The U.S. Army has taken the unprecedented decision to release source code from in its cyber arsenal, specifically a version of the Dshell forensic analysis code.
Dshell is a software used by the U.S. Army to detect and profile cyber attacks. It has been used for nearly five years to analyze events and compromises on Department of Defense networks.
The army published the code on public code repository GitHub on Dec. 17, 2014, collecting more than 100 downloads and 2,000 unique visitors to date.
Apparently, the publication of Dshell is not an isolated case, the U.S. Government will make some software public, benefitting from the open source community.
The public disclosure of software could allow peer review of the source code that could improve the development process.
The final intent is to develop software with an improved design, which can ensure a greater reliability and maintainability of the final code, in compliance with standards and best programming patterns.
Every publicly released code is usually included in many other applications, a process that requires continuous improvements to its source code, a natural evolutionary process that allows the updating of the original applications according to changing requirements.
When source code is freely distributed, the community of i users will often discover and correct any vulnerability affecting the product.
William Glodek, network security branch chief with the U.S. Army Research Laboratory, explained that the coming months are crucial for the development of Dshell application:
“The success of Dshell so far has been dependent on a limited group of motivated individuals within the government. By next year it should be representative of a much larger group with much more diverse backgrounds to analyze cyber-attacks that are common to us all.” He said, in a statement. "Outside of government there are a wide variety of cyber threats that are similar to what we face here at ARL.”
The intent behind the Dshell disclosure is to enrich the software with the experience of digital forensic and incident response community in the fight against cyber threats that are becoming even more aggressive and sophisticated.
"For a long time, we have been looking at ways to better engage and interact with the digital forensic and incident response community through a collaborative platform," added Glodek. "I want to give back to the cyber community, while increasing collaboration between Army, the Department of Defense and external partners to improve our ability to detect and understand cyber attacks."
The United States is among the most targeted countries, with its networks facing an impressive number of daily threats. For this reason, defending these networks is considered a primary goal for America’s national cyber strategy.
Many experts speculate that is only a matter of time before a major attack strikes American critical infrastructure, like nuclear facilities or power grids. The U.S. economy and the country’s development depend more than on its cyber capabilities.
The U.S. government is spending billions of dollars per year in cybersecurity to be able to early detect and neutralize cyberattacks. While documents leaked by Edward Snowden reveal a complex defense machine capable of compromising any network, viruses, malware, spear phishing campaigns, and many other advanced attacks are a daily menace to homeland security.
The U.S. government is aware that the country’s overall security depends on the security posture of every citizen. Our society is even more exposed to cyber threats due to the high level of penetration of technology in our lives. Just consider the “Internet of Things” devices that we use daily - from smart TVs to home routers, that could be exploited to run attacks against any government asset exposed on the Internet, including critical infrastructure.
The disclosure of the source code of defensive applications and forensics tools could improve the attack detection. For example, private companies and experts could adopt it to prevent cyberattacks and detect cyber menaces early. The overall security chain could benefit from the US Army Research Laboratory’s decision to release the software as an open source tool.
The U.S. Army has a clear idea of the requirements for its defensive software that must ensure:
All these requirements could be quickly achieved via the code’s disclosure and with the significant contribution of large communities of coders.
Another problem that the U.S. Army, and the IT security industry in general, faces, is a shortage of cyber experts. Similar initiatives could allow government agencies to involve talented hackers and coders in the development of defensive software, a clear opportunity for the U.S. Army to meet high-profile specialists and involve them in designing a new generation of tools for its cyber arsenal. On the other end, cyber specialists have the opportunity to demonstrate their abilities to intelligence agencies.
The learning opportunity for the U.S. Army is huge. How do developers approach software used to detect cyberattacks? What skills do these developers have? What are their backgrounds and which development models have they adopted? The answers to these questions are crucial for the U.S. government and could help build the best career paths for its cyber units and the best development methodologies for mission critical applications.
What is the next step for the U.S. Army?
If you believe that the U.S. government will also publish the source code of offensive applications you’re wrong. In the past I have already discussed the risks related to the militarization of the cyber space, so the availability of source code that could be exploited to run cyberattacks is obviously not possible.
Regarding the disclosure of source code related to other defensive software and forensics tools, I believe the U.S. Army is really keen to involve a large community of coders.
The U.S. government’s objectives include the ambitious development of software that can operate under attack, auto repair itself if targeted by a threat actor, and can respond instantly, minimizing the probability of errors.
A software so complex could be designed by the U.S. government with the support of the open source community, even if that support is only partial.
This means that a small part of the U.S. Army cyber arsenal could benefit from the decision to open source. However, the greater portion of the arsenal will continue to be top secret to avoid providing useful information to attackers.
Pierluigi Paganini is the author of the book “The Deep Dark Web” and founder of the Security Affairs blog.