Kaspersky is developing a secure OS for industrial control

The security firm plans to develop the operating system from scratch

Russian security firm Kaspersky Lab is developing a secure operating system for industrial control systems, its chairman and CEO Eugene Kaspersky said on Tuesday.

"Quite a few rumors about this project have appeared already on the Internet, so I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on," Kaspersky said in a blog post.

The new operating system aims to protect complex industrial systems that have become the target of a variety of high-profile cyberweapons such as Stuxnet, Duqu, Flame and Gauss. Governments are also concerned that the systems that keep critical infrastructure running could be compromised.

U.S. Secretary of Defense Leon Panetta said last week at a meeting of the Business Executives for National Security (BENS) in New York that aggressor nations or extremist groups could use cybertools to derail passenger trains, or even more dangerously trains loaded with lethal chemicals. "They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country," he added.

In running industrial systems the priority so far has been to maintain operation under any circumstances and not to secure the systems, and very often this leads to industrial control system (ICS) software not being updated at all, just to make sure it stays running, Kaspersky said. Manufacturers of specialized software are also not interested in constant source code analysis and patching holes, and typically respond after an exploit is found and exposed on the Internet, he added.

Most automated control systems were not created with security in mind, which is the reason for example that most protocols used for the exchange of information used in SCADA (Supervisory Control and Data Acquisition) and PLCs (Programmable Logic Controllers) don't require any user identification or authorization, according to a separate analysis by Kaspersky Lab.

The vulnerability of control software, programmed controllers, and industrial communication networks leads to operators of industrial and infrastructure systems not being able to receive information on the system's total operation, Kaspersky said.

While ideally all ICS software would need to be rewritten, incorporating all the security technologies available and taking into account the new realities of cyberattacks, the costly effort would still not guarantee the stable operation of systems, Kaspersky said.

The alternative, which he described as "fully realizable," would be a secure operating system, one onto which ICS can be installed, and which could be built into the existing infrastructure. It would control existing systems and guarantee the receipt of reliable data reports on the systems' operation, he added.

Currently most SCADA servers are managed by Linux or Windows database servers.

Kaspersky Lab, which plans to build the operating system with the help of vendors and users of industrial control systems, aims to start with entirely new code. To be fully secure, the core must be fully verified to not permit vulnerabilities or dual-purpose code. The kernel also needs to contain a very bare minimum of code, and that means that the maximum possible quantity of code, including drivers, need to be controlled by the core and be executed with low-level access rights, according to the analysis by the Lab.

"We can't reveal many details of the project now because of the confidentiality of such cooperation. And we don't want to talk about some stuff so competitors won't jump on our ideas and nick the know-how." Kaspersky wrote in his blog post.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Ribeiro

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?