Linux in Government: DHS Secretary Ridge Gives the Go Ahead to Linux

Like many government contractors, the provider of ERN (Emergency Response Network) Systems maintains a low profile. When you ask the CEO, Jo Balderas, for references she politely says, "the Federal Bureau of Investigation, the Department of Public Safety and the Department of Homeland Security". That's quite an impressive list, and it represents only a few of the company's clients.

When you ask for a technology snapshot Jo says, "currently we use an enterprise open-source software stack known as LAMP (Linux, Apache, MySQL and PHP). We also use an appliance to support rapid deployment and to minimize total cost of ownership. Our roadmap has us integrating the OASIS Common Alerting Protocol (CAP) version 1.0 and Justice XML standards within six months."

CAP enables the exchange of emergency alert and public warning information over data networks and computer-controlled warning systems. Justice XML is evolving into a method for justice and public-safety groups to import and export data from multiple databases and publish it in various formats. Justice XML officially is known as the Global Justice XML Data Model.

ERN Systems has supported the Dallas FBI Emergency Response Network since May 2001, through both the September 11 terrorist attacks and the Space Shuttle Columbia disaster. On September 11, 2001, the FBI used ERN to immediately locate InfraGard personnel to confirm their immediate statuses and any anomalies. Within minutes, InfraGard partners such as American Airlines, EDS, Sabre and members of the banking and defense industry provided status reports and contact numbers. The Dallas FBI began to use ERN to communicate with InfaGard in the post-9/11 investigation period and continues to use it today.

On February 1, 2003, the FBI used ERN during the Space Shuttle Columbia disaster. The crash occurred at 8:05 am. By 8:10 am, FEMA had contacted FBI Dallas requesting a phone number for Johnson Space Center (JSC) in Houston, as no one (FBI, FBI HQ, FEMA, OHS) could reach the published number. FBI used ERN to locate all law enforcement personnel in the Houston area. A Houston intelligence officer provided the cell phone for JSC's Director of Security. By 8:15 am, using ERN, all 800 numbers and JSC instructions were transmitted by the FBI to the public and to first responders.

On June 23, 2004, DHS and the FBI launched the first Homeland Security Information Network-Critical Infrastructure Program in Dallas using ERN. Additional implementations are scheduled to follow in Seattle, Indianapolis and Atlanta. Homeland Security decided to turn the initiative into a pilot program. Each site will operate this year to determine if ERN can become the application for other cities across the country. One might think that ERN's three-year history of reliable and critical performance would prove sufficient evidence.

After spending time with the founders and creators of the ERN project, I quickly realized that they could face a critical political challenge from the vendor lobby. As noted in last week's article, "law enforcement cannot work effectively when the people in decision-making positions in our government fail to empower them. Currently, the evidence points vividly to state CIOs who have failed to implement any of the "value add" they claim to have."

The same possibly holds true now that ERN officially is out of the bag. Will we discover that "the biggest barriers still remain cultural components, legal components [and] political components", as Tom Richey said. Will those components in regional offices of DHS hamper the rapid deployment of ERN? Will using Linux and open-source components require leaders within DHS to put aside their unfounded prejudices and embrace this technology as the multiplier for solving our security problems? Will they put the nation's interests ahead of their loyalties to larger and more influential vendors?

One would expect Red Hat to assist in this effort because the solution uses Red Hat's Enterprise Linux product. With ERN gaining public exposure, will Red Hat recognize this opportunity quickly? It certainly provides the company with a serious entry into this vital area.

One has to wonder if ERN will run into the regional hurdles of DHS because of the special interests. Will decision makers use their standard techniques of "delay and bury", or will they overcome their allegiances to, say, Microsoft? Simply put, will they give ERN a chance to prove itself?

If not, the country will have to ask some hard questions: Can DHS make sound technology decisions by breaking the hold of influence peddlers? Perhaps, we even could re-form the question by asking: Given the rise of other technologies, such as the LAMP stack, can we trust bureaucrats who have made questionable or inferior technological decisions in the past to make better technological decisions in the future? Or will the sway and tug of marketing, "nobody ever got fired for buying IBM" rationale and other reductionist thinking continue to hold?