Security Firm Developing Secure ICS

Tuesday, October 23, 2012 @ 10:10 PM gHale

Looking to capitalize on the fact industrial control systems started up before security was even thought of, Kaspersky Lab, the Russian security company, is looking to create a secure operating system for industrial control systems, chairman and chief executive said Tuesday.

“Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on,” said Eugene Kaspersky in a blog post.

Trusting Users to Undo Themselves
Trust Drives Opportunity
Firewall Costs; Hidden Costs
ICS, SCADA Myth: Protection by Firewalls

The new operating system aims to protect complex industrial systems that have become the target of a variety of high-profile cyber weapons such as Stuxnet, Duqu, Flame and Gauss. Governments are also concerned the systems that keep critical infrastructure running could suffer a compromise.

The priority of industrial systems so far has been to maintain operation under any circumstances and plug security in as the need arises, and very often this leads to industrial control system (ICS) software not updated at all, Kaspersky said. Manufacturers of specialized software don’t want to undergo the constant source code analysis and patching holes, and typically respond after an exploit ends up exposed on the Internet, he said.

Most automated control systems were not created with security in mind, which is the reason for example that most protocols used for the exchange of information used in SCADA (Supervisory Control and Data Acquisition) and PLCs (Programmable Logic Controllers) don’t require any user identification or authorization, according to a separate analysis by Kaspersky Lab.

The vulnerability of control software, programmed controllers, and industrial communication networks leads to operators of industrial and infrastructure systems not being able to receive information on the system’s total operation, Kaspersky said.

While ideally all ICS software would need a rewrite, incorporating all the security technologies available and taking into account the new realities of cyber attacks, the costly effort would still not guarantee the stable operation of systems, Kaspersky said.

The alternative, which he described as “fully realizable,” would be a secure operating system, one onto which an ICS can install, and which they could build into the existing infrastructure. It would control existing systems and guarantee the receipt of reliable data reports on the systems’ operation, he added.

Currently most SCADA servers are Linux or Windows database servers.

Kaspersky Lab, which plans to build the operating system with the help of vendors and users of industrial control systems, aims to start with entirely new code. To be fully secure, there must be verification the core does not permit vulnerabilities or dual-purpose code. The kernel also needs to contain a very bare minimum of code, and that means the maximum possible quantity of code, including drivers, need to undergo control by the core and end up executed with low-level access rights, according to the analysis by the Lab.

Leave a Reply

You must be logged in to post a comment.