Kaspersky Labs plans industrial control OS to fend off Stuxnet-like malware
- By Kevin McCaney
- Oct 17, 2012
In light of growing concerns over threats to the industrial control systems that run power and water plants, factories and food processing plants, security company Kaspersky Labs has announced plans to build an operating system specifically for those systems.
In a blog post, company Founder Eugene Kasperky noted that most systems that control critical infrastructure, such as Supervisory Control and Data Acquisition Systems (SCADA), currently run on top of Windows or Linux OSes, which can leave them vulnerable to the same types of exploits regular computer systems are exposed to.
Kaspersky proposes a pared down, secure OS designed to handle only the tasks industrial control systems are designed for. He writes that a such an OS would be better than the alternative of rewriting all industrial control software, instead creating an OS “onto which ICS can be installed, and which could be built into the existing infrastructure – controlling ‘healthy’ existing systems and guaranteeing the receipt of reliable data reports on the systems’ operation.”
The idea is to protect against the likes of Stuxnet, which disrupted Iranian nuclear processing in 2010 and raised fears that similar malware could attack systems in power plants, water treatment plants, manufacturing facilities and even prisons.
The possible hitch in Kaspersky’s plans is that his company is based in Russia, which could give manufacturers of programmable logic controllers and other ICS devices pause about using the OS. One security expert told Wired that the Kasperky OS might succeed in Russia, but that security worries about the supply chain would likely prevent its widespread use elsewhere.
Although a Kaspersky spokesman told Wired the company received no funding from the Russian government, the article noted Congress’s recent concerns about backdoors being installed in equipment made in China. In some recent cases, backdoors weren’t installed during manufacturing but added somewhere along the supply chain.
Kevin McCaney is a former editor of Defense Systems and GCN.