Skip Links

Kaspersky's exploit-proof OS leaves security experts skeptical

By Taylor Armerding, CSO
October 19, 2012 01:00 PM ET

CSO - Eugene Kaspersky, the $800-million Russian cybersecurity tycoon, is, by his own account, out to "save the world" with an exploit-proof operating system.

Kaspersky is developing a secure OS for industrial control

In a blog post this week quickly picked up by news outlets around the world, Kaspersky confirmed rumors that Kaspersky Lab is "developing a secure operating system for protecting ... industrial control systems used in industry/infrastructure."

Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a "digital Pearl Harbor" or "digital 9/11" from hostile nation states like Iran, this sounds like the impossible dream come true -- the cyber version of a Star Wars force field.

No need for updates or patches. No need for antivirus software. No need to hire an expensive security firm to detect millions of malicious attacks aimed at public and private critical infrastructure. No need to push contentious cybersecurity legislation through Congress, trying to balance privacy concerns with the need for information sharing between the private and public sectors.

Just set it and forget it.

As Neil McAllister, writing in The Register, put it, "The new OS aims to create a fully secure operating environment into which existing [industrial control systems] software can be installed, where it can run with the assurance that any defects in its code cannot be exploited by outside programs."

It is possible, Kaspersky wrote, because it will not be something for the masses, but, "highly tailored, developed for solving a specific narrow task, and not intended for playing 'Half-Life' on, editing your vacation videos, or blathering on social media."

But on this side of that world in need of saving, the enthusiasm is somewhat tempered, even though security experts agree that a bullet-proof OS for industrial systems would be a very good thing, and Kaspersky is among those who could make one.

[See also:A'A Advanced persistent threats can be beaten, says expert]

Gary McGraw, CTO of Cigital, a long-time advocate of "building security in" rather than "managing risk," said he believes, "the philosophy behind what Kaspersky is doing is right."A'A But he said even though the OS would be very narrowly focused on the operation of control systems that need to be "on all the time," he doubts that Kaspersky Lab will have anything on the market soon. "A lot of it is hype," he said.

There's also the question of source. "The real question is, do you trust the people who built your system? The answer had better be yes," he added.

And that is the bigger problem here: Kaspersky, by his own account, wants to change the world as well as save it, and not in ways that appeal to Western thinking and U.S. interests. Noah Schactman, in a lengthy profile forA'A, noted that Kaspersky doesn't like the current level of Internet freedom. He wants it partitioned, with a digital "passports" required for access to certain areas and activities. He advocates government monitoring and regulation of social networking sites.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News