Government ICT Strategy: Open Source

Tariq Rashid, Home Office May 2012

Big Small Print

Please note: Nothing I say prejudges the outcome of the ongoing Open Standards Consultation.

If I mention open standards - it is for discussion and debate.

We genuinely want to hear your views and evidence.

Please take part in the Consultation.

18/05/2012 Open Source 2

HMG ICT Strategy 2011 some themes

Public Sector Networks SMEs

ICT Strategy 2011

Suppliers End User Devices

Strategic Implementation Plan

Cloud

Open Source Open Standards Capability

18/05/2012 Open Source

Procurement Commercial

HMG ICT Strategy 2011 some themes

Public Sector Networks SMEs

ICT Strategy 2011

Suppliers End User Devices

Strategic Implementation Plan

Cloud

Open Source Open Standards Capability

18/05/2012 Open Source

Procurement Commercial

What is Open Source Software?

Its just software like any other ... Defined by its license. Open Source licenses guarantee:

Freedom to use it in any way you want

Freedom to redistribute it (reuse)

Freedom to access to source code, and modify it

(Obligation) to share improvements built on the work of others

18/05/2012

Open Source

Impact of Open Source Licenses

Reuse
encouraged

Lower barriers to entry for SMEs, citizens

Innovation, flexibility, integration

Darwinian evolution

open source

Price to 0

Open standards No monopoly

over supply, support, services

Transparency
around bugs

18/05/2012

Open Source

Open Source Highlights

Wikipedia, Google, Facebook, New York Stock Exchange, London Stock Exchange, Citrix, Apple, Juniper, IronPort, Yahoo, NetApp, VMWare, Youtube, Flickr, Amazon, Whitehouse.gov, CIA/FBI.gov, CERN (16000 VMs), USDoD, Guardian, Disney, Cisco, French Air Force, US Navy ....
18/05/2012 Open Source 7

The Problem

18/05/2012

Open Source

New Approach not just top down

18/05/2012

Open Source

Open Source Surgeries

opensource@homeoffice.gsi.gov.uk

18/05/2012

Open Source

10

Some Potential Barriers to Open Source

Skills Experience Security Myths Skills Experience

Systems Integrators

Procurement Process

Government Customer

Supplier Mix

Commercial Design Requirements Disciple

Open Architectures

Risk Bundling

Culture

More?
18/05/2012

... ongoing effort to identify barriers

Open Source 11

Action Plan
HMG ICT Strategy: Open Source Implementation Plan
Implementation Strand
Activity Product Existing Resources Dependent Resources Delivery Date Version 0.9 12-Aug-11 1 2.1 2.11 2.12 2.13 2.14 2.14.1 2.15 2.16 2.17 2.18 2.3 2.4 2.5 2.6 4.1 4.2 5.1 5.3 6.3.0 6.3.1 6.6 6.7 11 13 1.2 1.4 1.5

