Linux is being designed into future U.S. defense system, including the Army's Future Combat System (FCS), the Land Warrior, and the Global Information Grid, which will connect all future military systems into a single network. This spread of Linux into defense systems is cause for serious concern. Linux security is inadequate for defense use. If the systems now under development are deployed with Linux, U.S. national security will be at risk.
The operating system used in a defense system is the foundation of its overall integrity. The operating system controls all a system's functions, communications, and security. If the operating system is compromised, an enemy can spy on, disable, or commandeer the entire system.
The Linux operating system is developed by an open source process-a cooperative effort by a loose association of software developers from all over the world. With the knowledge that Linux is going to control our most advanced defense systems, foreign intelligence agencies and terrorists can easily infiltrate the Linux community to contribute subversive software. The risk is particularly acute since many Linux contributors are based in countries from which the U.S. would never purchase commercial defense software. Some embedded Linux providers even outsource their development to China and Russia.
Who would intentionally introduce malicious code into software that they knew was going to be used in military and critical infrastructure systems? In the early 1980's, the U.S. Central Intelligence Agency (CIA) subverted software that was acquired by the Soviet Union. A CIA Trojan horse in the software that controlled the trans-Siberia gas pipeline caused a massive explosion. It would be incredibly naive to believe that other countries and terrorist organizations would not exploit an easy opportunity to sabotage our military or critical infrastructure systems when we have been doing the same thing to them for over twenty years!
Linux in the defense environment is the classic Trojan horse scenario-a gift of "free" software is being brought inside our critical defenses. If we proceed with plans to allow Linux to run these defense systems without demanding proof that it contains no subversive or dangerous code waiting to emerge after we bring it inside, then we invite the fate of Troy.
One of the greatest misconceptions about Linux is that the free availability of its source code ensures that the "many eyes" with access to it will surely find any attempt at sabotage. Yet, despite the "many eyes," new security vulnerabilities are found in Linux every week in addition to dozens of other bugs. Many of these flaws have eluded detection for years. It is ridiculous to claim that the open source process can eradicate all of the cleverly hidden intentional bugs when it can't find thousands of unintentional bugs left lying around in the source code.
Furthermore, source code inspection will never detect vulnerabilities that are only manifest in a system's executable binary code. Ken Thompson, the original developer of the Unix operating system-which heavily influenced Linux-demonstrated how malicious code could be architected to be undetectable at the source code level. He installed a back door in the binary