Kaspersky is developing a secure OS for industrial control

The security firm plans to develop the operating system from scratch

By , IDG News Service |  Operating Systems

Russian security firm Kaspersky Lab is developing a secure operating system for industrial control systems, its chairman and CEO Eugene Kaspersky said on Tuesday.

"Quite a few rumors about this project have appeared already on the Internet, so I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on," Kaspersky said in a blog post.

The new operating system aims to protect complex industrial systems that have become the target of a variety of high-profile cyberweapons such as Stuxnet, Duqu, Flame and Gauss. Governments are also concerned that the systems that keep critical infrastructure running could be compromised.

U.S. Secretary of Defense Leon Panetta said last week at a meeting of the Business Executives for National Security (BENS) in New York that aggressor nations or extremist groups could use cybertools to derail passenger trains, or even more dangerously trains loaded with lethal chemicals. "They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country," he added.

In running industrial systems the priority so far has been to maintain operation under any circumstances and not to secure the systems, and very often this leads to industrial control system (ICS) software not being updated at all, just to make sure it stays running, Kaspersky said. Manufacturers of specialized software are also not interested in constant source code analysis and patching holes, and typically respond after an exploit is found and exposed on the Internet, he added.

Most automated control systems were not created with security in mind, which is the reason for example that most protocols used for the exchange of information used in SCADA (Supervisory Control and Data Acquisition) and PLCs (Programmable Logic Controllers) don't require any user identification or authorization, according to a separate analysis by Kaspersky Lab.

The vulnerability of control software, programmed controllers, and industrial communication networks leads to operators of industrial and infrastructure systems not being able to receive information on the system's total operation, Kaspersky said.

While ideally all ICS software would need to be rewritten, incorporating all the security technologies available and taking into account the new realities of cyberattacks, the costly effort would still not guarantee the stable operation of systems, Kaspersky said.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness