5/18/2004 - Dan O'Dowd, Green Hills Software founder and CEO, issued the white paper “Linux in Defense: An Urgent Threat to National Security.” This paper can be downloaded from www.ghs.com/linux/threat.html.
This is the fifth white paper in a series authored by O’Dowd to address the objections raised by the Linux community to his April 8 speech at Net-Centric Operations Industry Forum (NCOIF). In his NCOIF speech, O’Dowd warned that the insecure nature of Linux and the open source process used to develop it should rule Linux out of consideration for defense applications. In the white paper issued today, O’Dowd explains why this threat posed by the use of Linux in defense systems is urgent and why immediate action is needed in order to protect the integrity of U.S. defenses.
A synopsis of O’Dowd’s NCOIF speech can be read at www.ghs.com/news/20040408_AFEI.html. The prior four white papers in this series are archived at www.ghs.com/linux.html.
“Many major defense programs are planning to rely on Linux for their security, including the Army’s Future Combat System (FCS) and the Global Information Grid, which will connect all future military systems into a single network,” O’Dowd said. “If the security of these systems is compromised there will be dire consequences.
“Given that juvenile delinquents are able to find and exploit Linux security vulnerabilities in their spare time, imagine how easy it is for foreign intelligence and military services with enormous resources. And unlike juvenile delinquents, hostile agents do not revel in their success when they compromise one of our systems; they secretly collect data, passwords, encryption keys, and other intelligence. After a foreign intelligence or military service compromises one of our systems they install a back door so that even if the exploited vulnerability is eventually patched, the system will remain compromised.
“The common argument that it is easy to install security patches in Linux is an admission that so many security vulnerabilities exist that the efficiency of installing patches is an important issue! It is frightening to think that our national defense might become dependent on Linux systems that are always vulnerable to easy attack and subversion. When war breaks out, all of the vulnerable systems and all of the systems that were compromised while they were temporarily vulnerable will go out of service or be commandeered by the enemy. We will be defenseless.
“What we need for critical defense systems is software that is secure all of the time: systems that never need to be patched. We need operating systems like Green Hills Software’s INTEGRITY operating system that can be proven secure by mathematically sound methods like the Common Criteria Evaluation Assurance Level 7.
“Those who say that no one is intentionally inserting malicious code into software that they know is going to be used in military systems or critical infrastructure are not familiar with history. In the early 1980’s, the U.S. Central Intelligence Agency (CIA) inserted Trojan horses and back doors into software that the Soviet Union acquired from the West. A CIA Trojan horse in the software that controlled the trans-Siberia gas pipeline caused a massive explosion. It is incredibly naďve to believe that other countries and terrorist organizations would not exploit an easy opportunity to sabotage our military or critical infrastructure systems when we have been doing the same thing to them for over twenty years!
“It is not too late to prevent Linux from compromising national security. So far, Linux has only been deployed in a few defense systems, but its use in the development of new defense systems is spreading rapidly. That is why we must act now. The only thing necessary for the triumph of evil is for good people to do nothing.”
About Green Hills Software
Founded in 1982, Green Hills Software, Inc. is the technology leader for real-time operating systems and software development tools for 32- and 64-bit embedded systems. Our royalty-free velOSity microkernel, INTEGRITY RTOS, C/C++ compilers, MULTI and AdaMULTI Integrated Development Environments and TimeMachine debugger, offer a complete development solution that addresses both deeply embedded and high-reliability applications. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom.
Green Hills Software, the Green Hills logo, MULTI, INTEGRITY, velOSity, AdaMULTI and TimeMachine are trademarks or registered trademarks of Green Hills Software, Inc. in the U.S. and/or internationally.
North American Sales Contact:
Green Hills Software, Inc.
30 West Sola Street,
Santa Barbara, CA 93101,
International Sales Contact:
Green Hills Software Ltd.
Dolphin House, St. Peter Street
Winchester Hampshire SO23 8BW,
Tel: +44 (0)1962 829820
Fax: +44 (0)1962 890300
Previous Page | News by Category | News Search
If you found this page useful, bookmark and share it on: