Eugene Kaspersky had something of a Larry Ellison moment this week, making the bold claim that he and his company are doing what no one else has ever even attempted: developing a secure operating system. Not only is the assertion inaccurate (of course companies have attempted to develop secure OSes in the past), but the pledge of delivering a completely secure OS -- even for something as specifically nichey as SCADA systems and ICSes -- borders on irresponsible in that it's all but impossible to keep.
By way of context, Kaspersky used Threatpost (The Kaspersky Lab Security News Service) and his personal blog to talk up a project under way at Kaspersky Labs: a new secure-by-design operating system for the operation of SCADA and ICSes. The case for such a system is abundantly clear. In recent months, hackers have successfully infiltrated antiquated controls systems for water utilities, power plants, heavy industry, and other critical infrastructure. The trend points to an increasingly realistic doomsday scenarios, such as cyber terrorists pulling off a coordinated hack on America's power grid, causing massive blackouts and leaving more than 300 million people without electricity for days. Or perhaps worse yet, a U.S.-based nuclear power plant could be targeted with a Stuxnet-like virus, leading to a catastrophic meltdown.
Kaspersky's vision to eradicate these threats is to develop a secure-by-design operating system, "one onto which [existing] ICS can be installed, and which could be built into the existing infrastructure -- controlling 'healthy' existing systems and guaranteeing the receipt of reliable data reports on the systems' operation," he explained in his blog.
There are several key ingredients to this system, per Kaspersky. "First: Our system is highly tailored, developed for solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media. Second: We're working on methods of writing software that by design won't be able to carry out any behind-the-scenes, undeclared activity. This is the important bit: The impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on our OS; and this is both provable and testable."
Maintaining secrecy for the sake of security is also part of the plan: "There are some details that will remain for certain customers' eyes only forever, to ward off cyber-terrorist abuses."
Kaspersky's vision is admirable (if not slightly opportunistic). Yes, we need to better secure outdated ICSes and SCADA systems that weren't built with the Internet in mind. Also, Kaspersky is still in the early stages of development, so it's imprudent to judge the merits of the project. Still, there are some issues that need addressing.
First, Kaspersky made a somewhat broad and misleading assertion. He told Threatpost that "no one else ever tried to make a secure operating system. This may sound weird because of the many efforts Microsoft, Apple, and the open source community have made to make their platforms as secure as possible."