Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky To Build Secure OS For SCADA Systems

Posted by Soulskill on from the flatten-and-rebuild dept.

Trailrunner7 writes "Attacks against SCADA and industrial-control systems have become a major concern for private companies as well as government agencies, with executives and officials worried about the potential effects of a major compromise. Security experts in some circles have been warning about the possible ramifications of such an attack for some time now, and researchers have found scores of vulnerabilities in SCADA and ICS systems in the last couple of years. Now, engineers at Kaspersky Lab have begun work on new operating system designed to be a secure-by-design environment for the operation of SCADA and ICS systems. 'Well, re-designing ICS applications is not really an option. Again, too long, too pricey and no guarantees it will fit the process without any surprises. At the same time, the crux of the problem can be solved in a different way. OK, here is a vulnerable ICS but it does its job pretty well in controlling the process. We can leave the ICS as is but instead run it in a special environment developed with security in mind! Yes, I'm talking about a highly-tailored secure operating system dedicated to critical infrastructure,' Eugene Kaspersky said in an interview."

6 of 165 comments (clear)

  1. This is a good idea with countless benefits. by Revotron · · Score: 3, Insightful

    They'll never go for it.

    1. Re:This is a good idea with countless benefits. by Chris+Mattern · · Score: 4, Insightful

      It all requires policy, of course. The PaX stuff is policy: no write/execute and no !execute to execute. If that crashes the program, you need to fix the program or remove that policy restriction.

      And right there you've put your finger precisely on the problem. Fixing the program is hard--if you got it from a vendor, it might well be impossible. Removing the policy, on the other hand, is easy.

  2. Just take them off the internet by Billly+Gates · · Score: 5, Insightful

    Make the client OS use DNS SEC and encrypted traffic for a secure network that is not physically connected to the internet or any network with a gateway to the internet. Why is this so hard?

    This secure OS will eventually get compromised too if it has USB ports enabled, physically access to the machine, or be on a network.

    --
    http://saveie6.com/
    1. Re:Just take them off the internet by Chris+Mattern · · Score: 3, Insightful

      Make the client OS use DNS SEC and encrypted traffic for a secure network that is not physically connected to the internet or any network with a gateway to the internet. Why is this so hard?

      Because management wants the real-time reports on their desks. What do mean it's not secure? Everybody else does it. You're the only one who seems to have trouble doing this!

  3. (another) BSD fork()? by i.r.id10t · · Score: 4, Insightful

    Why waste the time in new development. Start with one of the BSD systems (already approved under iso9001/9002 type stuff) and either set up custom configurations, or fix what needs fixing.

    --
    Don't blame me, I voted for Kodos
  4. Security through obscurity by jader3rd · · Score: 5, Insightful

    "re-designing ICS applications is not really an option". If redesigning the apps isn't an option, how would a new OS help?