Homeland Open Security Technology (HOST)

The mission of the Homeland Open Security Technology (HOST) program is to investigate open security methods, models and technologies and identify viable and sustainable approaches that support national cyber security objectives. The foundational technology for the purposes of HOST is based on open source software.

Open-source software (OSS) is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also distribute the software. – Wikipedia

HOST program activities include three key areas of focus:

Magnify Glass Icon DISCOVERY: The HOST program will investigate new and existing open security projects and techniques that support and protect government cyber assets. This will be achieved in part through the development and sharing of comprehensive, public accessible inventory of open source projects, tools and applications as well as best practices and lessons learned.
Group Icon COLLABORATION: Coordinating development activities and encouraging working relationships between public and private-sector research and development communities is core to increasing the sustainable use of Open Security Technology. Cross-industry events, designed to serve as platforms for collaboration, are already underway.
Dollar Sign Icon INVESTMENT: DHS is committed to providing seed investments in advanced research and development activities that support national cyber security objectives and have the potential to create sustainable project communities. This is achieved in part by enabling broad adoption and participation by public and private-sectors. (See “Suricata” below as an exemplary project).

Host Program Activities

Suricata Open Source Intrusion Detection System (IDS)
Funding for the Suricata IDS project was provided by the Department of Homeland Security’s Science and Technology Directorate and a number of private companies that form the Open Information Security Foundation (OISF) consortium. The OISF is a multi-national group of the leading software developers in the security industry organized to build a next generation IDS engine. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS needs and desires. More information on Suricata can be found at the project web site (http://www.openinfosecfoundation.org/index.php/download-suricata).

Federal Information Processing Standard (FIPS 140-2) validated OpenSSL Cryptographic Module Library
The OpenSSL software is the basis of many, perhaps the majority, of all validated software cryptographic products, but validation of the OpenSSL cryptographic library starting from source code is a first. The Department of Homeland Security’s Science and Technology Directorate has provided funding and guidance to help secure FIPS 140-2 validation for the most current version of the OpenSSL cryptographic module which is made freely available to government and non-government users under an open source license. More information on OpenSSL can be found on their project web site. (http://www.openssl.org/)

Research Report: Lessons Learned: Roadblocks and Opportunities for Open Source Software (OSS) in U.S. Government
In 2011, extensive interviews were conducted with a wide range of state, local and federal government information technology professionals, industry experts and others to gain a fuller understanding of how open source is being used in US government today and where the opportunities and challenges lay. The formal report is in review and anticipated to be released by the DHS Spring of 2012.

OpenCyberSecurity.org (OCS) and Open Security Inventory
OCS is a public web site that provides news and information on open security technologies and is designed to inform Federal, state, and local government employees. The OCS site maintains a searchable inventory of cybersecurity related open source software. The website will also be a central source of information on HOST program activities and events. OCS is currently scheduled for launch in spring of 2012.

Host Program News and Update

Cyber Security HOST Project Receives National Honor
Science and Technology Cyber Security Division’s Homeland Open Security Technology (HOST) project was recently awarded the Open Source for America (OSFA) 2011 Government Deployment of Open Source Award. HOST won the award in the category of “Open Source Deployment in Government”. More information on the annual OSFA awards can be found on their web site (http://opensourceforamerica.org/2011/11/awards/)

Upcoming Events

Conference Keynote: Douglas Maughan, S&T Cyber Security R&D Director and HOST program executive, will keynote at the Palmetto Open Source Conference in Columbia S.C. during the March 27, 2012. Details will become available on the conference web site (http://posscon.org)

Hold the Date! HOST Event: Open Cyber Security Conference East, May 8, 2012, Washington D.C. Venue TBA.

Hold the Date! HOST Event: Open Cyber Security Conference West, May 30, 2012. Menlo Park, CA, SRI Headquarters.

Contact US

To learn more about HOST or to get involved, please contact the program at host@hq.dhs.gov