Public sector agencies may have been methodical in their adoption of Linux and open source software alternatives,
but then again, no one has ever accused the government of doing things quickly.
Linux got a push forward by the U.S. government this week when Red Hat, IBM and Trusted Computer Solutions Inc. (TCS), jointly announced a partnership to improve security for the Linux operating system.
The partnership entails a Common Criteria evaluation on a range of IBM eServer systems, which is scheduled to be completed sometime in 2006. The Common Criteria is an internationally recognized ISO standard used by the federal government and other organizations to assess security and assurance of technology products.
Red Hat Linux and IBM achieved Evaluation Assurance Level (EAL) 3 certification one year ago, and with this latest move both companies expect Red Hat Enterprise Linux (RHEL) version 5 to reach EAL4 status by 2006.
Peter Gallagher, the president of Arlington, Va.-based government IT consulting firm Development Infostructure, said the fact that a new EAL certification is expected in 2006 is not as important as the fact that Linux has begun to acquire more features to compete with Microsoft systems in government.
"The Common Criteria level really doesn't mean that much to us; it's more about how the [Linux] system has been designed," he said. "The market penetration of Linux is more important than that generic evaluation part. From a technical perspective, it is not that meaningful, but from a marketing perspective, they are seen to be matching Microsoft."
Microsoft has been part of a much reported battle with the state of Massachusetts in the past few weeks over the state's planned phase out of Microsoft Office. Massachusetts CIO Peter Quinn has said that state government would switch to an OpenDocument standard by 2007.
"A common document standard is an event I think is inevitably going to happen," Gallagher said. "It's good for everyone; we need some more liberal states."
Also inevitable is the adoption of open source technology and the Linux operating system amongst government agencies, Gallagher said. In the past year, open source software (OSS) and Linux have become "just another option" for government, which is by no means a bad thing, he said.
"[Linux and OSS are] on the schedules… and [are] generally seen as supported. JBoss has been working with federal groups, you are seeing Oracle talk about it," Gallagher said. "As this is the federal level, it has taken longer to see things get proven, but today [OSS] is no longer in a position where it needs to be proven and is now looked at as an alternative."
For some, the Linux alternative was always in the back of their minds, but had not yet reached the level of security that was needed for implementation.
"For years our customers have been clamoring for the look, feel, flexibility, and functionality of today's commercial software," said Susan Alexander, chief of information assurance research at the National Security Agency. "With NetTop, based on SELinux, they can get just such an environment...without compromising on security."
NetTop and NetTop2 -Thin Client are two applications from the Herndon, Va.-based TCS designed to allow users access to multiple security levels on a single computer while running Red Hat Enterprise Linux. SELinux, or security-enhanced Linux, is a research prototype of the Linux kernel designed by the NSA with enhanced security functionality.
While Gallagher said that Linux had established itself as a viable alternative by 2005, but that process of gaining acceptance took longer than he expected.
"I expected the procurement managers to react more quickly in their evaluations of federal procurement as to the value of open source packages," he said.
Gallagher said that the industry still does not know the value of open source as well as they do the value of current systems, which can hinder further evaluations because the (OSS) features list is not yet as robust as established proprietary formats. However, he said, it was in the long run where the true benefits, including cost savings and security, of open source would be realized.
Red Hat Enterprise Linux v.5 is anticipated to be in general availability from Red Hat in late 2006. However, in compliance with National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11 National Policy, the functionality is available today from TCS as a component of their commercial products.