Does LK write its operating system?
At industrial facilities, the key information infrastructure systems are automated process control systems (APCS), as well as emergency protection equipment (PAZ). The security of the entire facility depends on the correct and stable operation of these systems.
The process control system is characterized by a pronounced software and hardware heterogeneity. Typical enterprise technological networks typically include SCADA servers running Windows or Linux, DBMS servers (SQL Server or Oracle), many programmable logic controllers (PLCs) from various manufacturers, operator panels (HMIs), smart sensors and communication channels with systems business level ERP. Moreover, according to the latest DHS research, on average, a technological network has 11 (!) Points of direct connection to a corporate network.
Trust Point
At present, there is a need to create solutions that can provide reliable protection for both critical industrial facilities and other facilities and organizations that are sensitive to information penetration and leakage. However, no matter how well such solutions work, the use of vulnerable OSs and software in process control systems will not allow manufacturers of protective equipment to guarantee system security. And in the case of critical facilities, such guarantees are necessary.
It is not necessary to rely on the fact that all developers of process control systems will urgently engage in a total check and update of all the software they use, and enterprise managers will quickly update the solutions they already have. And if we take into account that the life cycle of such systems is estimated for decades, it will become obvious that, according to the evolutionary scenario, the introduction of protected process control systems will require a significant amount of time.
However, a global solution to the vulnerability problem is not the only possible solution that can ensure the safety of industrial facilities.
What is the danger of having vulnerable software? Vulnerabilities are vulnerabilities that can be exploited by malicious programs. Any component of the process control system can be infected. And the infected component can carry out malicious actions in the technological network leading to disaster, and at the same time misinform the operator.
In this situation, the operator of a critical system is forced to manage technical processes without any guarantees that the information on which he makes decisions is correct. In fact, this is one of the key problems of system security - after all, the price of an error at such objects is very high.
For the safe operation of an industrial facility, it is critically important for the operator to obtain reliable information and manage production based on this information. This will help to avoid control errors and help, if necessary, to stop production on time, not allowing an accident.
Currently, there is no OS and software that could be used in industrial environments and the results of which we could fully trust. And this did not leave us any other way but to begin the independent development of such tools.
The basic security tool is the operating system. We believe that in order to control the information that circulates in an industrial network, it is first necessary to use the operating system itself. This will guarantee that the information is correct, reliable and does not contain a malicious component.
Safe OS
What requirements should the most secure environment meet for controlling the information infrastructure?
- The OS cannot be based on any existing program code, so it must be written from scratch.
- In order to guarantee security, it should not contain errors and vulnerabilities in the kernel that controls the remaining modules of the system. As a result, the kernel must be verified by means that do not allow the existence of vulnerabilities and dual-use code.
- For the same reason, the kernel must contain a critical minimum of code, which means that the maximum possible amount of code, including drivers, must be controlled by the kernel and executed with a low level of privileges.
- Finally, in such an environment a powerful and reliable security system must be present that supports various security models.
In accordance with this, we create our own operating system, the main feature of which is the fundamental impossibility of performing undeclared functionality in it.
Only on the basis of such an OS can we build a solution that allows the operator not only to see what is really happening with the production, but also to manage it. Regardless of the manufacturers of specific OS, DBMS, SCADA and PLC, regardless of their degree of security or the presence of vulnerabilities in them. Moreover - regardless of their degree of infection.
In fact, we are talking about a new generation of intelligent emergency protection system. A protection system that takes into account the whole range of enterprise indicators at once. A protection system that does not allow to lead to an accident either as a result of improper operator actions, or as a result of errors in the control system software, or as a result of cyber attacks. Among other things, such a system will be able to complement the traditional means of PAZ, which will allow you to track more complex and complex scenarios of what is happening.
Such a solution should be built into existing process control systems to protect them and ensure reliable monitoring, or be taken into account when designing new process control systems - in both cases, ensuring the application of modern safety principles.
Conclusion The
world has changed. States are actively mastering cyber weapons, and this requires adequate means of protection. Despite the fact that key information infrastructure systems are of critical importance, there are currently no means capable of ensuring their guaranteed protection.
On the basis of existing OSs, it is impossible to create new, modern and really working means of protection of FIAC. To create a new OS for all components of the process control system is a very difficult task, its solution takes time. And the security problem of industrial facilities must be solved now.
Therefore, it is necessary to find the key problems of information security and, first of all, eliminate them. One of these problems is that the information security systems of industrial facilities rely on untrusted sources of information. Until a component appears in the technological network that the operator or some controlling software complex could trust, it is not possible to talk about the possibility of building a security system. It is necessary to create such a “trusted base” on the basis of which a higher-level security system can be built. Such a “trusted base” requires at least a trusted OS.
We are creating an OS on which the components of the security system will work, providing trusted information to all components of the process control system. We laid the foundation of the OS for a number of fundamental principles, the observance of which will guarantee that it will function at any given time exactly as intended by the developer, and cannot function differently. Architecturally, the operating system is built in such a way that even hacking any of its components or applications will not allow an attacker to gain control over it or run malicious code. This approach allows us to consider such an OS trusted and use it as a trusted source of information, which can be the basis for building a higher-level security system.
You can read the story of Eugene Kaspersky on this topic.here .
