Proceedings: Open Cybersecurity Summit 2012

Last fall the Bryant Group led the production of the first annual Open Cybersecurity Summit.

The event was underwritten by the Department of Homeland Security Science and Technology Division (DHS S&T), Cybersecurity Division and delivered by Georgia Tech Research Institute (GTRI), the Homeland Open Security Technology program (HOST). The HOST program was created to explore, invest in and share potential solutions developed and distributed as open source software tools and applications.

The proceedings have been available to attendees for some time, but are public and available to any interested parties.  It was a first of a kind event so far as we know, with an emphasis on the use of Open Source Software tools and applications as well as related best practices in the Cybersecurity space. You can download the full DC Summit Proceedings 2012, or visit the archived conference site.

We expect the next summit to be announced later this spring.

summit

Summit Agenda

Morning

8:00 a.m. | Registration

9:00 a.m. | Summit Welcome

Keynote: “Crowds, Clouds, and Spies”

Speaker: Stewart A. Baker, former DHS Assistant Secretary for Policy, author and partner at
Steptoe & Johnson LLP

10:00 to 10:30 a.m. | General Session

“OWASP – The World’s Largest Open Source Web Application Security Project”

Speaker: Dave Wichers, Open Web Application Security (OWASP) board member and
COO and Co-founder, Aspect Security Inc.

10:30 – 10:45 a.m. | Break & Poster Sessions

10:45 a.m. – noon | Panel “Open Source and Cybersecurity: Building Trust and
Interoperability”

• Panelists: Matthew Scholl, Deputy Division Chief, Computer Security Division and
Associate Director of Operations for the NIST National Cybersecurity Center of
Excellence.
• Luke Berndt, Program Manager, Department of Homeland Security, Science and
Technology (S&T) Division
• Moderator: Mark Bohannon, Vice President, Corporate Affairs & Global Public
Policy, Red Hat.

Noon to 1:00 p.m. | Lunch Break & Poster Sessions

Afternoon

1:00 2:30 p.m. Panel: “Government as the Consumer and Creator of Open
Cybersecurity”

• Panelists: Dr. David A. Wheeler, Analyst, Institute for Defense Analyses
• Joshua Davis, Georgia Tech Research Institute (GTRI) Associate Branch Head, Cyber
Security Lab and Principal Investigator for the Homeland Open Security Technology
(HOST) program
• Joe Broghamer, Lead, Authentication Technologies, U.S. Department of Homeland
Security, Immigration and Customs Enforcement (ICE) Office of the Chief
Information Officer, IAD

2:30 – 2:45 p.m. |Break & Poster Sessions

2:45 – 3:50 p.m. | Lightning Talks

• Adding Real-time File Analytics to the Open Source Suricata Platform; Harold
Jones, BAE Systems
• Fostering an Innovative Smart Card Environment; Peter Fucci, Safer Institute
• Identity Management: Linux and Active Directory integration; Dmitri Pal, Red Hat
Inc.
• Open Source Software Verification and Validation; Philip Marshall, Black Duck
Software
• XenClient XT: The Extensible Platform for Secure Virtualization; Philip Tricca, Citrix
Systems
• Drupal Security Controls for Government Sites; Greg Wilson, Phase 2 Technology

3:50 – 4:00 pm | Closing Comments

Speaker: Dr. Douglas Maughan, Director, DHS S&T, Cyber Security Division

4:00 – 5:00 p.m. | Networking & Poster Sessions

Get on the (Hacker) Bus.

I recently returned from the Thirteenth International Forum for Free Software (FISL) in Porto Alegre Brazil.  With an attendance of about 8,000 this year, it is the largest tech conference in South America and likely the largest free/open source conference in the world.  I was fortunate to have attended representing OSI and presented a keynote on free and open source software and its civic and social impact around the world, and a second session on Economic Development.

The Brazilian government – with great grassroots support – was a pioneer in the use of free software as an economic development strategy, and also to bridge the digital divide by lowering the barrier to access to technology.  Today the government’s involvement has shifted in some respects, and community leaders from a number of Latin American countries are debating in general the pros and cons of government partnership in their FOSS initiatives.

