The UK Government has begun to relax security restrictions on the software it approves for public sector use, it was reported on 30 September 2011. The aim is to better facilitate the government policy of utilising more open source software.
The Communications-Electronics Security Group (CESG), the electronics and computing arm of the government intelligence unit Government Communications Headquarters (GCHQ), provides policy and assistance on the security of communications and electronic data. It is to meet with open source experts and industry representatives to discuss the impact of its security requirements on open source software.
Public bodies in the UK can only use IT systems that have CESG certification. However, the certification process takes about 18 months to complete, and open source systems typically lack the commercial sponsors to push this process through. As a result, open source solutions rarely have CESG certification.
In one recent case, Bristol City Council had wanted to use an open source email system, but its lack of CESG certification resulted in the purchase of a proprietary system. Councillor Mark Wright, architect of open source policy at the Council, said that a potential solution had already been suggested: the Cabinet Office would authorise the Council to conduct a pilot of an open source email system. He presumed there would be a new GCHQ certification, through which the Council's pilot would act as sponsor for the desired open source system.
Basil Cousins, secretary of the Cabinet Office Public Sector Group (PSG), said it had invited CESG to discuss ways to ease its restrictions on the use of open source software in government systems.
"We want to agree how to ease a path for open source software being accredited by CESG. That's what we need," he said.
Bill McCluggage, Cabinet Office director of ICT policy, said: "CESG is changing its processes." He added: "We have to make sure things are proportionate and appropriate.”
• Original news article - Computer Weekly
• Secondary news article - Computer Weekly
• Background information - ePractice eGovernment Factsheet for the United Kingdom