Learn more about the specifics of process control systems and the prerequisites for creating your own OS here .
The process control system is characterized by a pronounced software and hardware heterogeneity. Typical enterprise technological networks typically include SCADA servers running Windows or Linux, DBMS servers (SQL Server or Oracle), many programmable logic controllers (PLCs) from various manufacturers, operator panels (HMIs), smart sensors and communication channels with systems business level ERP. Moreover, according to the latest DHS research, on average, a technological network has 11 (!) Points of direct connection to a corporate network.
Trust Point
At present, there is a need to create solutions that can provide reliable protection for both critical industrial facilities and other facilities and organizations that are sensitive to information penetration and leakage. However, no matter how well such solutions work, the use of vulnerable OSs and software in process control systems will not allow manufacturers of protective equipment to guarantee system security. And in the case of critical facilities, such guarantees are necessary.
It is not necessary to rely on the fact that all developers of process control systems will urgently engage in a total check and update of all the software they use, and enterprise managers will quickly update the solutions they already have. And if we take into account that the life cycle of such systems is estimated for decades, it will become obvious that, according to the evolutionary scenario, the introduction of protected process control systems will require a significant amount of time.
However, a global solution to the vulnerability problem is not the only possible solution that can ensure the safety of industrial facilities.
What is the danger of having vulnerable software? Vulnerabilities are vulnerabilities that can be exploited by malicious programs. Any component of the process control system can be infected. And the infected component can carry out malicious actions in the technological network leading to disaster, and at the same time misinform the operator.
In this situation, the operator of a critical system is forced to manage technical processes without any guarantees that the information on which he makes decisions is correct. In fact, this is one of the key problems of system security - after all, the price of an error at such objects is very high.
For the safe operation of an industrial facility, it is critically important for the operator to obtain reliable information and manage production based on this information. This will help to avoid control errors and help, if necessary, to stop production on time, not allowing an accident.
Currently, there is no OS and software that could be used in industrial environments and the results of which we could fully trust. And this did not leave us any other way but to begin the independent development of such tools.
The basic security tool is the operating system. We believe that in order to control the information that circulates in an industrial network, it is first necessary to use the operating system itself. This will guarantee that the information is correct, reliable and does not contain a malicious component.
Safe OS
What requirements should the most secure environment meet for controlling the information infrastructure?
- The OS cannot be based on any existing program code, so it must be written from scratch.
- In order to guarantee security, it should not contain errors and vulnerabilities in the kernel that controls the remaining modules of the system. As a result, the kernel must be verified by means that do not allow the existence of vulnerabilities and dual-use code.
- For the same reason, the kernel must contain a critical minimum of code, which means that the maximum possible amount of code, including drivers, must be controlled by the kernel and executed with a low level of privileges.
- Finally, in such an environment a powerful and reliable security system must be present that supports various security models.
In accordance with this, we create our own operating system, the main feature of which is the fundamental impossibility of performing undeclared functionality in it.
Only on the basis of such an OS can we build a solution that allows the operator not only to see what is really happening with the production, but also to manage it. Regardless of the manufacturers of specific OS, DBMS, SCADA and PLC, regardless of their degree of security or the presence of vulnerabilities in them. Moreover - regardless of their degree of infection.
In fact, we are talking about a new generation of intelligent emergency protection system. A protection system that takes into account the whole range of enterprise indicators at once. A protection system that does not allow to lead to an accident either as a result of improper operator actions, or as a result of errors in the control system software, or as a result of cyber attacks. Among other things, such a system will be able to complement the traditional means of PAZ, which will allow you to track more complex and complex scenarios of what is happening.
Such a solution should be built into existing process control systems to protect them and ensure reliable monitoring, or be taken into account when designing new process control systems - in both cases, ensuring the application of modern safety principles.
Conclusion The
world has changed. States are actively mastering cyber weapons, and this requires adequate means of protection. Despite the fact that key information infrastructure systems are of critical importance, there are currently no means capable of ensuring their guaranteed protection.
On the basis of existing OSs, it is impossible to create new, modern and really working means of protection of FIAC. To create a new OS for all components of the process control system is a very difficult task, its solution takes time. And the security problem of industrial facilities must be solved now.
Therefore, it is necessary to find the key problems of information security and, first of all, eliminate them. One of these problems is that the information security systems of industrial facilities rely on untrusted sources of information. Until a component appears in the technological network that the operator or some controlling software complex could trust, it is not possible to talk about the possibility of building a security system. It is necessary to create such a “trusted base” on the basis of which a higher-level security system can be built. Such a “trusted base” requires at least a trusted OS.
We are creating an OS on which the components of the security system will work, providing trusted information to all components of the process control system. We laid the foundation of the OS for a number of fundamental principles, the observance of which will guarantee that it will function at any given time exactly as intended by the developer, and cannot function differently. Architecturally, the operating system is built in such a way that even hacking any of its components or applications will not allow an attacker to gain control over it or run malicious code. This approach allows us to consider such an OS trusted and use it as a trusted source of information, which can be the basis for building a higher-level security system.
You can read the story of Eugene Kaspersky on this topic.here .
Learn more about the specifics of process control systems and the prerequisites for creating your own OS here .