Homeland Open Security Technology (HOST)

The mission of the Homeland Open Security Technology (HOST) program is to investigate open security methods, models and technologies and identify viable and sustainable approaches that support national cyber security objectives. The foundational technology for the purposes of HOST is based on open source software.

Open-source software (OSS) is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also distribute the software. – Wikipedia

HOST program activities include three key areas of focus:

DISCOVERY: The HOST program will investigate new and existing open security projects and techniques that support and protect government cyber assets. This will be achieved in part through the development and sharing of comprehensive, public accessible inventory of open source projects, tools and applications as well as best practices and lessons learned.

COLLABORATION: Coordinating development activities and encouraging working relationships between public and private-sector research and development communities is core to increasing the sustainable use of Open Security Technology. Cross-industry events, designed to serve as platforms for collaboration, are already underway.

INVESTMENT: DHS is committed to providing seed investments in advanced research and development activities that support national cyber security objectives and have the potential to create sustainable project communities. This is achieved in part by enabling broad adoption and participation by public and private-sectors. (See “Suricata” below as an exemplary project).

Host Program Activities

	Suricata Open Source Intrusion Detection System (IDS) Funding for the Suricata IDS project was provided by the Department of Homeland Security’s Science and Technology Directorate and a number of private companies that form the Open Information Security Foundation (OISF) consortium. The OISF is a multi-national group of the leading software developers in the security industry organized to build a next generation IDS engine. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS needs and desires. More information on Suricata can be found at the project web site (http://www.openinfosecfoundation.org/index.php/download-suricata).
	Federal Information Processing Standard (FIPS 140-2) validated OpenSSL Cryptographic Module Library The OpenSSL software is the basis of many, perhaps the majority, of all validated software cryptographic products, but validation of the OpenSSL cryptographic library starting from source code is a first. The Department of Homeland Security’s Science and Technology Directorate has provided funding and guidance to help secure FIPS 140-2 validation for the most current version of the OpenSSL cryptographic module which is made freely available to government and non-government users under an open source license. More information on OpenSSL can be found on their project web site. (http://www.openssl.org/)
	Open Security: Open Source Software’s Role in Government Cybersecurity A presentation given by Dr. Douglas Maughan, director of the DHS S&T Cyber Security Division at the 2012 Palmetto Open Source Software Conference. It covers how open source software fits into the federal cybersecurity strategy and goals of the Homeland Open Security Technology (HOST) program. The presentation is available here.
	Open Source Software in Government: Challenges and Opportunities In 2011, extensive interviews were conducted with a wide range of state, local and federal government information technology professionals, industry experts and others to gain a fuller understanding of how open source is being used in US government today and where the opportunities and challenges lay. The final report is in review and will be released shortly.
	Open Security Catalog The program maintains a catalog of cybersecurity related open source software. The eventual program website will be a central source for this information. A static quarterly updated version of the catalogue is available here.

Host Program News and Update

Cyber Security HOST Project Receives National Honor
Science and Technology Cyber Security Division’s Homeland Open Security Technology (HOST) project was recently awarded the Open Source for America (OSFA) 2011 Government Deployment of Open Source Award. HOST won the award in the category of “Open Source Deployment in Government”. More information on the annual OSFA awards can be found on their web site (http://opensourceforamerica.org/2011/11/awards/)

Mailing List – If you would like to stay current on this program, please contact the program at host@hq.dhs.gov and request to be added to our mailing list.

Upcoming Talks & Events

GFIRST Conference – August 19-24, 2012)

GFIRST Conference is a great place for public and private sector leaders serving in non-technical roles to become familiar with the fundamentals of cybersecurity and incident response. GFIRST is also an excellent resource for practitioners in incident response and information security from the public and private sectors to include: Academia with Cyber Security Specialties, Chief Information Security Officers, Computer Forensic Personnel, Critical Information Infrastructure Owners & Operators, Emergency Managers, Information Technology Directors, Network Administrators, Security Engineers, Software Developers & Managers and many more.

Previous Talks & Events

GovLoop Webinar (June 7, 2012 at 2pm Eastern) – Open Source Software in Government: Challenges and Opportunitie

GovLoop, the Homeland Open Source Technology (HOST) program, and RedHat hosted the GovLoop Webinar on June 7, 2012 at 2PM ET to discuss a recent HOST report. Main topics of the GovLoop Webinar included: Current open source software roadblocks; the state of the collaborative development of software; open source software security; opportunities for open source software in government; and available solutions.

International Conference on Cyber Security – Fordham University, January 2012

REALIZING THE VALUE OF OPEN SECURITY: LEVERAGING THE TECHNICAL, ECONOMIC AND OPERATIONAL BENEFITS OF OPEN SOURCE SOFTWARE TECHNOLOGIES IN SUPPORT OF NATIONAL CYBER SECURITY OBJECTIVES – Protection of our citizenry, critical infrastructure and national security interests from cyber threats requires continual development of advanced technologies, methods and techniques to keep us ahead of the threat curve. As the scope of adversarial threats expand, governmental budget constraints require that we think more with our head and less with our wallet. The Department of Homeland Security’s Cyber Security Division and Science and Technology Directorate have invested in several programs, such as the Homeland Open Security Technology (HOST) program, designed to identify and leverage the technical, economic and operational benefits of the open source software development model in support of national cyber security objectives. This talk will explain the DHS strategic vision as well as provide examples of how and where open source software can serve as a valuable part of a comprehensive cyber security strategy.

Contact US

To learn more about HOST or to get involved, please contact the program at host@hq.dhs.gov