Kaspersky Lab in development of secure Industrial OS

Kaspersky Lab Chairman and CEO, Eugene Kaspersky, has confirmed that the company is currently developing a natively secure industrial operating system to protect SCADA and ICS systems from cyber attack. Following large scale malware intrusions like Stuxnet and Duqu, Flame and Gauss, Kaspersky says protecting key industrial control systems used in industry/infrastructure is critical.

The impetus behind the move, he says, is that industrial systems are difficult to secure. Since industrial systems prioritize constant, “always on” operation, Kaspersky says they are rarely, if ever, updated, thereby leaving well known vulnerabilities in place for years. In addition, industrial system developers, he says, aren’t interested in source code analysis or patching security holes until after exploits have been developed and successfully infected target systems.

At the same time, current strategies to secure systems are ineffective, he says. Even if systems are disconnected from the Internet, they are still vulnerable to infected USB drives plugged in by plant workers. And, despite efforts to keep source code and schematics “secret”, known SCADA system vulnerabilities abound on the Internet, including the Shodan search engine that tracks currently vulnerable online devices from web cams to power plants.

While short on details, Kaspersky says the company’s secure OS will be inherently secure since it is being developed to address a narrowly specific task (unlike consumer PC operating systems that handle many different tasks) and won’t allow any third-party code or unauthorized applications to run. More details of the OS’s requirements and background are available on Kaspersky’s www.securelist.com website.
www.kaspersky.ca