Government IT security specialists in at least eight European Member States contribute to open source software, a quick Internet search shows. Poland, France, the Czech Republic and Luxembourg seem to be the most active, contributing to 58, 49, 24 and 19 projects respectively.
The list (see table below) is almost certainly incomplete. Some countries have multiple organisations focusing on IT security, and not all of them are easily found online.
In Poland, for example, the list of European IT security organisations maintained by Enisa, the EU agency for cybersecurity, lists three agencies: CSIRT-GOV, the Computer Security Incident Response Team led by the head of the country’s Internal Security Agency; cert.gov.pl, which is currently not online; and the CSIRT at the defence ministry.
There is no trace of the latter two agencies on GitHub, a popular open source code repository. By contrast, Cert-Polska, part of the country’s academic computer network, has no fewer than 58 projects on that repository.
Turning to the Czech Republic, the govCERT-CZ page on GitHub shows 24 open source projects, plus one for NÚKIB, the country’s cyber- and information security agency, which also manages GovCERT-CZ.
Compromised
The clearest example is France’s National Cybersecurity Agency (Agence nationale de la sécurité des systèmes d’information, or ANSSI). This organisation publicly shares some of its own software solutions, including DFIR ORC digital forensics software to reliably get data from compromised computers running MS Windows, and TCHAP, an instant messaging client now used across the central government and France’s fire departments.
In addition, ANSSI takes an active part in recommending the use of open source in France’s public services, for instance by taking part in conferences and demos.
Testing
Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) tests open source solutions for use by public services. These include OwnCloud, open source software that provides file and messaging functionality to organisations and workgroups, and Drupal, Plone, WordPress, Joomla and TYPO3, five open source web content management systems.
In addition, the BSI has funded the development of open source tools related to IT security, such as: GPGG4win, a port to MS Windows of the widely-used GPG encryption software OpenGPG; mailveloppe, a browser plugin for end-to-end encryption of webmail and web forms; and OpenGPG support in LibreOffice, a suite of office productivity tools.
Alternatives
The Dutch government’s cyber security centre (Nationaal Cyber Security Centrum, or NCSC) also tests and recommends open source software. In 2013, for example, it encouraged the use of Ubuntu Linux or Red Hat Linux as alternatives for those public services still hanging on to the Windows XP operating system. By that time, XP was a decade old and was no longer receiving security patches from its manufacturer.
The Dutch Intelligence and Security Service (AIVD) in 2015 funded the development of OpenVPN-NL, a tailored version of the widely-used OpenVPN (software for securing point-to-pont commnunications).
| Member State | GitHub page | Number of repositories |
|---|---|---|
| Austria | https://github.com/certat | 10 |
| Belgium | https://github.com/certbe | 1 |
| Bulgaria | ||
| Croatia | ||
| Cyprus | ||
| Czechia | https://github.com/GovCERT-CZ | 24 |
| Denmark | ||
| Estonia | https://github.com/cert-ee | 4 |
| Finland | ||
| France | https://github.com/ANSSI-FR | 49 |
| Germany | ||
| Greece | ||
| Hungary | ||
| Ireland | ||
| Italy | ||
| Latvia | ||
| Lithuania | ||
| Luxembourg | https://github.com/GOVCERT-LU | 19 |
| Malta | https://github.com/CSIRTMalta | 3 |
| Netherlands | https://github.com/NCSC-NL/ | 2 |
| Poland | ||
| Portugal | ||
| Romania | ||
| Slovakia | ||
| Slovenia | ||
| Spain | ||
| Sweden |