ubuntu-ngo team mailing list archive

[Paul Harper <harper.paul.j@xxxxxxxxx>]

Pierre,

I am former UN having started as a Security Officer. Then I moved across
to the Information Security Team at the ICTY and later UNAKRT. I am also
working on an MA although mine is with Kings College London on War in
the Modern World with a view to doing my dissertation on information
warfare.So you have my sympathy! I am also a SANS Giac Certified
Incident
Handler.http://www.giac.org/certification/certified-incident-handler-gcih
http://www.giac.org/certified-professional/paul-harper/125521

There is some use of Open Source software at the UN. But this tends to be on
the back end servers rather than on the desktop. I seem to recall that
DPKO was going to do a trial at a smaller mission on using desktop
software. You might want to contact UN Public Affairs to see if they can
give you more info.I think this is probably the best
way. http://www.un.org/en/peacekeeping/about/contact.asp

UNAKRT was, and still is funded by donor contributions rather than the
regular budget as was the case at ICTY. Therefore we didn't have the
funds for expensive proprietary security software like Silent Runner or
Encase.

Silent Runner HTTP://www.pcmag.com/article2/0,2817,118797,00.asp
Encase: http://www.scmagazine.com/guidance-software-encase-forensic-v7/review/3872/ 

Wireshark and Caine were open source equivalents which got the job done
although perhaps without so many bells and whistles.

Wireshark: http://www.wireshark.org/
Caine: http://www.caine-live.net/
A good article on Caine's use in Afghanistan. Shows that it is serious
software.http://www.linux-magazine.com/w3/issue/122/032-034_caine.pdf

One issue that I didn't see in your paper was the perception that free
and open source is less secure than proprietary. I heard this from a
number of UN IT managers. Of course nothing is bullet proof as the
recent OpenSSL Hearbleed debacle shows.

http://www.troyhunt.com/2014/04/everything-you-need-to-know-about.html

To my knowledge the UN lacks a clear guidance on the use of free and
open source software. The UN really needs something like the  US DOD
"Clarifying Guidance Regarding Open Source Software (OSS)".

US DOD Open Source FAQ:
http://dodcio.defense.gov/OpenSourceSoftwareFAQ.aspx

Bruce Schneier has a lot of stuff on the Open versus Proprietary
Security
debate. https://www.schneier.com/blog/archives/2011/06/open-source_sof.html

As does Ross Anderson of Cambridge University. http://www.cl.cam.ac.uk/~rja14/Papers/toulouse.pdf

Finally on Information Security in the UN generally I recommend: Shared
secrets: intelligence and collective security by Dr Simon
Chesterman. It might have something to support your
argument. http://www.lowyinstitute.org/publications/shared-secrets-intelligence-and-collective-security

I hope this is useful for you. Best of luck!

I'll just note these are my private views and they should not be
construed as an official position by my previous employer, the United
Nations. 

Regards,

Paul Harper

Pierre van Male writes:

> Dear all,
>
> I am finishing a master on social economy with the university of Barcelona
> and for my end of study project, I decided to work on the adoption of FLOSS
> by the International NGO.
>
> To this prospect, I made a small Google Site and I uploaded the first draft
> of the narrative document (still in an early stage).
>
> I would really appreciate if some of you would take the time to have a look
> and share with me comments and suggestions.
>
> The website is available here: https://sites.google.com/site/floss4ingo
>
> And the first draft here:
> https://docs.google.com/document/d/1GOKoEOwvT7TPwrW_V4_OD7FkR-m9tPImgH9HyMLK1uw/edit?usp=sharing
>
> Thanks in advance,
> Pierre
> _______________________________________________
> Mailing list: https://launchpad.net/~ubuntu-ngo
> Post to     : ubuntu-ngo@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-ngo
> More help   : https://help.launchpad.net/ListHelp