Hardened, secure handling systems for supportive computing environments are zero new. Trustix, SELinux, Sidewinder SecureOS, and Green Hills Integrity are among many secure OSes, some that have survived for niche environments and others that have faded into obscurity.
Green Hills Software in 2008 announced with most pushing that a new Integrity-178B OS was approved as EAL6+ and was being sole commercially: EAL6+ is a tip confidence rating by a National Security Agency’s acceptance program, and denotes that a OS was designed and approved to urge opposite well-funded and worldly attackers.
And now a judgment of secure OS is behind in a limelight, with Kaspersky Lab owner and CEO Eugene Kaspersky yesterday confirming reports that his confidence association is operative on formulating a secure handling complement privately for SCADA and industrial-control complement environments. In a post on his possess blog yesterday, he pronounced a ideal approach to secure these vicious systems would entail rewriting all ICS program and incorporating a latest and biggest confidence technology. But that would be a massive, costly, and doubtful endeavour that still wouldn’t indispensably close down these systems. Hence a secure OS, he said.
“But there is entirely realizable alternative: a secure handling system, one onto that ICS can be installed, and that could be built into a existent infrastructure — determining ‘healthy’ existent systems and guaranteeing a receipt of arguable information reports on a systems’ operation,” he wrote.
The OS would be a purpose-built height directed during “solving a specific slight task, and not dictated for personification Half-Life on, modifying your vacation videos, or blathering on amicable media,” Kaspersky said. His association also is operative on preventing third-party formula execution or hacking of a OS. “This is a critical bit: a stupidity of executing third-party code, or of violation into a complement or using unapproved applications on a OS; and this is both provable and testable,” he said.
Neither Kaspersky nor other association officials would exhibit technical details, though a association blog post pronounced that a OS would be created from a belligerent adult and not formed on existent code. Its heart will be bare-bones when it comes to code, and transparent of bugs: “…the core contingency be 100% accurate as not needing vulnerabilities or dual-purpose code. For a same reason, a heart needs to enclose a really unclothed smallest of code, and that means that a extent probable apportion of code, including drivers, needs to be tranquil by a core and be executed with low-level entrance rights,” according to a company blog post.
Most confidence experts contend they praise a judgment of a secure OS, for SCADA/ICS and other supportive environments. SCADA program is notoriously vulnerability-ridden and dated, given most of it was built during a time when plants had no Internet exposure.
But a judgment of a new secure OS is diligent with hurdles when it comes to real-world implementation. “I like a thought that we have a firmware indication where it’s custom-built only for those [SCADA] devices,” says Ken Silva, comparison clamp boss for cyberstrategy during information record executive ManTech International. “The existence is that there are series of hurdles compared with it: where do we find developers for a purpose-built OS? Where do we find applications or monitoring solutions? There are all sorts of things that come with ancillary an OS.”
The advantage of a secure OS is that it runs fewer applications and tasks, so a conflict aspect is smaller than a required OS. “It’s really some-more secure, though it’s positively not foolproof,” Silva says.
HD Moore, CSO of Rapid7 and arch designer of a Metasploit Project, says he wonders if Kaspersky Lab might be building some-more of a tradition confidence height that hardens Windows rather than an all-new OS. “My tummy feel is they don’t meant OS, they meant a super-AV that does endpoint insurance and HIPS things and gold that into a Windows 2008/2012 build and exercise policies on tip to extent a repairs a bad focus can do,” Moore says. “That’s my guess.”
Even so, such a height would still face some of a same hurdles that a quite new OS would, he says.
SCADA businessman Siemens, meanwhile, says formulating a secure OS for a SCADA universe would need a open source village to seaside adult their OSes as well. “SCADA systems are rarely tailored, grown for elucidate a specific slight task. Siemens is operative on methods of essay program which, by design, won’t be means to lift out any behind-the-scenes, undeclared activity,” says Alan Cone, HMI product selling manager during Siemens Industry Inc. “This is a critical bit: a stupidity of executing third-party code, or of violation into a complement or using unapproved applications on an handling system.”
Cone says there’s no china bullet for regulating ICS confidence issues: it requires a defense-in-depth strategy. Some of a confidence layers Siemens provides currently embody user administration, secure communication, confidence devices, MAC filtering and restraint on switches, and IP retard insurance within a PLC code, he says.
Next Page: Secure OS ‘worth a try’