technician A researcher testing industrial-control-system security at Idaho National Laboratory.
CREDIT: Idaho National Laboratory

The most successful doctors are often those who diagnose a disease, and then provide the cure.

Moscow's Kaspersky Lab may have that adage in mind. The anti-virus software maker, the third-largest in the world, has been at the forefront of finding and exposing state-sponsored malware that targets industrial control systems running supervisory control and data acquisition (SCADA) software.

Now Kaspersky Labs has revealed that it's spent 10 years developing a brand-new operating system aimed at greatly beefing up the security of industrial control systems — and possibly minimizing the threat of cyberwarfare.

"You could think back to 'Die Hard 4' — where an attack on infrastructure plunged pretty much the whole country into chaos," wrote company co-founder and CEO Eugene Kaspersky on his personal blog yesterday (Oct. 16). "Alas, John McClane isn't around to solve the problem of vulnerable industrial systems, and even if he were — his usual methods of choice wouldn't work. So it comes down to KL to save the world, naturally!"

Kaspersky told the tech-news blog Threatpost (which his company owns) that the operating system, code-named "11.11," is being written from scratch and will wrap around existing ICS and SCADA applications so that they can run unaltered in a secure environment. 

"The project has already passed many stages from a deep thought towards a prototype piloting on a dedicated industrial installation," Kaspersky told Threatpost. "Still much to do to make it happen — we will keep you updated about the progress."

So how can an anti-virus company succeed where traditional operating-system makers like Microsoft, Apple or the UNIX community have failed?

"Our system is highly tailored, developed for solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media," Kaspersky said on his blog. "We're working on methods of writing software which by design won't be able to carry out any behind-the-scenes, undeclared activity."

Still, no matter how good Kaspersky's OS turns out to be, it's unlikely to find broad acceptance in the Western world.

The U.S. government, already worried about Chinese networking software and hardware, would be very reluctant to allow American critical infrastructure to be controlled by software built in Russia — especially by a firm rumored, perhaps unfairly, to have ties to the Kremlin.

Addressing a basic need

That doesn't mean that Eugene Kaspersky and his company are wrong in identifying, and trying to fix, a problem. Fundamentally, industrial control systems are designed for robust reliability, not security.

"Uninterrupted continuity of production is of paramount importance at any industrial object in the world," Kaspersky pointed out in his personal-blog posting. "Security is relegated to second place."

Ever since the Stuxnet worm took over an Iranian nuclear-fuel processing facility in the summer of 2010, causing millions of dollars in damage, security researchers have had fun demonstrating the weaknesses of industrial control systems.

One group showed how a standard software problem could cause all the cell doors in a prison to open at once. Another researcher has found and publicized flaws in software made by several major manufacturers of industrial-control devices.

A second problem is that few industrial control systems were ever meant to be connected to the Internet. But for reasons of cost and convenience, many, if not most, have been, allowing an easy method of infiltration by remote attackers.

Yet even network isolation doesn't fully protect a system. Stuxnet infected the Iranian facility by riding in aboard a USB flash drive.

Yippie kay yay

Kaspersky's not alone in channeling Bruce Willis when trying to making a point about the insecurity of industrial control systems.

Scenarios resembling "Die Hard 4" have been invoked several times in the past few months by top American officials, including President Barack Obama and Defense Secretary Leon Panetta, as part of an overall White House and Pentagon campaign to pressure private industry into strengthening the security of "critical infrastructure" computer systems.

Last week, Panetta warned business executives that a "cyber Pearl Harbor" loomed in which enemy hackers would derail trains, contaminate water supplies and knock out power grids.  In July, Obama penned a Wall Street Journal op-ed piece that painted a similar nightmare.

American officials may be uniquely qualified to understand industrial control system vulnerabilities. It was almost certainly the U.S. that designed and deployed the Stuxnet worm.

Locking down the world

Yet even as the American government has been preparing to defend itself against cyberwarfare, the Russian government has been taking an opposite tack, at least publicly.

The Kremlin, along with the United Nations' International Telecommunication Union (ITU), wants an international treaty forbidding cyberweapons, along the lines of long-standing bans on chemical and biological weapons. The U.S. has wavered between opposing such a treaty and agreeing to at least talk about one.

Kaspersky Lab is a privately held company, but Eugene Kaspersky has been very vocal about supporting the Kremlin's line.  He's been an active campaigner for a cyberweapons treaty.

On the research front, Kaspersky Lab has worked closely with the ITU in tracking down and identifying one piece of state-sponsored malware after another: Flame, Gauss and, just this week, miniFlame.

All three have attacked computer systems in Iran and Lebanon, and all — according to Kaspersky Lab — are linked to Stuxnet. Kaspersky Lab won't explicitly say the pieces of malware are American creations, but the inference is clear.

On the online tech forum Slashdot, commenters were having a grand time discussing the Kaspersky SCADA OS.

"Monitoring and 'remote support' by KGB included free with every purchase!" wrote one.

Another responded, "Are you Putin us on?"

"I was Russian to say the same thing, but you beat me to it," wrote a third. "I'm Stalin to think that this whole thing is a hoax."

Start the Quiz green viruses floating out of laptop green viruses floating out of laptop

Russian Firm Works to Prevent ‘Die Hard’ Cyberattacks




technician

A researcher contrast industrial-control-system confidence during Idaho National Laboratory.
CREDIT: Idaho National Laboratory


The many successful doctors are mostly those who diagnose a disease, and afterwards yield a cure.

