Kaspersky promises the impossible: A fully secure OS

Eugene Kaspersky had something of a Larry Ellison moment this week, making the bold claim that he and his company are doing what no one else has ever even attempted: developing a secure operating system. Not only is the assertion inaccurate (of course companies have attempted to develop secure OSes in the past), but the pledge of delivering a completely secure OS — even for something as specifically nichey as SCADA systems and ICSes — borders on irresponsible in that it’s all but impossible to keep.

By way of context, Kaspersky used Threatpost (The Kaspersky Lab Security News Service) and his personal blog to talk up a project under way at Kaspersky Labs: a new secure-by-design operating system for the operation of SCADA and ICSes. The case for such a system is abundantly clear. In recent months, hackers have successfully infiltrated antiquated controls systems for water utilities, power plants, heavy industry, and other critical infrastructure. The trend points to an increasingly realistic doomsday scenarios, such as cyber terrorists pulling off a coordinated hack on America’s power grid, causing massive blackouts and leaving more than 300 million people without electricity for days. Or perhaps worse yet, a U.S.-based nuclear power plant could be targeted with a Stuxnet-like virus, leading to a catastrophic meltdown.

Kaspersky’s vision to eradicate these threats is to develop a secure-by-design operating system, “one onto which [existing] ICS can be installed, and which could be built into the existing infrastructure — controlling ‘healthy’ existing systems and guaranteeing the receipt of reliable data reports on the systems’ operation,” he explained in his blog.

There are several key ingredients to this system, per Kaspersky. “First: Our system is highly tailored, developed for solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media. Second: We’re working on methods of writing software that by design won’t be able to carry out any behind-the-scenes, undeclared activity. This is the important bit: The impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on our OS; and this is both provable and testable.”

Maintaining secrecy for the sake of security is also part of the plan: “There are some details that will remain for certain customers’ eyes only forever, to ward off cyber-terrorist abuses.”

Kaspersky’s vision is admirable (if not slightly opportunistic). Yes, we need to better secure outdated ICSes and SCADA systems that weren’t built with the Internet in mind. Also, Kaspersky is still in the early stages of development, so it’s imprudent to judge the merits of the project. Still, there are some issues that need addressing.

First, Kaspersky made a somewhat broad and misleading assertion. He told Threatpost that “no one else ever tried to make a secure operating system. This may sound weird because of the many efforts Microsoft, Apple, and the open source community have made to make their platforms as secure as possible.”

Au contraire, Mr. Kaspersky. Plenty of people have tried and succeeded at making fairly secure operating systems. Many are in private use, often by the military and private companies. The fact that these platforms aren’t widely used contributes to their relative security, sort of like how Macs were seemingly immune to malware for years, until the platform became popular enough for hackers to start targeting it. In the words of InfoWorld Security Adviser blogger Roger Grimes, “To make a private, dedicated OS that is more secure than a popular OS is not that hard.”

More important is the fact that no software is supersecure. It is impossible to code without bugs. Daniel J. Bernstein, considered one of the most secure programmers in the world, has developed small applications, such as DJBDNS and QMAIL, and even they have been known to contain bugs.

Or as a more popular example, there’s Apple. For years, the company clung to the notion that Mac OS was immune to malware. That’s all changed, as the platform has risen from relative obscurity to broad adoption for home and business use.

But suppose for a moment that Kaspersky Labs somehow develops an entirely incorruptible, utterly bulletproof operating system. And suppose that Kaspersky — as well as companies that adopt the OS — manage to keep the code from falling into the hands of bad guys (bearing in mind that company secrets are often just one slip-up or bribe away from falling into the hands of the enemy), thus making it impossible to reverse-engineer the code and develop malware. That’s an awful lot of supposing.

There are still other entry points for wreaking havocs on critical ICSes and SCADA systems. Part of Kaspersky’s vision here is to run existing ICS and SCADA software atop this new OS. What’s to prevent a savvy hacker from gaining access to a buggy application and, using stolen admin credentials, dumping sewage into the river or shutting down power grids or carrying out any other number of permissible tasks? Today, most exploits are already targeting applications and not the OS; it’s been that way for a few years now. A more secure OS can only be helpful, but if you look at the risk, it’s almost all application-side.

There’s no denying we need to find ways to secure our nation’s critical infrastructure systems. As it stands, ICSes and SCADA systems in use today weren’t developed with the Internet in mind. They’re vulnerable and need to be secured. A more secure underlying operating system might be a step in the right direction, though perhaps trying to push a single, universal, uber-secure OS for all things ICS and SCADA is an invitation for unwanted attention from malicious hackers. I’ll say it again: Security comes with obscurity.

But focusing simply on the OS to solve this pressing problem without considering the big security picture, including the undeniably insecure nature of the Internet, end-user ignorance, and programmer laziness, is akin to whistling in the dark. Thus, pushing a single OS as the be-all, end-all solution is akin to selling snake oil.

This story, “Kaspersky promises the impossible: A fully secure OS,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.