The Homeland Open Security Technology (HOST) program’s mission is to investigate open-security methods, models and technologies and identify viable and sustainable approaches that support national cybersecurity objectives based on open-source software. The HOST program focuses its activities on three key areas.
- Discovery -- The HOST program investigates new and existing open-security projects and techniques that support and protect government cyber-assets.
- Collaboration -- Coordinating development activities and encouraging working relationships between public- and private-sector R&D communities is core to increasing the sustainable use of open security technology.
- Investment -- DHS is committed to providing seed investments in advanced research and development (R&D) activities that support national cybersecurity objectives and have the potential to create sustainable project communities.
Motivation
Cyber-threats are continuously adapting to defenses, requiring government and the broader cybersecurity community to constantly pursue innovative new approaches. For governments at the federal, state, and local level to successfully do this, they have to broadly engage the market to examine all potential solutions and have processes in place to quickly acquire and deploy new technologies. This approach is challenging though, due in part to the specialized certification and procurement requirements of government, which in turn limit the pool of available solutions. Reductions in funding dedicated to information technology and security will only make it more challenging to keep abreast with continually advancing cyber-threats.
Approach
HOST serves to facilitate public- and private-sector collaboration to identify and harness the technical, economic and administrative benefits of open-source technologies that support national cybersecurity objectives and can be shared at no additional cost across government agencies at all levels.
Currently, HOST work is focusing on developing an open-source tool that creates documentation to support decision makers implementing the Federal Information Security Management Act (FISMA) requirements and the NIST Risk Management Framework Authorization and Accreditation (A&A).
Performer
GovReady Public Benefit Corporation (PBC): GovReady enables developers to select apps from a compliance store that interact to automatically assemble complete A&A packages. Apps represent technical components and organization processes. GovReady’s open-source Expert System uses the apps to interactively teach security and ask simple questions about software and systems.
Resources
For the latest information about S&T Cybersecurity, visit the S&T Cybersecurity News, Publications, Videos and Events pages.