Eugene Kaspersky is building from scratch an industrial OS with perfect security. Would you trust it if he produces one?
Early last month, rumors began circulating in security circles that Kaspersky's company, the Russia-based Kaspersky Labs, was working on an operating system for industrial control systems (ICS) intended to be radically more secure than anything now existing. The company makes some of the most highly regarded consumer and enterprise security software in the world.
Kaspersky himself confirmed the rumors on his blog in mid October, saying:
We're working on methods of writing software which by design won't be able to carry out any behind-the-scenes, undeclared activity, [that guarantees] the impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on our OS; and this is both provable and testable.
The company released a few more details about the theory behind such a secure OS. The idea is to provide a provably secure kernel into which existing ICSs and SCADA systems can be plugged. This is to be a special-purpose OS for industrial control, not a general one that consumers or businesses could use. The company asserts that no existing code is secure enough, so something new must be developed from the ground up.
Security experts dispute most of Kaspersky's claims, first of all that it is possible to write guaranteed-correct code. It's not that no one has ever tried (as Kaspersky incorrectly claimed to ThreatPost); Infoworld quotes security blogger Roger Grimes: "To make a private, dedicated OS that is more secure than a popular OS is not that hard." But one with with zero errors? Hard.
Another essential problem: On Kaspersky's proposal, ICSs and SCADA systems take on the role of applications running on a secure OS. These "applications" are themselves far from secure, as has been demonstrated all too often as of late.
An equally intractable problem for the proposal will be leeriness about Kaspersky himself. In a detailed profile for Wired, Noah Shachtman sums up the suspicions of Kaspersky's "KGB-sponsored training, his tenure as a Soviet intelligence officer, his alliance with Vladimir Putin's regime, and his deep and ongoing relationship with Russia's Federal Security Service, or FSB." (Wired quotes "one prominent member of Russia's technology sector" as saying, "Rule number one of successful companies here is good relations with the secret police.")
Kaspersky has done nothing to endear himself to US political circles -- quite the opposite in fact. He more or less singlehandedly brought the Flame malware to light, thus effectively neutralizing it in its role as a cyber-weapon against Iran, as the Washington Post confirmed in June. US intelligence circles must be wondering: Was Kaspersky doing the bidding of the Kremlin to aid Russia's ally?
This is not a man the security establishment is going to allow within miles of the systems controlling US infrastructure, even if all source code were published. Back doors in low-level code are just too easy to hide.
Security has a great deal of room for improvement, in enterprise networks as in industrial systems. But don't hold your breath until Eugene Kaspersky provides the improvements.