Material
Publish Toolkit: (1) Guide for Procurers Publish Toolkit: (2) OSS Option Catalogue Publish Toolkit: (3) OSS Assessment Critera Publish Toolkit: (4) FAQs Publish Toolkit: (5) CESG Guidance GPG-38 Publish Toolkit: (5a) CESG 2 page summary of GPG-38 published externally Publish Toolkit: (6) PPN and guidance on secure use and OSS licenses for HMG software Publish Toolkit: (7) PPN and guidance on external commercial use of HMG software and OSS route Publish Toolkit: (8) Policies & Processes Publish Toolkit: (9) Implementation templates Update SFIA skills framework to cover essential skills, open standards, and additional skills, open source. Update "Technology in Business" programme to cover commercial, technical, economic importance of open standards, and experience of open source software ecosystem. Identify development required for senior leaders to ensure understanding of open standards, open source. Define role for open source technical lead for Departments to ensure exists within staff. Engage with HMG ICT Asset Register to inventory open souce in HMG. Package exemplars and reuse of open source across HMG. Provide Open Source Organisational Maturity Model to support Departments improve use of OSS, and improve annual scores. Define and establish ToR for Open Source Surgeries for HMG and wider public sector. Produce a TCO V0.1 to be published at the same time as the Toolkit Produce model for Total Cost of Ownership, with input from London School of Economics study for use across HMG Work with Sis to identify their commercial and procurement obsctales. HO and OGDs via OSIG. Work with SIs to identify commercial or procurment barriers to wider enagement of OSS SMEs and secondary suppliers. CO via OSIF. Produce Baseline of Open Source use (current landscape state) Define metrics for measurement, to be used by Sis & OGDs Ensure OGDs follow Home Office lead on Open Source actionable policies. Quality assurance of OGD policies. Programme ensures OGDs follow lead on Operating Model and Project Processes Survey compliance with policy across HMG (implementation of policy) Published Guide for Procurers Sept 2011 Publish OSS Option Catalogue Publish OSS Assessment Critera Publish FAQs Publish CESG Guidance GPG-38 June 2011 Publish summary Publish PPN and guidance on secure use and OSS licenses for HMG software Publication of guidance on external commercial use of HMG software and OSS route Publish policies & processes Publish template set Revised SFIA definition including Open Source references Revised TiB programme Recommendations for senior leadership development Role Description for Departmental Open Source Technical Lead Revised ICT Asset Register metamodel Catalogue of exemplars and re-use candidates OSS Maturity Model Open Source Surgery ToR Total Cost of Ownership v0.1 Template for calculation of TCO Agreed list of supplier Commercial and Procurement obstacles SME and Secondary supplier action plan Baseline of OSS use Metrics Template for measurement of OSS use and value Assurance report for each Department Assurance report for each Department Policy compliance report PV - TR - NB (QY) ERG - IT Professionalism (QY) ERG - IT Professionalism Programme response - IT Prof Team/CSL NB - TR - PV QY ? Programme Team Programme Team TR, QY, NB, CB in house early version at RP request LSE, Gartner, VfM units/ERG Supplier Forum - Departments Departments Prog & Departments Nov-11 Nov-11 Nov-11 Sept 2011 Next OSIG? Oct-11 Apr-12 Apr-12 Oct-11 Oct-11 Apr-12 To April 2012 To April 2012 Dec-11 Oct-11 Oct-11 Apr-12 Apr-12 QY/ERG Commercial/NB/CB TR - CB - OSIG+ TR - CB - OSIG+ TR - CB - OSIG+/ NB/CB CESG CESG QY - CESG, Legal, ERG QY - CESG, Legal, ERG Oct-11 Oct-11 Oct-11 Oct-11 Oct-11 Oct-11 Oct-11 Apr-12

2 2.61 2.7 2.8 3.1 3.2 4.21 5.31 6.21 6.4 7 8.1 9.1 9.2

Uptake & Embed

Ensure all Departments retain open source technical lead, report to Cabinet Office. Capability-themed events to raise awareness of open source opportunities. Commision and demonstrate model office proving OSS office and business functions. Establish (1) SI Forum, (2) Implementation Group, (3) Advisory Panel of experts (legal, security, commercial, technical) Establish governance between Cabinet Office CIO DB, Home Offie, OGDs. Promote exemplars and reuse of open source across HMG. Run Open Source Surgeries for HMG and wider public sector. Promote and ensure uptake of Model Contract clauses, working with Buying Solutions Ensure HO and OGDs Commercial are using updated TCO Fully establish responsibility to support and maintain OSS Function (BAU) New e-Gov anual awards categories - (1) open source savings, (2) open source innovation Proactive support for open source opportunities, including intervention and solution / tech refresh to save money. Low risk quick wins, and risk managed larger savings. Agree with CESG added value services offered to support OSS reuse and exploitation Establish assurance and compliance process for supplier performance Establish assurance and compliance process for OGD performance Open Source Technical Lead contact list Awareness events plan Model Office demonstrator ToRs for SI Forum, Implementation Group, Advisory Panel of experts Governance Design for OSS Programme Communication product for exemplars Open Source Surgeries plan Model Contract clauses communication plan Evidence of Departmental use of TCO model Function definition and set up agreement Definition for award category BAU activity? Departments BAU function Progress only as co-ordinator Skunkworks or Dept lead depends on 2.6 from Oct 2011 from Sept 2011 Apr-12 Jul-11 Jul-11 Nov-11 ongoing Nov-11 Jun-12 April 12? Apr-12 Apr-12 Apr-12 Nov-11 Nov-11 Agreement on approach plan with Skunkworks Agreement on approach plan and with Skunkworks QY MO'N (Skunkworks) QY MO'N (Skunkworks) QY RP TR BAU activity QY RP Nov-11 Nov-11 Ongoing throughout life of programme Ongoing throughout life of programme

9.3 9.4

Reach agreement with Cabinet Office SKunkWorks to prototype / trial OSS solutions when SIs don't. Establish fuller scope and assurance for SkunkWorks projects establish relationship and work with relevant OSS independent and international forum

10.1

Communications and reputation management: Media, public debates, responses to news.

