Page 2 of 2
In what he described as "a completely different approach," Kaspersky set the stage for a product that may be specifically designed for industrial IT systems that cannot necessarily be disconnected when a Trojan is discovered, or when software needs to be updated. In addition, most security technology is not equipped to deal with the latest generation of malware. "I mean things like Stuxnet and the subsequent Duqu, Flame and Gauss -- malware so vastly complex that it's clear it was developed with the support of nation states," he wrote. "And it doesn't really matter who's being targeted at present; what matters is that such cyber-weapons are being developed and deployed at all. And once Pandora's Box is open, there's no way of getting it closed again. The building up of armaments for attacks on the industrial systems and infrastructure of enemies sooner or later will affect us all. So it turns out that the biggest threat to the planet today comes not from the regular cyber-riff-raff, and not even from organized cyber-criminals, but from nation state-backed creators of cyber-weapons." Kaspersky added that to this point, fundamental security for critical systems has been based on isolating critical objects from the outside world or leveraging the human capability, or lack thereof, in keeping secrets. Neither of these strategies is effective all of the time.
The blog offered few additional clues as to how the Kaspersky OS is being designed, or when it might be rolled out. But, the premise for its development is now at least loosely defined.
"'We can't let cyber-warfare stall human progress, as it threatens not only governments and businesses, but regular people as well," commented Kaspersky in the press release. "Our first priority is to make sure that cyber threats will not affect critical infrastructure. This goal has to be understood and embraced by all involved parties, on an international level."