From: www.itworld.com

Linux in government

by Rick Cook

March 23, 2001 —

Nearly every month, there are more reports of federal, state, and local governments in the United States running Linux on new applications. Based on the anecdotal evidence, Linux is everywhere.

But the few surveys that have been done about Linux in government tell a somewhat different story. Apparently, the success of Linux in government is rather relative. According to IDC, over 25 percent of the federal computing installations it surveyed in 1998 used Linux somewhere in the organization. That was nearly twice the overall Linux use of computing departments nationwide: 16.6 percent of large companies and 12.2 percent of medium-size companies said they used Linux in some capacity. That difference is significant, but not as good as the news stories seem to suggest.

The findings of Government Computer News -- a trade publication that covers federal, state, and local governments -- are even less encouraging. In its most recent survey of LAN administrators in the federal government, the publication found that Linux use increased by about 10 percent in 1999. That was three times the growth of Unix use, but Linux started from a much smaller base. The survey also found that the dominant operating system was Windows NT Server; about two-thirds of LAN administrators used it.

The US Postal Service uses more than 900 Linux-based systems to recognize destination addresses and extract routing information from them using OCR (Optical Character Reading) technology. Each installation consists of five dual-Pentium-Pro 200-MHz computers and one single-Pentium-Pro 200-MHz system, all running Linux.

Of course, researchers for a number of agencies use the Linux-based Beowulf architecture to build supercomputers for a variety of research projects. Last October, the National Oceanic and Atmospheric Administration's (NOAA) Forecast Systems Laboratory in Boulder, Colo., signed a contract with High Performance Technologies to build a Beowulf computer using 277 Compaq Alpha workstations. The cluster is 20 times more powerful than the labs' old system. The new computer will supplement two existing Linux-based cluster systems that have been used at the laboratory for some time.

State and local use

Although state and local governments widely use Linux, the statistics are even harder to pin down than those for the federal government. According to Marty Wesley, enterprise product manager for Red Hat, Linux is being adopted at all levels of government, but federal agencies are more likely to implement it than state or local agencies. "We're seeing a lot of infrastructure deployment," Wesley said. "Things like Web servers and applications development."

Still, there are many examples of Linux in state and local governments. The New Jersey State Police use Linux on Web servers and network fileservers. The network fileservers use Samba and NFS servers to support networks of PCs and Unix systems. Texas's Dallam County uses Linux and the Apache Web server to power its Website. The Teachers Retirement System of Georgia is testing Linux to run some of its storage and application servers, as well as its intranet.

Why government likes Linux

Linux's low price is attractive to all levels of government: not because government agencies don't have the budget (although a lot of them don't), but because their procurement process for larger purchases is notoriously cumbersome. It can take weeks, months, or even years to approve new software or hardware, and it requires a tremendous amount of paperwork and IT staff time. If you need to get a project up and running, it's a lot easier to grab an obsolescent desktop computer and a copy of Linux, download some open source applications, and get cracking.

Another major boon to Linux in government agencies is the growing desire to "Webify" government functions. Wesley said that is particularly true of the federal government. "Federal agencies are mandated to do more to provide better access, more information and such," he said. "Oftentimes their budgets aren't raised accordingly. A lot of the time the easiest way to deploy that is through the Web infrastructure."

Government agencies -- from courts to building departments -- have discovered it is easier and cheaper to have clients get information on the Web, or to make applications and such, than to do it the old-fashioned way. For example, if you apply for a building permit on the Web, your information comes to the building department already in electronic form. That saves time in data entry and saves counter time for the clerk who checks in the documents. Most US government subdivisions now have their own Webpages, as do a great many government departments. And, of course, if you're running on the Web, there's an excellent chance that you're running Linux.

Resources

• Red Hat homepage:
  
  http://www.redhat.com

• Secure Computing homepage:
  
  http://www.securecomputing.com

• Secure Computing's FAQ on the NSA Linux project:
  
  http://www.securecomputing.com/archive/press/2000/nsa_faq_type_enf_linux.html

• A brief discussion of Linux's Posix compliance, and patches to help bring it into compliance with Posix.1b realtime features:
  
  http://hegel.ittc.ukans.edu/projects/posix/

• A patch for Posix access control lists in Linux:
  
  http://acl.bestbits.at/

• Markus Kuhn provides a pretty good explanation of the Posix realtime features in the Linux kernel archive:
  
  http://www.uwsg.iu.edu/hypermail/linux/kernel/9607.3/0487.html

• Defense Information Infrastructure Common Operating Environment homepage:
  
  http://diicoe.disa.mil/coe/coeeng/REFERENCE_PAGES/RefMaterial.htm

• The New Jersey State Library Technology Plan:
  
  http://www2.njstatelib.org/njlib/tecnjsl2.htm

• A rundown of the New Jersey State Police's use of Linux:
  
  http://www.m-tech.ab.ca/linux-biz/njsp.html
  

Compliance kinks

Although governments at all levels are widely adopting Linux, it still faces challenges; one, especially at the federal level, is that Linux doesn't comply with several standards. The problem is particularly acute because government agencies are notorious for setting hard and fast procurement policies and sticking with them, even when they rule out more capable, cheaper products.

For example, many nations, including the US, Canada, and most European countries, have agreed on a set of common criteria for evaluating information security. Those nations evaluate products against the Common Criteria Evaluation (CCE) and rate them accordingly. All the countries have agreed to accept another country's CCE of a piece of software. Unfortunately, the CCE requires some security features that Linux doesn't have. While Linux is hardly insecure, it was designed using the Unix-in-the-university model and lacks some features considered vital by the Common Criteria process.

"Linux does not have strong user accountability built into it," said Dr. Tom Haigh, chief technical officer for Secure Computing, a San Jose, Calif., firm that specializes in secure operating systems. "It is not up to the standards in the protection profiles."

Secure Computing is building a secure version of Linux for the National Security Agency using type enforcement, which is, according to Haigh, a proprietary technology that labels processes and data objects and allows applications to access only appropriately labeled items. Haigh said type enforcement is different from the standard Unix and Linux "discrete" security model, in which access to processes and data is determined by the user's security privileges. For example, a process is denied any improper access to a data object, regardless of what user is running the process. Thus, the danger of security problems resulting from user error drops. "The object is to put in place a mandatory mechanism to force security policies to maintain the integrity of applications," said Haigh.

Secure Computing intends to release as open source the kernel modifications and basic policy engine for type-enforced Linux, although the company will keep its own policy engines proprietary.

Haigh said Secure Computing is not attempting to produce a version of Linux that will meet the CCE's standards, although the type-protected Linux should be extremely secure. Developing a version of Linux that meets the Common Criteria probably would not take much work. But so far, Haigh said, no one has done it.

The practical effect of not being Common-Criteria-compliant is an open question, Haigh said. "CCE is just starting to take off now. A significant number of products have not been through evaluation. At this time it's probably fair to say there's not a lot of significance." However, he said, this is likely to change over the next several years. "The US DOD has already said for some sorts of products, firewalls particularly, they will require CCE in the next year or two," Haigh said. "As requirements like that become more common, it could become quite significant."

Linux's Posix compliance presents a more peculiar question. While Linux is generally considered Posix-compliant, it doesn't meet all the latest Posix requirements.

According to Marty Wesley, enterprise product manager for Red Hat, the problem is that Posix compliance is a moving target; the Posix standard has been altered over the years. There are now two major parts of the Posix standard, Posix.1 and Posix.2 -- also known by their IEEE standards names, 1003.1 and 1003.2. Each is subdivided into parts that deal with different issues, labeled 1a, 1b, and so on. Posix.2 supplements, rather than replaces, Posix.1.

Although Posix compliance was desired in Linux's early days, Linux was always compliant only at a very basic level (like Windows NT). Part of the reason for that was Linus Torvalds's decision that Linux wouldn't even try to meet Posix requirements that were obviously dumb. Between the original decisions and the advances in Posix, the Linux kernel currently doesn't meet the Posix standards for a number of features, Wesley said. Those features include the regular expression matcher, global semaphores, global conditional variables, and message queues. There have also been recent extensions to the Posix thread requirements related to multithreading, in the areas of signal handling and getpid.

"In all, it's about 90 percent there," Wesley said. "[Meeting] the rest of them would require some work but [our people] don't think it would be an extreme amount." In fact, a number of people have contributed patches to make some additional features of Linux Posix-compliant. (See Resources for links to those patches.)

Unlike the Common Criteria situation, the lack of full Posix compliance already affects federal agencies' adoption of Linux, particularly in the Department of Defense (DOD), which has established a Defense Information Infrastructure (DII) as a roadmap for its IT future. The DII is built around Linux, but because Linux isn't fully Posix-compliant, the DOD often doesn't use Linux for DII applications.

Finally, Wesley said there are some standards Linux can never meet. The classic example is ISO 9000, which certifies the way products are developed and produced, rather than the products' characteristics. "ISO 9000 pertains to the processes around the development of the product," Wesley said. "With open source development, there's no way to meet it."

That is a problem because government and industry are increasingly accepting certification under the ISO 9000 family of standards as a hallmark of quality. In fact, it is no such thing. ISO 9000, and related standards like 9001 and 9002, guarantee that the process will be well documented, but not that the product will be any good. The Firestone tire factories that churned out millions of defective tires displayed signboards proclaiming they were ISO-9000-certified. Less extreme examples abound.

That probably means that over the next couple of years, the Linux community will have to develop distributions of Linux that meet those standards. That will require Linux developers to do a good deal of work, but Linux's modular structure will make it a lot easier. And it'll mean the rest of us won't have to worry about whether Linux is compliant.

LinuxWorld.com