cause or contribute to the catastrophic loss of an aircraft.
Several operating systems have been DO-178B Level A certified. Until Linux is certified to DO-178B Level A, our soldiers, sailors, airmen and marines should not be asked to trust their lives with it.
LOL, these people know nothing of how 'systems are designed and procured. Be afraid, be very afraid (and not of open source -- sheesh).
SO9
Does this take into account use of the "Security Enhanced Linux" available at www.nsa.gov ?
Let's just deal with the two biggest counter-arguments to the 'stealth code" nonsense:
1) One of the top advantages of open-source is that a large number of eyes are looking at the finished product. If someone tries to intentionally build some form of "back-door", it will get noticed.
2) Defense and other security agencies don't use "stock" Linux distributions off of the Internet. They start with some baseline, add thier own enhancements or modifications to it, and then go through a massive certification process before that version is allowed to be used.
But it is based on Free BSD which shares many attributes of the open source linux model.
What's it cost to get an OS certified, and who would pay for that in the case of an open source OS? It's like saying we think aspirin can cure Lyme disease; who would pay the millions that proving it would cost, since aspirin can be manufacturered and sold by anybody?
Windows has gotten ahead of the curve in certs by manipulating situations, not their software. They have been going after certs longer with more money, and in a far more specific manner (this hardware in exactly this config, with these specific changes)..
That being said is Linux the best thing for defence?? No is windows?? No, is any one homgeneous system?? No! Pick where things will go according to their strengths..
But it is based on Free BSD which shares many attributes of the open source linux model.
Free BSD is no more secure than Linux.
So9
You can run MD5 signature checks on all source files before they are compiled. With Windows you could have differing binaries and you wouldn't know what the hell was going on or what changed. Doing forensics on that kind of manipulation is very difficult.
Exactly!
This company is known to be in the Pocket of Sun and thus Microsoft, so of course anything that puts Linux(Sun's and Microsoft's) main competition, in a bad light, is standard practice.
Hire some Americans back, use the "many eyes" model for developing and testing, and you would have a chance at greater security AND less buggy systems.
The DoD does not send some guy down to CompUSA to buy a couple boxes of whichever Linux distro is cheapest this week. You would not believe the process they put a vendor through in order to certify an OS as acceptably secure.
And then, of course, they don't exactly connect important systems to the Internet.
You've got that right. My company has been struggling to get a large system security-certified for months now.
The obvius response was, and is, "Hmmm....Unix variants outsourced to India and other places are written by foreigners too. The big difference is I can see all the source code of Linux. With the big commercial ones, not an option."
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.