Linux and National Security

By Dave Wreski

As the open source industry grows and becomes more widely accepted, the use of Linux as a secure operating system is becoming a prominent choice among corporations, educational institutions and government sectors. With national security concerns at an all time high, the question remains: Is Linux secure enough to successfully operate the government and military's most critical IT applications?

The United States government sure thinks so. A recent survey conducted by the Mitre Group found 251 Department of Defense deployments of Linux and other open source software. Not only is the United States government sponsoring hundreds of open source projects, it has been reported that open source applications have become major components in the IT infrastructure at the Pentagon.

Proprietary software advocates are currently stirring a debate on whether using Linux in matters of national defense is appropriate. It is their opinion that the availability of the source code for open source applications and the unknown origins of the code can lead to subversive content being deliberately placed into critical codes and putting the security of our entire country at risk.

What makes this debate illogical is the fact that there is not a single mainstream operating system, proprietary or open source that in its current state should be used to ris and vulnerability assessment before it will even be considered for testing. To imply that our government has not considered the risks of Linux and other operating systems alike and is using insecure infrastructures of any kind is to insult the intelligence and capability of our government and military to protect its citizens.

Linux is not an invitation for IT terrorism, but quite possibly a first step towards preventing it. Linux incorporates a "defense-in-depth" approach to security, meaning robust security measures are implemented at every level of development and deployment. Not relying on obscurity, like closed-source counterparts, Linux truly focuses on the security of the system and its capabilities and strengths continue to improve, surpassing those of proprietary vendors like Microsoft.

-Dave Wreski, CEO Guardian Digital, Inc.
Edited & Prepared by Alison Parker

This story originally appeared in the May 2004 issue of Behind the Shield. For more information on Behind the Shiled please visit: