Information Technology Reference
In-Depth Information
on at the operating system level. I do not know if everyone is aware of this, so excuse
me if you do, but China has recently, in this last year or so, decided not to use Microsoft
products and to start standardising on open source products. Why? They want to be able
to look at the source code, to be able to analyse what is going on at the operating system
level. So I really do not think that that certified closed products are the way to go. I think
that if we are going to use certified closed products, at least there should be some way of
having a look at the source code and having control at a very basic system level, so that it
can be analysed by the NATO community and problems can be shared. I would propose
two things; one that NATO should not only rely on certified systems, but preferably
certified open systems, so that basic system level features can be monitored and verified.
Furthermore, I would suggest that we follow the US NSA (National Security Agency)
lead, that took the Linux operating system base about two years ago and created a secure
version of Linux for use at government level. So I would think that a good thing would
be for NATO to take an open source operating system. Linux is an option, and to take it
to another level, to create a common secure open system to be shared among all the
members.
Uneri
: This is an open source software discussion. My own opinion on this subject is
not very clear. Using open source systems has advantages and disadvantages. And for
closed systems, it is also not right to say that open source systems should be used, as
there are some pros and cons here. I do not believe anyone should look at open source
systems, analyse them, compile them and say that they are secure. And for compiling
open source systems, the compiler should also be an open source. So there are many
problems in using an open source system. I do not want to say that using closed systems
is therefore necessary. But open source systems do not solve every problem. In Turkey
we looked for computer systems divisions and we found that Microsoft is used
extensively by the military. Universities and banks are using Unix or Linux systems. In
NATO also, Microsoft is used very heavily so it is therefore very difficult to change
NATO or other military organisations' operating systems from Microsoft to some open
source system.
Stanley
: On an open source question, let me say that at home I run Linux and at work
I have Linux machines. I am not here to defend Microsoft. Microsoft has given NATO
access to source codes; they have actually got a scheme where they let responsible
countries or agencies have access to any source code they want. You sign a non-
disclosure agreement so if you want to use a source code argument as an excuse then that
can be solved. The China point I think is quite specific. China went to trade talks recently
in Miami and they warned the Americans in particular to open up their markets and
reduce tariffs, etc. The Americans counter-balanced with a demand for a clamp down on
piracy. So I would argue that one of the main reasons that China is looking at open
source is because one of these days they are going to have to start paying licences for
software and open source is free; the argument is an economic argument and not just
about security. The problem is not open sources, but the monoculture. It is the fact that
everybody is running Outlook Exchange. Any bug, virus writers or worm writers target
one operating system. If we switched to a more diverse heterogeneous type system, that
could solve the problem and if we converted completely to open source and everyone
was running Linux then the hackers would start to attack Linux. And if you look at any
CERTs advisory, there are as many bugs and holes in Linux as there are in Windows. It
Search WWH ::
Custom Search