Kaspersky Developing Its Own Security-Focused Operating System4:14 PM EST Wed. Oct. 17, 2012
Amid growing concerns around IT security and cyberconflict, combined with Microsoft’s increased emphasis on operating system security, Kaspersky Labs is in the process of developing an OS of its own.
At this point, there is very little detail on what the platform might one day entail. A Kaspersky spokesperson told CRN that "no interviews or Q&As" are currently being scheduled. But a company press release, as well as a blog post from CEO and Co-founder Eugene Kaspersky, confirmed that an OS development initiative is currently under way. "Since there has been some speculation regarding the company’s plans, we wanted to be sure to bring everyone up-to-speed by providing some clarity on what we are working on and why," he said via email.
In a keynote speech to the ITU Telecom World 2012 conference, Eugene Kaspersky outlined risks surrounding cyberterrorism and cyberwar and then called for increased international cooperation and the development of advanced technology to protect vulnerable industrial systems.
[Related: Kaspersky Amps up Android security]
"In the long run, cyberwarfare is where all parties lose: attackers, victims and even uninvolved observers. Unlike traditional weapons, tools used in cyberwarfare are very easy to clone and reprogram by adversaries. The most important move to survive in this environment is the development and deployment of a new, advanced security paradigm for the most critical infrastructure."
With this statement as a backdrop, Kaspersky on Tuesday issued a blog post to "end the speculation" and confirm that his company is working on a security-enhanced OS.
"We're developing a secure operating system for protecting key information systems (industrial control systems (ICS)) used in industry/infrastructure," he wrote. "Quite a few rumors about this project have appeared already on the Internet, so I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on."
NEXT: 'A Completely Different Approach'
In what he described as "a completely different approach," Kaspersky set the stage for a product that may be specifically designed for industrial IT systems that cannot necessarily be disconnected when a Trojan is discovered, or when software needs to be updated. In addition, most security technology is not equipped to deal with the latest generation of malware. "I mean things like Stuxnet and the subsequent Duqu, Flame and Gauss -- malware so vastly complex that it's clear it was developed with the support of nation states," he wrote. "And it doesn't really matter who's being targeted at present; what matters is that such cyber-weapons are being developed and deployed at all. And once Pandora's Box is open, there's no way of getting it closed again. The building up of armaments for attacks on the industrial systems and infrastructure of enemies sooner or later will affect us all. So it turns out that the biggest threat to the planet today comes not from the regular cyber-riff-raff, and not even from organized cyber-criminals, but from nation state-backed creators of cyber-weapons." Kaspersky added that to this point, fundamental security for critical systems has been based on isolating critical objects from the outside world or leveraging the human capability, or lack thereof, in keeping secrets. Neither of these strategies is effective all of the time.
The blog offered few additional clues as to how the Kaspersky OS is being designed, or when it might be rolled out. But, the premise for its development is now at least loosely defined.
"'We can't let cyber-warfare stall human progress, as it threatens not only governments and businesses, but regular people as well," commented Kaspersky in the press release. "Our first priority is to make sure that cyber threats will not affect critical infrastructure. This goal has to be understood and embraced by all involved parties, on an international level."
PUBLISHED OCT. 17, 2012