ICS industrial control system

Kaspersky Labs plans industrial control OS to fend off Stuxnet-like malware

In light of growing concerns over threats to the industrial control systems that run power and water plants, factories and food processing plants, security company Kaspersky Labs has announced plans to build an operating system specifically for those systems.

In a blog post, company Founder Eugene Kasperky noted that most systems that control critical infrastructure, such as Supervisory Control and Data Acquisition Systems (SCADA), currently run on top of Windows or Linux OSes, which can leave them vulnerable to the same types of exploits regular computer systems are exposed to.

Kaspersky proposes a pared down, secure OS designed to handle only the tasks industrial control systems are designed for. He writes that a such an OS would be better than the alternative of rewriting all industrial control software, instead creating an OS “onto which ICS can be installed, and which could be built into the existing infrastructure – controlling ‘healthy’ existing systems and guaranteeing the receipt of reliable data reports on the systems’ operation.”

The idea is to protect against the likes of Stuxnet, which disrupted Iranian nuclear processing in 2010 and raised fears that similar malware could attack systems in power plants, water treatment plants, manufacturing facilities and even prisons.

The possible hitch in Kaspersky’s plans is that his company is based in Russia, which could give manufacturers of programmable logic controllers and other ICS devices pause about using the OS. One security expert told Wired that the Kasperky OS might succeed in Russia, but that security worries about the supply chain would likely prevent its widespread use elsewhere.

Although a Kaspersky spokesman told Wired the company received no funding from the Russian government, the article noted Congress’s recent concerns about backdoors being installed in equipment made in China. In some recent cases, backdoors weren’t installed during manufacturing but added somewhere along the supply chain.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected