Home    Bloggers    Messages    Webinars    Polls    Resources   
Tw  |  Fb  |  In  |  Rss
Keith Dawson

Promises of a Locked-Down Industrial OS

Keith Dawson

Eugene Kaspersky is building from scratch an industrial OS with perfect security. Would you trust it if he produces one?

Early last month, rumors began circulating in security circles that Kaspersky's company, the Russia-based Kaspersky Labs, was working on an operating system for industrial control systems (ICS) intended to be radically more secure than anything now existing. The company makes some of the most highly regarded consumer and enterprise security software in the world.

Kaspersky himself confirmed the rumors on his blog in mid October, saying:

We're working on methods of writing software which by design won't be able to carry out any behind-the-scenes, undeclared activity, [that guarantees] the impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on our OS; and this is both provable and testable.

The company released a few more details about the theory behind such a secure OS. The idea is to provide a provably secure kernel into which existing ICSs and SCADA systems can be plugged. This is to be a special-purpose OS for industrial control, not a general one that consumers or businesses could use. The company asserts that no existing code is secure enough, so something new must be developed from the ground up.

Security experts dispute most of Kaspersky's claims, first of all that it is possible to write guaranteed-correct code. It's not that no one has ever tried (as Kaspersky incorrectly claimed to ThreatPost); Infoworld quotes security blogger Roger Grimes: "To make a private, dedicated OS that is more secure than a popular OS is not that hard." But one with with zero errors? Hard.

Another essential problem: On Kaspersky's proposal, ICSs and SCADA systems take on the role of applications running on a secure OS. These "applications" are themselves far from secure, as has been demonstrated all too often as of late.

An equally intractable problem for the proposal will be leeriness about Kaspersky himself. In a detailed profile for Wired, Noah Shachtman sums up the suspicions of Kaspersky's "KGB-sponsored training, his tenure as a Soviet intelligence officer, his alliance with Vladimir Putin's regime, and his deep and ongoing relationship with Russia's Federal Security Service, or FSB." (Wired quotes "one prominent member of Russia's technology sector" as saying, "Rule number one of successful companies here is good relations with the secret police.")

Kaspersky has done nothing to endear himself to US political circles -- quite the opposite in fact. He more or less singlehandedly brought the Flame malware to light, thus effectively neutralizing it in its role as a cyber-weapon against Iran, as the Washington Post confirmed in June. US intelligence circles must be wondering: Was Kaspersky doing the bidding of the Kremlin to aid Russia's ally?

This is not a man the security establishment is going to allow within miles of the systems controlling US infrastructure, even if all source code were published. Back doors in low-level code are just too easy to hide.

Security has a great deal of room for improvement, in enterprise networks as in industrial systems. But don't hold your breath until Eugene Kaspersky provides the improvements.

Page 1 / 2   >   >>
batye
batye
12/28/2012 10:19:46 PM
User Rank Platinum
Re: Trust is a b... must
sometimes is more like minefield, and no winning solution...

50%
50%
J-Lo
J-Lo
12/27/2012 12:21:48 PM
User Rank Steel
Re: Trust is a b... must
That's what my point is.......... While dealing in IT, there are many issues that need attention. IT is a playing field where limits and boundaries have loop holes and it is still not possible to seal all the gaps

50%
50%
batye
batye
12/25/2012 12:21:32 AM
User Rank Platinum
Re: Trust is a b... must
trust in IT, it things of the past - rules of the game trust no one and verify over and over again and again...

50%
50%
batye
batye
12/25/2012 12:20:09 AM
User Rank Platinum
Re: Offense vs Defense
could not agree more good point... it would change a lot of the things in the world of security...

50%
50%
J-Lo
J-Lo
11/6/2012 1:44:55 PM
User Rank Steel
Re: Trust is a b... must
"There is a great deal of trust asked of us computer buyers and users -- or, more accurately, a great deal of silent acceptance and no-questions-asked."

"what we believe to be our privacy, is supposedly guaranteed by technololgies -- mathematics, I mean - that virtually nobody really understands and that cannot be explained to us by those who do understand it. It is a huge act of trust"

You have said it very nicely and summed up well. It is all about trust and the question is "does it exist in IT world?

 

50%
50%
J-Lo
J-Lo
11/6/2012 1:40:04 PM
User Rank Steel
Re: Offense vs Defense
Tom, I believe till the time hackers are not traced and cracked down or their machines bombarded with bounced back malware, security will remain an issue. Once hackers know that their equipment will be affected and compromised they will think twice before making any attempt.

 

50%
50%
J-Lo
J-Lo
11/6/2012 1:06:55 PM
User Rank Steel
Re: Goodbye Stuxnet?
Very good reading, I must say but one para got my eyes especially "This is not a man the security establishment is going to allow within miles of the systems controlling US infrastructure, even if all source code were published. Back doors in low-level code are just too easy to hide"

It applies to all developers who have or will claim to have come up with a secure OS I believe. The US product will have same doubtful impression in Russian block, and Chinese origin will also face same in Korean or Japanese market. It all comes down to similar level of trust for communities working in the IT field. No one is safe and every one can be doubted.

50%
50%
John Verity
John Verity
11/1/2012 1:13:59 PM
User Rank Blogger
Trust is a b... must
Kaspersky may or may not have invented anything particulary new in the way of secure OS, but the trusted computing platform, which is what he intends to build, is a fairly well-accepted idea in computer science. It relies on a tight cryptographic coupling of hardware and software elements. The technology is widely described on the Net. 

And any criticisms of K. and his company as being simply creatures of the KGB or its successors is to ignore how tightly interwoven the US intelligence agencies and computer industry are, and always have been. They are, to coin a phrase, in bed with each other. 

Who knows what backdoors and spy-worms and other such things these agencies have unleashed on US citizens, even if only selectively. It was only a few years ago that AT&T was found to he helping the NSA tap every phone call and email moving through the Internet. What's to say our computers running Windows and OS X and Linux are any less compromised?

There is a great deal of trust asked of us computer buyers and users -- or, more accurately, a great deal of silent acceptance and no-questions-asked. 

And what's more, increasingly our privacy, or what we believe to be our privacy, is supposedly guaranteed by technololgies -- mathematics, I mean - that virtually nobody really understands and that cannot be explained to us by those who do understand it. It is a huge act of trust, this. 

Remember Pynchon's Third Proverb for Paranoids:

3. If they can get you asking the wrong questions, they don't have to worry about answers.

 

50%
50%
Tom Murphy
Tom Murphy
11/1/2012 11:31:19 AM
User Rank Steel
Offense vs Defense
I admire Kaspersky's uncompromising commitment to perfection. It reminds me of Steve Jobs; I wonder if they ever spoke, and I suspect it would have ended in an argument if they had. We should all pursue perfection in the things that matter to us, shouldn't we? 

However, security won't be effective until the technology world goes beyond the concept of defending networks. Defense obviously is job no. 1 in security, but job no. 2 is going after intruders -- and nobody is doing this well now.

Just as most people would laugh as Kaspersky's notion that he can create a perfect system, they also scoff at the notion that you can track attacks back to their source on the Internet. Perhaps their cynicism is why we have accepted such a flawed model until now; we can and must to better.

50%
50%
Keith Dawson
Keith Dawson
11/1/2012 8:42:41 AM
User Rank Blogger
Re: Goodbye Stuxnet?
It is a great marketing gimmick. Kaspersky could teach Larry Ellison a few tricks.

I'm no expert on ICS, but from an architectural point of view I don't see how Kaspersky's solution gets around the problem of bad code being executed in the "applications," i.e. the plugged-in SCADA systems. The one mitigation that is evident is that Kaspersky promises that reporting of actual state and command stream will be incorruptible. You'll recall that in the Stuxnet attacks, the worm stockpiled "normal" video footage of the centrifuges in operation and replayed that to operators while the devices were being spun up to destruction.

50%
50%
Page 1 / 2   >   >>
More Blogs from Keith Dawson
Looking down the road at changes big-data initiatives will bring to the enterprise.
Cloud suppliers aren't supposed to do that.
It's not a question of if you'll be breached.
Researcher calls remote server management scheme an "express train to hell."
flash poll
information resources
sponsored content by Alcatel-Lucent
All resources
follow us on twitter
like us on facebook
Enterprise Conversation
About Us     Contact Us     Help     Register     Twitter     Facebook     RSS