Kaspersky is developing a secure OS for industrial control

The security firm plans to develop the operating system from scratch

Russian security firm Kaspersky Lab is developing a secure operating system for industrial control systems, its chairman and CEO Eugene Kaspersky said on Tuesday.

"Quite a few rumors about this project have appeared already on the Internet, so I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on," Kaspersky said in a blog post.

The new operating system aims to protect complex industrial systems that have become the target of a variety of high-profile cyberweapons such as Stuxnet, Duqu, Flame and Gauss. Governments are also concerned that the systems that keep critical infrastructure running could be compromised.

U.S. Secretary of Defense Leon Panetta said last week at a meeting of the Business Executives for National Security (BENS) in New York that aggressor nations or extremist groups could use cybertools to derail passenger trains, or even more dangerously trains loaded with lethal chemicals. "They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country," he added.

In running industrial systems the priority so far has been to maintain operation under any circumstances and not to secure the systems, and very often this leads to industrial control system (ICS) software not being updated at all, just to make sure it stays running, Kaspersky said. Manufacturers of specialized software are also not interested in constant source code analysis and patching holes, and typically respond after an exploit is found and exposed on the Internet, he added.

Most automated control systems were not created with security in mind, which is the reason for example that most protocols used for the exchange of information used in SCADA (Supervisory Control and Data Acquisition) and PLCs (Programmable Logic Controllers) don't require any user identification or authorization, according to a separate analysis by Kaspersky Lab.

The vulnerability of control software, programmed controllers, and industrial communication networks leads to operators of industrial and infrastructure systems not being able to receive information on the system's total operation, Kaspersky said.

While ideally all ICS software would need to be rewritten, incorporating all the security technologies available and taking into account the new realities of cyberattacks, the costly effort would still not guarantee the stable operation of systems, Kaspersky said.

The alternative, which he described as "fully realizable," would be a secure operating system, one onto which ICS can be installed, and which could be built into the existing infrastructure. It would control existing systems and guarantee the receipt of reliable data reports on the systems' operation, he added.

Currently most SCADA servers are managed by Linux or Windows database servers.

Kaspersky Lab, which plans to build the operating system with the help of vendors and users of industrial control systems, aims to start with entirely new code. To be fully secure, the core must be fully verified to not permit vulnerabilities or dual-purpose code. The kernel also needs to contain a very bare minimum of code, and that means that the maximum possible quantity of code, including drivers, need to be controlled by the core and be executed with low-level access rights, according to the analysis by the Lab.

"We can't reveal many details of the project now because of the confidentiality of such cooperation. And we don't want to talk about some stuff so competitors won't jump on our ideas and nick the know-how." Kaspersky wrote in his blog post.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ribeiro

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place