informa
Announcements
Event
Emerging Cybersecurity Technologies: What You Need to Know - A Dark Reading March 23 Virtual Event | <GET YOUR PASS>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Risk
2 MIN READ
News

The Secure Operating System Equation

Many experts like the idea of a purpose-built, secure operating system. It's just that adopting one is not so straightforward, even if it's specifically for security-strapped SCADA systems
Kelly Jackson Higgins
Editor-in-Chief, Dark Reading
October 17, 2012
SCADA expert Dale Peterson, CEO of DigitalBond, says a new secure OS is worth a try. The trouble is that it won't change the inherent lack of security of SCADA systems: It won't add authentication to DCS or SCADA protocols, he says, or deter an application developer from hard-coding a backdoor account into software.

A few ICS vendors are using Windows 2008 Server Core, which has helped them shrink their attack surface, Peterson notes.

Kaspersky Lab, meanwhile, hinted that it may already be reaching out to the ICS vendor community as part of its development process. "It's a sophisticated project, and almost impracticable without active interaction with ICS operators and vendors. We can't reveal many details of the project now because of the confidentiality of such cooperation. And we don’t want to talk about some stuff so competitors won't jump on our ideas and nick the know-how. And then there are some details that will remain for certain customers’ eyes only forever, to ward off cyber-terrorist abuses," Eugene Kaspersky said in his blog.

[ Siemens has quietly made several security moves in the wake of Stuxnet's discovery two years ago -- most recently, new industrial control products that come with built-in security features. See Siemens Enhances Security In Post-Stuxnet SCADA World . ]

Secure OSes traditionally have not caught on in a big way, so Kaspersky Lab faces some big hurdles for their secure OS to fly, experts say.

"The idea of a secure operating system for SCADA is a noble goal, but market realities have prevented specialty secure operating systems from having much impact in the past," Rapid7's Moore says. "Customers simply don't care about the internal workings of the devices they purchase, and no secure operating system will make up for a poorly coded administrative interfaces. To date, many of the known SCADA vulnerabilities were caused by support backdoors, weak protocols, and generally bad design decisions by the vendor."

And security features could present overhead that could affect performance, too, he says. "Secure operating systems often depend on specific hardware features to implement things like nonexecutable pages and random number generators. Much of the hardware used by SCADA vendors is designed to be rugged, but not particularly advanced or fast. The overhead of security features may limit where this OS could be used."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Application Security
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug
Nathan Eddy, Contributing Writer, Dark Reading
Okta Post-Exploitation Method Exposes User Passwords
Elizabeth Montalbano, Contributor, Dark Reading
Chinese Warships Suspected of Signal-Jamming Passenger Jets
Tara Seals, Managing Editor, News, Dark Reading
ChatGPT Gut Check: Cybersecurity Threats Overhyped or Not?
Becky Bracken, Editor, Dark Reading
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports