The US Army recently posted a security code to GitHub with a goal of open-sourcing it to better understand when they come under cyber attack. Called Dshell, the code has been used for the past five years to analyze attacks on Department of Defense networks. The US Army Research Laboratory (ARL) believes that the kind of cyber attacks launched on the government can be similar to those on the general public. Thus, they hope to get feedback from non-government users to better understand and prevent future attacks.
Dshell was posted on GitHub on December 17th, and has already seen 2,000 visitors and over 100 downloads, from users across 18 countries. ARL wants developers to use the forensic analysis code and create their own custom modules that study their own security compromises. William Glodek, ARL's Network Security branch chief, hopes that these modules will better benefit the digital forensic community as a whole, not just the Army.
Glodek said that he wants "to give back to the cyber community, while increasing collaboration between Army, the Department of Defense and external partners." While Dshell's core functionality is said to be similar to public tools already available, it is meant to offer a simpler way to develop new functionality and better analyze data. Glodek adds that the Dshell framework can grow and become more valuable with contributions from the open source community.
The posting of Dshell on GitHub is the first official page on the site from the US Army. The hope is that six months from now, there will be a developer community on the site made up of a mix of users from the government, academia, as well as industry. Glodek describes Dshell as currently being dependent on a group of people in the government, and while they are motivated, the desire is to have members from a diverse background, so cyber attacks that can affect any aspect of society can be analyzed with multiple viewpoints.