ICS industrial control system

Kaspersky Labs plans industrial control OS to fend off Stuxnet-like malware

In light of growing concerns over threats to the industrial control systems that run power and water plants, factories and food processing plants, security company Kaspersky Labs has announced plans to build an operating system specifically for those systems.

In a blog post, company Founder Eugene Kasperky noted that most systems that control critical infrastructure, such as Supervisory Control and Data Acquisition Systems (SCADA), currently run on top of Windows or Linux OSes, which can leave them vulnerable to the same types of exploits regular computer systems are exposed to.

Kaspersky proposes a pared down, secure OS designed to handle only the tasks industrial control systems are designed for. He writes that a such an OS would be better than the alternative of rewriting all industrial control software, instead creating an OS “onto which ICS can be installed, and which could be built into the existing infrastructure – controlling ‘healthy’ existing systems and guaranteeing the receipt of reliable data reports on the systems’ operation.”

The idea is to protect against the likes of Stuxnet, which disrupted Iranian nuclear processing in 2010 and raised fears that similar malware could attack systems in power plants, water treatment plants, manufacturing facilities and even prisons.

The possible hitch in Kaspersky’s plans is that his company is based in Russia, which could give manufacturers of programmable logic controllers and other ICS devices pause about using the OS. One security expert told Wired that the Kasperky OS might succeed in Russia, but that security worries about the supply chain would likely prevent its widespread use elsewhere.

Although a Kaspersky spokesman told Wired the company received no funding from the Russian government, the article noted Congress’s recent concerns about backdoors being installed in equipment made in China. In some recent cases, backdoors weren’t installed during manufacturing but added somewhere along the supply chain.

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader Comments

Wed, Oct 24, 2012 Ed Hubler Kansas

There are, conservatively, hundreds of millions of inadequately secured digital ICS devices. A practical solution would be one that could be engineered and added to existing ICS with minimal disruption; one project at a time at a facility or location and the solution must be economically attractive. Integrating a collection of “point” solutions, offered by multiple manufacturers, is a less-than-practical option. Interoperability between point solutions provided by competing manufacturers cannot be assured. Integrating disparate point solutions into a cohesive ICS and business network solution would be an extraordinarily complex undertaking A common, vendor-neutral security architecture is the practical requirement. Ensuratec’s (US Company) SCADA Warrior solution stands alone and is independent of the ICS system. Its purpose is to analyze and thwart malicious attacks from ever reaching a SCADA system.

Fri, Oct 19, 2012

Without MS, we would not be where we are now as far as OS and software.

Thu, Oct 18, 2012

Amen! A properly secured Linux environment custom tailored to these systems with appropriate security safeguards will work fine.

Thu, Oct 18, 2012

It takes a Russian company to do this because in the USA Micro$oft has control -- thanks to a Federal government that is bought an paid for by MS.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above