Moscow’s Kaspersky Lab might have that proverb in mind. The anti-virus program maker, a third-largest in a world, has been during a forefront of anticipating and exposing state-sponsored malware that targets industrial control systems using supervisory control and information merger (SCADA) software.

Now Kaspersky Labs has suggested that it’s spent 10 years building a mint handling complement directed during severely beefing adult a confidence of industrial control systems — and presumably minimizing a hazard of cyberwarfare.

“You could consider behind to ‘Die Hard 4′ — where an conflict on infrastructure plunged flattering many a whole nation into chaos,” wrote association co-founder and CEO Eugene Kaspersky on his personal blog yesterday (Oct. 16). “Alas, John McClane isn’t around to solve a problem of exposed industrial systems, and even if he were — his common methods of choice wouldn’t work. So it comes down to KL to save a world, naturally!”

Kaspersky told a tech-news blog Threatpost (which his association owns) that a handling system, code-named “11.11,” is being created from blemish and will hang around existent ICS and SCADA applications so that they can run unaltered in a secure environment. 

“The plan has already upheld many stages from a low suspicion towards a antecedent piloting on a dedicated industrial installation,” Kaspersky told Threatpost. “Still many to do to make it occur — we will keep we updated about a progress.”

So how can an anti-virus association attain where normal operating-system makers like Microsoft, Apple or a UNIX village have failed?

“Our complement is rarely tailored, grown for elucidate a specific slight task, and not dictated for personification Half-Life on, modifying your vacation videos, or blathering on amicable media,” Kaspersky pronounced on his blog. “We’re operative on methods of essay program that by pattern won’t be means to lift out any behind-the-scenes, undeclared activity.”

Still, no matter how good Kaspersky’s OS turns out to be, it’s doubtful to find extended acceptance in a Western world.

The U.S. government, already worried about Chinese networking program and hardware, would be really demure to concede American vicious infrastructure to be tranquil by program built in Russia — generally by a organisation rumored, maybe unfairly, to have ties to a Kremlin.

Addressing a simple need

That doesn’t meant that Eugene Kaspersky and his association are wrong in identifying, and perplexing to fix, a problem. Fundamentally, industrial control systems are designed for strong reliability, not security.

“Uninterrupted smoothness of prolongation is of peerless significance during any industrial intent in a world,” Kaspersky forked out in his personal-blog posting. “Security is relegated to second place.”

Ever given a Stuxnet worm took over an Iranian nuclear-fuel estimate trickery in a summer of 2010, causing millions of dollars in damage, confidence researchers have had fun demonstrating a weaknesses of industrial control systems.

One organisation showed how a customary program problem could means all a dungeon doors in a prison to open during once. Another researcher has found and publicized flaws in program done by several vital manufacturers of industrial-control devices.

A second problem is that few industrial control systems were ever meant to be connected to a Internet. But for reasons of cost and convenience, many, if not most, have been, permitting an easy process of infiltration by remote attackers.

Yet even network siege doesn’t entirely strengthen a system. Stuxnet putrescent a Iranian trickery by roving in aboard a USB peep drive.

Yippie kay yay

Kaspersky’s not alone in channeling Bruce Willis when perplexing to creation a indicate about a distrust of industrial control systems.

Scenarios imitative “Die Hard 4″ have been invoked several times in a past few months by tip American officials, including President Barack Obama and Defense Secretary Leon Panetta, as partial of an altogether White House and Pentagon debate to vigour private attention into strengthening a confidence of “critical infrastructure” mechanism systems.

Last week, Panetta warned business executives that a “cyber Pearl Harbor” loomed in that rivalry hackers would derail trains, pervert H2O reserve and hit out energy grids.  In July, Obama penned a Wall Street Journal op-ed square that painted a identical nightmare.

American officials might be singly competent to know industrial control complement vulnerabilities. It was roughly positively a U.S. that designed and deployed a Stuxnet worm.

Locking down a world

Yet even as a American supervision has been scheming to urge itself conflicting cyberwarfare, a Russian supervision has been holding an conflicting tack, during slightest publicly.

The Kremlin, along with a United Nations’ International Telecommunication Union (ITU), wants an general covenant ominous cyberweapons, along a lines of long-standing bans on chemical and biological weapons. The U.S. has wavered between hostile such a covenant and similar to during slightest speak about one.

Kaspersky Lab is a secretly hold company, though Eugene Kaspersky has been really outspoken about ancillary a Kremlin’s line.  He’s been an active supporter for a cyberweapons treaty.

On a investigate front, Kaspersky Lab has worked closely with a ITU in tracking down and identifying one square of state-sponsored malware after another: Flame, Gauss and, only this week, miniFlame.

All 3 have pounded mechanism systems in Iran and Lebanon, and all — according to Kaspersky Lab — are related to Stuxnet. Kaspersky Lab won’t categorically contend a pieces of malware are American creations, though a deduction is clear.

On a online tech forum Slashdot, commenters were carrying a grand time deliberating a Kaspersky SCADA OS.

“Monitoring and ‘remote support’ by KGB enclosed giveaway with each purchase!” wrote one.

Another responded, “Are we Putin us on?”

“I was Russian to contend a same thing, though we kick me to it,” wrote a third. “I’m Stalin to consider that this whole thing is a hoax.”

Start a Quiz

green viruses floating out of laptop

green viruses floating out of laptop