The Secure Operating System Equation

Many experts like the idea of a purpose-built, secure operating system. It's just that adopting one is not so straightforward, even if it's specifically for security-strapped SCADA systems
SCADA expert Dale Peterson, CEO of DigitalBond, says a new secure OS is worth a try. The trouble is that it won't change the inherent lack of security of SCADA systems: It won't add authentication to DCS or SCADA protocols, he says, or deter an application developer from hard-coding a backdoor account into software.

A few ICS vendors are using Windows 2008 Server Core, which has helped them shrink their attack surface, Peterson notes.

Kaspersky Lab, meanwhile, hinted that it may already be reaching out to the ICS vendor community as part of its development process. "It's a sophisticated project, and almost impracticable without active interaction with ICS operators and vendors. We can't reveal many details of the project now because of the confidentiality of such cooperation. And we don’t want to talk about some stuff so competitors won't jump on our ideas and nick the know-how. And then there are some details that will remain for certain customers’ eyes only forever, to ward off cyber-terrorist abuses," Eugene Kaspersky said in his blog.

[ Siemens has quietly made several security moves in the wake of Stuxnet's discovery two years ago -- most recently, new industrial control products that come with built-in security features. See Siemens Enhances Security In Post-Stuxnet SCADA World . ]

Secure OSes traditionally have not caught on in a big way, so Kaspersky Lab faces some big hurdles for their secure OS to fly, experts say.

"The idea of a secure operating system for SCADA is a noble goal, but market realities have prevented specialty secure operating systems from having much impact in the past," Rapid7's Moore says. "Customers simply don't care about the internal workings of the devices they purchase, and no secure operating system will make up for a poorly coded administrative interfaces. To date, many of the known SCADA vulnerabilities were caused by support backdoors, weak protocols, and generally bad design decisions by the vendor."

And security features could present overhead that could affect performance, too, he says. "Secure operating systems often depend on specific hardware features to implement things like nonexecutable pages and random number generators. Much of the hardware used by SCADA vendors is designed to be rugged, but not particularly advanced or fast. The overhead of security features may limit where this OS could be used."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.