Kaspersky Labs Building a Secure OS for Industry and Infrastructure ICS

We’re glad we don’t spend too much time in the terrifying world of cyber security, and we’re even more happy to see that there are others who do. Eugene Kaspersky is one of those people, and his Kaspersky Labs is currently building a secure operating system designed to protect the industrial control systems (ICS) in industry and infrastructure.

No, this isn’t a competitor to the likes of Windows 8; this is a different level of operating system.

In a lengthy blog post, Kaspersky outlines the reasons why a secure OS is necessary and how a typical office computer network is different than an industrial IT system. Primarily, it comes down to priorities; in a normal office, security of the data is key, but in industry, continuity of operations.

Kaspersky Labs secure OS

“In your average company, one of the most important things is confidentiality of data, and IT administrators are encouraged to isolate infected systems from non-infected systems to that end, among others,” said Kaspersky in the post. “Thus, for example, if on the corporate file server a Trojan is detected, the simplest thing to do is disconnect the infected system from the network and then later start to tackle the problem. In industrial systems that can’t be done, since here the highest priority for them is maintaining constant operation come hell or high water.”

He notes further that ICS software isn’t updated as frequently as it should be, again because of the issue of always-on service. On the whole, not only does this reality leave ICS open to vulnerabilities, system administrators may not even be aware when a problem or breach occurs. It’s rather chilling to think about, actually.

“Ideally, all ICS software would need to be rewritten, incorporating all the security technologies available and taking into account the new realities of cyber-attacks.”, said Kaspersky. Acknowledging that even with such a massive effort there would be no guarantee of stability, he advocates for a secure operating system onto which ICS could be involved.

How does he think he can build a secure OS when no one else has done it? Simply put, this operating system will be purpose-built for one thing instead of being a platform upon which users will can do any number of computing tasks, there will no background activity, and it will be impossible to execute third-party code on it.

Godspeed and good luck to Kaspersky Labs. We like our infrastructure as secure as possible, thanks very much.
Comments
3vi1 2 years ago

I'm not sure who is the target market for this product. They mention a bunch of Windows malware as being the catalyst for its development, but companies running Windows on their SCADA systems obviously don't give a damned about security anyway... so they're not going to switch to it.

Companies actually interested in security would already be running BSD, which over the last 35 years has been vetted and proven secure far more than any proprietary product could ever be. If Kaspersky thinks they care more or know more about security than the BSD guys do, they're sadly mistaken.  How many OS flaws has Kaspersky ever identified and demonstrated in the BSD OSes?  None, right?

The rest of their logic is just as questionable:  "The operating system can’t be based on existing computer code; therefore, it must be written from scratch."  That's the craziest thing I've read today.  By that line of reasoning, they can't use any existing compiler to build their OS either, because it may generate exploitable code (ala The Ken Thompson Hack, if not just by design flaw).

These guys are going to be banging rocks together for the next several decades, recreating the wheel, basic tools with hundreds of thousands (if not millions) of man-hours behind them, and endless device drivers.  It's kind of pointless when there's a free and open solution that already does all they want to do and more.

This project sounds doomed from the get-go.  It's like hearing they're going to re-make Blade Runner, with a miniscule budget, and it's going to star Hayden Christensen.

Post a Comment
or Register to comment