Low salaries, background checks hinder FBI’s cybersecurity recruitment
July 31, 2015
The FBI cannot compete with the private sector when it comes to attracting top cybersecurity talent, according to a new FBI OIG report.
Barack Obama could be the first U.S. president to fork your code.
With recent attempts from the White House to bring a more agile approach to government technology, U.S. Chief Information Officer Steven VanRoekel's "Shared First" initiative, released in December, coupled with the federal government's new digital strategy, the door may slowly be opening to a more widespread public sector collaborative coding environment, such as the one provide by San Francisco-based startup GitHub.
"We're standing up GitHub at the White House to put our stuff up there," VanRoekel told the crowd at TechCrunch Disrupt in New York City during the launch of the White House digital strategy in May.
Founded in 2008, GitHub allows developers to upload and provide code freely available to other members of the community, who can then re-purpose or "fork" it, for projects of their own. According to the site, more than 1 million people have shared 3 million code contributions, also know as repositories. Services available include a limited, free account to enterprise offerings for organizations interested in hosting their own collaborative coding environment.
Most recently, the idea of a "shared platform" powered by "open source communities" has emerged in the digital strategy document, "Building a 21st Century Platform to Better Serve the American People":
To make the most use of our resources and "innovate with less", we need to share more effectively, both within the government and with the public. We also need to share capacities to build the systems and processes that support our efforts, and be smart about creating new tools, applications, systems, websites and domains. Ultimately, a shared platform approach to developing and delivering digital services and managing data not only helps accelerate the adoption of new technologies, but also lowers costs and reduces duplication. To do so, we need to rapidly disseminate lessons learned from early adopters, leverage existing services and contracts, build for multiple use cases at once, use common standards and architectures, participate in open source communities, leverage public crowdsourcing, and launch shared government-wide solutions and contract vehicles.
Early federal government GitHub adopters include the Federal Communications Commission, NASA and the Consumer Financial Protection Bureau. The Open Government Platform, a joint open source project between the United States and India, recently made the Data.gov code source available at GitHub. Other federal agencies who have established official accounts, but have yet to contribute, include the U.S. Geological Survey and USA.gov.
"We decided to use GitHub as our code repository for a couple of reasons. GitHub and Git are familiar to a lot of developers, and GitHub has a growing community," said Data.gov Chief Software Architect Chris Musialek. "Git makes it really easy to 'fork' someone's code and provide enhancements back to the project, which encourages participation from a wider audience. It also has a nice interface on top of Git with additional, useful features such as the ability to view committed code and customize your project's page."
Although most agencies have yet to jump on the GitHub bandwagon, government is no stranger to collaborative coding or the idea of an officially centralized platform.
The Defense Department launched Forge.mil in 2009 specifically for military-based open source projects. The Component Organization and Registration Environment, better known as CORE.gov, was an earlier attempt by the federal government that was subsequently abandoned.
"This kind of inter-, intra-, and extra-agency collaboration using the open source model is already finding success throughout the government, including the Veterans’ Administration Open Source VistA program, the National Security Agency’s SELinux project, and the OMB’s own data.gov," wrote Open Source for America on its blog in February in response to "Shared First."
The debate on whether government needs to build its own repository when viable options such as GitHub and SourceForge are available center around easy access to code and security.
Creating a simple directory for government code, much like Data.gov has done for data, would make it easier to find development projects from other agencies, as would including simple add-on links located at [agencyname].gov/developer pages established in the new digital strategy. This would allow agencies the freedom to select a repository of their choice and link out without forcing the entire federal government to adhere to one platform.
Other options to aid code findability include having the Office of Management and Budget establish a simple directory that links to those pages for easier access for developers. GitHub and SourceForge could also do their part by authenticating government accounts and creating directories on their own sites, such as gov.github.com.
Starting with a "federated source code community" could resolve security concerns and help government get more comfortable with the idea of publicly sharing its code, said CFPB Acting Deputy CIO Matthew Burton.
"Security will always be one of the core drivers of every federal IT decision, as it should be. In fact, I think the primary benefit … would be the security it affords over public sharing," he said.
"It would allow agencies to dip their foot into the pool and start sharing code with one another, without openly exposing that code to the rest of the world. Easy, government-wide sharing would be a huge--and probably essential--first step in encouraging code sharing with the general public."
Whether it relates to preserving intellectual property or lost revenue opportunities, another hurdle to optimal code sharing and collaboration concerns contractor reticence to actively engage in an open source environment. Given that a large portion of federal government coding is done by contractors, this poses a challenge resolved by either establishing open source policies or working with industry on an amenable solution.
CFPB's new open source policy, published in April, explicitly states that "software source code written entirely by CFPB staff, and by contractors who are developing software on behalf of CFPB, is by default a public domain work."
To encourage contractor collaboration, John Scott, co-founder of the military open source website Mil-OSS, recommends initiating a public conversation that allows government and industry to discuss "what they need and what they want." This could be done through a formal survey and open ideation forum, as has been the case with other federal initiatives.
As the White House "Shared First" strategy states, "This reflects a crawl, walk, run approach in terms of dealing with the complexity of implementing shared IT services and allows agencies to gain proficiency in areas that represent 'low hanging fruit.'"
For the federal government developer community, the White House's new approach to IT, coupled with collaborative coding environments like GitHub, open source code could soon be ripe for the picking.