Kaspersky launches self-titled OS to protect ICS

Kaspersky Lab has reportedly finished its self-titled OS which has been built from the ground up with the aim of protecting industrial control systems.

Eugene Kaspersky, CEO of Kaspersky Lab at London's Science Museum, April 2016
Eugene Kaspersky, CEO of Kaspersky Lab at London's Science Museum, April 2016

Russian news website Vedomosti is reporting that Kaspersky Lab has finished building a self-titled operating system (OS) which has been built to try and secure industrial control systems (ICS).

It is reported that the first user of the OS will be Kraftway, which produces IT equipment and will install it onto its routers. The company sells into various markets and verticals including government, healthcare, and education.

Both the government and healthcare sectors have had a tough year; Ronghwa Chong, a Singapore-based FireEye researcher posted on FireEye's Threat Research Blog, about a series of email campaigns aiming Locky ransomware at the healthcare sector throughout August.

The news has been confirmed by Marisa Shirkov, a representative of Kaspersky Lab, and senior vice president of Kraftway Renat Yusupov.

The OS took four years to build, after being initially announced by Kaspersky Lab CEO Eugene Kaspersky back in 2012.

A blog post published in 2012 said that the OS is designed from the ground up to help protect infrastructure such as power stations, electricity grids, and telecoms networks.

Kaspersky himself highlights, “Our system is highly tailored, developed for solving a specific narrow tasks, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media.”

And he explains that it will be secure because, “we're working on methods of writing software which, by design, won't be able to carry out any behind-the-scenes, undeclared activity. This is the important bit: the impossibility of executing third-party code, or of breaking into the system or running unauthorised applications on our OS; and this is both provable and testable.”

Commenting on the release of the OS, a told spokesperson for Kaspersky Lab told SC by email that: "Kaspersky Lab has partnered with Kraftway to produce a router that runs KasperskyOS. KasperskyOS  is a micro-kernel operating system that doesn't permit the non-secure execution of applications - such as programs and processes. Kaspersky Lab is developing a secure operating system to protect embedded connected devices in environments where cyber-security is a top priority, such as the Internet of Things and the Industrial Internet of Things. The router based on KasperskyOS is available only for Russian corporate customers of Kraftway." 

The announcement follows a gathering back in April in London's Science Museum, where Kaspersky himself highlighted the increased cyber-risks faced by ‘critical infrastructure'.

Kaspersky Lab said that information technologies and process automation systems are vital to the operation of all modern industrial facilities, from power plants, refineries and assembly lines to railways, airports and smart buildings.

Kaspersky said at the event, “Attacks are no longer targeted strictly at the end point, cyber-criminals are now looking to attack critical infrastructure.”

Kaspersky told SCMagazineUK.com: "Today, the cyber-security of industrial systems and critical infrastructures is of vital importance. An increasing number of such systems are using devices and channels that interact with the outside world. Sometimes they use equipment that was never intended for external access, not to mention software that was created decades ago and has not been upgraded since!"

Kaspersky went on to explain that, “This is a very serious issue because not only is the continuity of the production process at stake; the environment and even human lives can be at risk."