3 1.6 5.2 8.2

Measurement
Survey quality of assurance for open source evalutations. Annual OSS Organisational Maturity Model returns to Cabinet Office. Monitor supplier and user constraints and opportunity management issue Surveys of open source policy, with published results. For (1) Departments, and (2) SIs Survey report Assurance Report Assurance Report Jan-12 Jun-12 Ongoing from Oct 2011

Benefits Realisation
Departmental implementation
Each Department to report its current utilisation of Open Source and provide case studies (baseline landscape) Each Department appoints OSS lead (as part of or within lead for Open Standards/Solutions capability) Each Dept publishes Open Source policy Each Dept introduces project process / operating model to request open standards and assure open source evaluations. Departments embrace OSS Toolkit use and incoprorate in change management Each Department to assess impact and implications of changes to SFIA and TiB and implement relevant changes Each Department to update Asset Register and Configuration Management models to include relevant Open Source characteristics Each Department to monitor availability and relevance of Open Source exemplars and re-use candidates Each Department to identify development required for senior leaders to ensure understanding of open standards and open sources Each Department to use Open Source Maturity Model to assess own maturity on Open Source utilisation and value Each Department to make relevant use of Open Source surgeries Each Department to assess impact and implications of changes to SFIA and TiB and implement relevant changes Each Department to assess impact of Procurment Guidance on local processes and prinicples and make appropriate changes Each Department to amend Total Cost of Ownership models with relevant Open Source characteristics Each Department to engage and contribute to OS Implementation Group Each Department to review CESG Guidance on Open Source and assess any impact Each Department to identify commercial and procurment barriers to Open Source Each Department to ensure where appropriate that publicly funded software is open sourced appropriately and not handed to non-Crown bodies. Each Department to provide relevant Open Source returns to Cabinet Office Departments Sep-11 from Oct 2011

18/05/2012

Open Source

12

Action Plan

18/05/2012

Open Source

13

OSS Toolkit

Commercial Principles?

Procurement Guidance

Maturity Model for Departments

Total Cost of Ownership nformed by LSE Report

Security Guidance CESG GPG38

Options List OSS alternatives with real world references

1 page security note

Assessment Criteria for Software in consultation with suppliers

Options v2

18/05/2012

Open Source

14

IT Process

18/05/2012

Open Source

15

Early Achievement - Security

Open source as a category is no more or less secure than closed proprietary software.
This means you cant pre-disqualify open source from consideration.

CESG GPG38 Cabinet Office Website for OSS Toolkit

18/05/2012

Open Source

16

Real World Example 1 public web site

18/05/2012

Open Source

17

Real World Example 1 public web site

18/05/2012

Open Source

18

Real World Example 2 key infrastructure

12 million
over 5 years

2 million
over 5 years

18/05/2012

Open Source

19

End User Devices open enabling architecture

Jigsaw Model
Modular, decoupled, interchangeable, components an services Browser, printing, authentication, encryption, monitoring, configuration, a/v, ...

Why?
Choice, competition sustained after purchase New pieces, retire pieces as market evolves Right-sizing build with some pieces Isolation of components

Can this be done 100% OSS?

Build demonstrator OSS configuration Learn and reuse OSS security patterns

18/05/2012

Open Source

20

Future Challenges
Contributing Open Source?
Security & Reputation Commercial and IPR Decisions to invest in open source

Taking back design decisions from outsourced IT suppliers?

Big step, internal capability Can you really outsource risk?

Open Standards public consultation

Should open standards be free from patent royalties? What kinds of open standards prevent open source? Which open standards lower barriers to entry, widen participation in Government IT?

18/05/2012

Open Source

21

Final Thoughts
To ensure value for money, Government ICT customers MUST:
1. Understand Open Source, its ecosystem, and know about key open source technologies Undertake quality options analyses including open source Design open architectures and understand why.

2. 3.

18/05/2012

Open Source

22

Vision - Open Standards & Open Source

Open Standards help create a level-playing field, lowering barriers to entry

Open Source software provides competition on this field

We choose software because we want it, not because we have to

18/05/2012

Open Source

23