Kaspersky Labs Building a Secure OS for Industry and Infrastructure ICS
We’re glad we don’t spend too much time in the terrifying world of cyber security, and we’re even more happy to see that there are others who do. Eugene Kaspersky is one of those people, and his Kaspersky Labs is currently building a secure operating system designed to protect the industrial control systems (ICS) in industry and infrastructure.
No, this isn’t a competitor to the likes of Windows 8; this is a different level of operating system.
In a lengthy blog post, Kaspersky outlines the reasons why a secure OS is necessary and how a typical office computer network is different than an industrial IT system. Primarily, it comes down to priorities; in a normal office, security of the data is key, but in industry, continuity of operations.
“In your average company, one of the most important things is confidentiality of data, and IT administrators are encouraged to isolate infected systems from non-infected systems to that end, among others,” said Kaspersky in the post. “Thus, for example, if on the corporate file server a Trojan is detected, the simplest thing to do is disconnect the infected system from the network and then later start to tackle the problem. In industrial systems that can’t be done, since here the highest priority for them is maintaining constant operation come hell or high water.”
He notes further that ICS software isn’t updated as frequently as it should be, again because of the issue of always-on service. On the whole, not only does this reality leave ICS open to vulnerabilities, system administrators may not even be aware when a problem or breach occurs. It’s rather chilling to think about, actually.
“Ideally, all ICS software would need to be rewritten, incorporating all the security technologies available and taking into account the new realities of cyber-attacks.”, said Kaspersky. Acknowledging that even with such a massive effort there would be no guarantee of stability, he advocates for a secure operating system onto which ICS could be involved.
How does he think he can build a secure OS when no one else has done it? Simply put, this operating system will be purpose-built for one thing instead of being a platform upon which users will can do any number of computing tasks, there will no background activity, and it will be impossible to execute third-party code on it.
Godspeed and good luck to Kaspersky Labs. We like our infrastructure as secure as possible, thanks very much.
No, this isn’t a competitor to the likes of Windows 8; this is a different level of operating system.
In a lengthy blog post, Kaspersky outlines the reasons why a secure OS is necessary and how a typical office computer network is different than an industrial IT system. Primarily, it comes down to priorities; in a normal office, security of the data is key, but in industry, continuity of operations.
“In your average company, one of the most important things is confidentiality of data, and IT administrators are encouraged to isolate infected systems from non-infected systems to that end, among others,” said Kaspersky in the post. “Thus, for example, if on the corporate file server a Trojan is detected, the simplest thing to do is disconnect the infected system from the network and then later start to tackle the problem. In industrial systems that can’t be done, since here the highest priority for them is maintaining constant operation come hell or high water.”
He notes further that ICS software isn’t updated as frequently as it should be, again because of the issue of always-on service. On the whole, not only does this reality leave ICS open to vulnerabilities, system administrators may not even be aware when a problem or breach occurs. It’s rather chilling to think about, actually.
“Ideally, all ICS software would need to be rewritten, incorporating all the security technologies available and taking into account the new realities of cyber-attacks.”, said Kaspersky. Acknowledging that even with such a massive effort there would be no guarantee of stability, he advocates for a secure operating system onto which ICS could be involved.
How does he think he can build a secure OS when no one else has done it? Simply put, this operating system will be purpose-built for one thing instead of being a platform upon which users will can do any number of computing tasks, there will no background activity, and it will be impossible to execute third-party code on it.
Godspeed and good luck to Kaspersky Labs. We like our infrastructure as secure as possible, thanks very much.
