Kasperksy Labs, the Russian cybersecurity outfit, is developing an all-new, highly-secure operating system just for running industrial machinery and the critical infrastructure that all cities now rely on.
CEO Eugene Kasperksy confirmed the plans on October 16 on his blog, Nota Bene, sketching out the thinking behind the effort and describing the proposed system, to be written from scratch, as something computing experts know as a trusted computing platform. "I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on," Kasperksy stated.
Telecommunications networks, the electrical grid, nuclear plants, industrial machinery -- all of them are monitored and controlled by computers. And every day, it seems, there's yet another headline about bad guys, sometimes just joyriders but frequently government operatives, hacking into these systems and wreaking havoc.
This kind of hacking is hardly limited to efforts by Israeli and US computer specialists to disable Iranian nuclear facilities by injecting disruptive code like the Stuxnet and Duqu worms.
Last year, the FBI has reported, hackers managed to break into the systems controlling certain "critical infrastructure" (nothing more specific was stated) in three US cities, one of them described as "major." The intent was merely to tease law enforcement, the FBI said, but the incidents highlight the vulnerability and attractiveness to hackers of so-called SCADA systems (for supervisory control and data acquisition).
As Kasperksy points out in his blog, industrial IT systems have certain characteristics that make them particularly vulnerable. "Here," the Russian cyber-entrepreneur writes, "the highest priority... is maintaining constant operation come hell or high water. Uninterrupted continuity of production is of paramount importance at any industrial object in the world; security is relegated to second place."
What’s more, because no downtime can be tolerated, no code gets added to these SCADA systems without extensive testing for fault-tolerance. The last thing any company or city works department wants to see is a system crash to a halt because of error-prone code update. Unfortunately, that kind of testing requires a great deal of effort, so many operators forego updates, or even forbid them altogether. The result: growing vulnerability to malicious attacks.
Finally, Kaspersky points out that operators of industrial/infrastructural systems...
...may not have the ability to receive reliable information about the systems' total operation! Theoretically a situation is possible where, let's say, a system for distributing electricity is attacked, as a result of which somewhere at a distant installation the other side of the country a breakdown occurs. But the control center doesn't know anything about it: the attackers have sent to its computers false data.
He relates the story of a contract employee working on an Australian town's computer-controlled sewage system. Disgruntled because he'd been denied a promotion, the employee managed to disrupt operations across some 150 pumping stations and cause 1 million liters of raw sewage to enter local waterways. "There are plenty of other such examples," wrote Kaspersky, "they're just not reported in the media. After all, victim companies are generally not too keen on letting the whole world know their systems have been compromised."
How to solve these problems? Evidently, Kaspersky Labs' OS will make extensive use of cryptographic techniques. By insisting that every piece of code have a proven digital signature, it's possible, at least in theory, to prevent any unauthorized software from executing in a secured environment. In brief, the OS itself gets mathematically coupled to the underlying processor chip (each copy of which will be uniquely numbered at the factory) and then, every new piece of software will have to present its own credentials before it is permitted to execute.
The main feature of the planned Kasperksy OS, the company has explained, "is the categorical impossibility of running on it undeclared functionality."
This kind of scheme has been proposed by Microsoft and Intel for use in office computers, too, but the idea has encountered harsh criticism as potentially a way for those companies to leverage their market power and lock out competitors selling superior products. In the case of SCADA systems, such fears may be outweighed by the obvious technical advantages.
— John W. Verity, Editor in Chief, The CMO Site