The “Hacker Bus” project – pictured above behind myself and colleague Paulo Mierelles from the University of Sao Paulo FLOSS Competency Center – really impressed.  Getting technology and “Hacktivism” out into undeserved areas makes for a fantastic program.
You can read more about the project on The Next Web  published during last year’s conference.

Up Next: Open Source Initiative Board of Directors

Chicago’s lakefront. Photograph: Richard Cummins/Corbis

I’m headed to Chicago.  No, not a delegate to the NATO Summit, but expect to share the same traffic jams.

This weekend thirteen Open Source Initiative (OSI) directors meet face-to-face in Chicago.  Three directors are recently elected, myself included, and a full agenda awaits.

If you’re not familiar, here’s the nutshell background:

The Open Source Initiative (OSI) is a non-profit corporation with global scope formed to educate about and advocate for the benefits of open source and to build bridges among different constituencies in the open source community.

One of our most important activities is as a standards body, maintaining the Open Source Definition for the good of the community. The Open Source Initiative Approved License trademark and program creates a nexus of trust around which developers, users, corporations and governments can organize open source cooperation.

The most pressing issue for the board today is moving the organization from a self-appointed group of volunteers to that of a member-driven organization, no small task, but an important one if OSI is to become most relevant.

– Deb Bryant

The Consumer Financial Protection Bureau Source Code Policy: Open and Shared

On April 6th, 2012 the U.S. Consumer Financial Protection Bureau (CFBP) rolled out their brand new Source Code Policy, setting the direction for their agency to consume and contribute to open source software.

As a brand new agency, CFBP is in the enviable position of creating their technology road map on a while sheet of paper.  No legacy systems, no legacy contracts, no legacy skill sets; not your frequent scenario in the federal government.  Unburdened by existing IT operations and entrenched processes based on outdated policies they were free to envision a fresh approach that reflects and supports their public trust mission.

We use open-source software, and we do so because it helps us fulfill our mission.

When we build our own software or contract with a third party to build it for us, we will share the code with the public at no charge.

They may have had the new guy advantage, but they’ve done some great work that makes it easier for other agencies to model.  CFPB has crafted a clear, concise policy for its use and then shared it broadly.  They follow in the footsteps of the Department of Defense, which began producing and refining policy for their agency personnel in this area a number of years ago.  CFPB hopes other agencies will find the policy useful as a reference model and to that end have also shared it on GitHub Gist.

I’ve been privileged to have collaborated with the agency’s chief architect of the policy Matthew Burton over the past five years or so.  I met Matthew about the time he authored a great essay entitled Why I Help the Man (and why you should too) and worked on a project (“Open Intel”) for the U.S. Department of Energy.  Congratulations to Matthew and the team at CFPB for their thoughtful work and leadership in this policy area, and for their creativity in making it a public asset.  And I have to add….thanks for making it one of the easiest reads ever for a federal IT policy.

You can read Matthew’s full official post on the publication of the policy on the agency web site.

Coming up: Open Source & Cybersecurity at POSSCON March 28-29, 2012

One of my favorite projects I have the good fortune to be contributing to was created by the US Department of Homeland Security Science and Technology Directorate (DHS S&T – the equivalent of the R&D arm of the agency).  It’s called the HOST program (Homeland Open Security Technology).

Joining me at the upcoming Palmetto Open Source Software Conference (POSSCON) on March 22-29 will be my HOST colleagues from  DHS, Georgia Tech Research Institute, OSSI, and other government experts like John Scott (most recently co-authored “Open Technology Development: Lessons Learned & Best Practices for the Military”.

The program does a number of things, but the main thrust is to help get open source cyber security tools in to the hands of federal, state and local agencies wherever it makes sense. The path that leads there includes creating some useful educational tools and making small, strategic investments to help make that possible.

If you’re interested in Open Source, the POSSCON event has grown into a must-attend.  If you’re interested in security, please come join us.  We’ll be there to….

Columbia, South Carolina serves up big heaps of southern hospitality to conference participants every year.  This is my fourth year to make the pilgrimage there.  If you can attend, I promise you won’t be disappointed.  And if you do, please come say hello.