Security Experts:

Kaspersky Lab Confirms Plans For Secure OS Built For The Age of Cyberwar

Kaspersky Lab Confirms Rumors That It Has a Secure SCADA Operating System In Development

DUBAI - ITU Telecom World 2012 – Monday at the ITU Telecom Conference in Dubai, Eugene Kaspersky, co-founder and CEO of Moscow-based security firm Kaspersky Lab, spoke on the topic of cyber-warfare and the threats organizations, governments and individuals face in the “age of cyber-warfare.”

Following Kaspersky’s keynote speech, the company officially confirmed on Tuesday, previous rumors that the Russian security firm was in the process of developing a secure operating system for industrial control systems.

Eugene Kaspersky

Kaspersky, who has been extremely vocal on the topic of cyberwar, cyber weapons, and the looming dangers of cyber attacks, is concerned over just how easy it is to develop and obtain “cyber weapons” that could inflict serious damage to targets, and even others in the crossfire.

“It’s very easy to build cyber weapons,” Kaspersky explained to an international audience during his ITU Telecom keynote.

“It’s easy because it’s software! You can modify [existing malware], change the code, and have your own cyber weapon in your hands,” he said. “That’s why I think cyber weapons and cyber attacks are extremely dangerous.”

“In the long run, cyber-warfare is where all parties lose: attackers, victims and even uninvolved observers,” he added.

Kaspersky, who has called for more cooperation between governments in the form of “cyber treaties”, continued to elaborate on measures that he believes need be taken to protect industrial control systems and critical infrastructure, and explained some of the scenarios that could occur as a result of various cyber attacks.

Such attacks may not always stem from governments or typical cybercriminals or hacktivists. Kaspersky presented a potential scenario in which sports fans armed with the right tool(s) could wreak havoc. For example, he said, disgruntled sports fans on the losing end of a football (soccer) match could launch a damaging cyber attack against a rival city.

“Our first priority is to make sure that cyber threats will not affect critical infrastructure,” Kaspersky said in comments following the event. “This goal has to be understood and embraced by all involved parties, on an international level.”

Angry sports fans aside, Kaspersky emphasized that the threats from cyber terrorism to state-sponsored cyber attacks and cyber-espionage are all a reality.

“The world has changed. Governments are actively acquiring cyber-weapons, and this means that adequate means of protection are needed in response," the company explained. "Still, despite the fact that key information infrastructure is extremely important, there exists today no means to properly safeguard it.”

This is where the company’s plans for a secure operating system catered to industrial control systems fit in.

Eugene Kaspersky at ITU Telecom

In addition to continuing its work as a leading anti-malware technology company catering to both consumers and businesses, Kaspersky Lab believes it has something in the works that could serve as a major component in defending against increasingly complex cyber weapons, and help protect industrial control systems that power critical infrastructure such as power grids, water facilities, airports and more.

“A new, secure unit to obtain trusted workflow information is the first step towards an efficient protection against cyber-warfare,” the company explained.

“A fully secure, trustworthy operating system is what we’re creating,” the company noted in a blog post to the Kaspersky-owned Securelist site. 

“The operating system incorporates a whole range of fundamental security principles, the observation of which will guarantee that at all times it will function the way it was designed to by its developer, and never in a different way.”

The company said that the operating system to-come is designed so that even if a component or application installed on the OS is compromised, it won’t let an attacker gain control over the system or execute malicious code.

“In taking this approach we are sure that our operating system will be completely reliable and that it could be used as a fully trustworthy source of information, which in turn is the only solid basis for building a security system of a vastly superior degree of effectiveness,” the company continued.

But how and why is an anti-virus firm building such an operating system when other tech giants like Microsoft and Apple have not?

It’s more about design and function, Kaspersky explained, noting that its system "is highly tailored, developed for solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media.”

The yet-to-be-named operating system will be written completely from scratch, and won’t be based on any existing code.

If we don’t succeed in reducing the vulnerabilities in our critical systems and putting defenses in place for cyber attacks, Kaspersky warned of a possible blackout, which he humorously referred to as “romantic time”, characterized candlelight and hand written letters, during Q&A following his keynote.

“We can’t let cyber-warfare stall human progress, as it threatens not only governments and businesses, but regular people as well,” Kaspersky said after the event.

While the company has confirmed its plans for the secure OS, details are quite limited at this point.

“We can’t reveal many details of the project now because of the confidentiality of such cooperation,” Kaspersky noted in his post. “And we don’t want to talk about some stuff so competitors won’t jump on our ideas and nick the know-how. And then there are some details that will remain for certain customers’ eyes only forever, to ward off cyber-terrorist abuses.”

The company told SecurityWeek they do not have any details they can share at this time in terms of a potential date for an initial version of the operating system to be officially unveiled.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.