The White House today announced its Cybersecurity National Action Plan (CNAP), which includes a series of steps and programs to enhance cybersecurity capabilities within the Federal Government and across the country. In the proposal, the White House announced collaboration with The Linux Foundation’s Core Infrastructure Initiative(CII) to better secure Internet “utilities” such as open-source software, protocols and standards.
We are pleased The White House recognizes the work that CII has been doing to improve the security of open source software as it’s used on the Internet and by business and government. We look forward to working closely with the White House and the Department of Homeland Security as they implement CNAP and believe that private-public partnerships of this kind can have a major impact on improving security best practices.
From today’s announcement:
Even as we work to improve our defenses today, we know the Nation must aggressively invest in the science, technology, tools, and infrastructure of the future to ensure that they are engineered with sustainable security in mind.
The Government will work with organizations such as The Linux Foundation’s Core Infrastructure Initiative to fund and secure commonly used internet “utilities” such as open-source software, protocols, and standards. Just as our roads and bridges need regular repair and upkeep, so do the technical linkages that allow the information superhighway to flow.
Open source software is running the world. Facebook, Amazon, Twitter and an increasing number of companies are using Linux and other open source software to build innovative products like GoPro, Blockchain technology and more. The world’s largest banks and data centers and the Internet we all use to connect with everything and everyone are running Linux and other open source software.
But while this success has accelerated technology development and reduced cost, very little has been done to support the developers running some of the world’s most important projects – OpenSSL, GnuPG, OpenSSH, NTP and more – the projects that make up the roads and bridges referenced in the action plan but that most of us have never heard of.
We must make sure dollars, support and resources are funneled to the technologists building and maintaining the critical software that touches all our lives every day. The challenge is a complex one, as software that can operate at Internet-scale is difficult to write and maintain.
CII is responding to the chronic underinvestment that has endangered core Internet technologies. Many of these technologies are open source software projects developed by one or a handful of developers that have over time become the essential infrastructure of the Internet and modern commerce. In the 18 months since it was launched, CII has demonstrated that its community-focused mix of investment, tooling and advocacy is producing dramatic results.
And while some projects have received acceptable funding and attention, other critical open source projects remain under-resourced. These weak links represent risks that need to be resolved for the Internet to continue its growth.
An excerpt from today’s plan sums it up just right: “If we’re going to be connected, we need to be protected. We need to join together—Government, businesses, and individuals.”