Eugene Kaspersky, CEO of Kaspersky Lab, says its new KasperskyOS for securing industrial IoT devices does not contain “even the slightest smell of Linux”, differentiating it from many other IoT products that have the open-source OS at the core.
Kaspersky today showed the “first commercially available mass-market hardware” based on its freshly minted KasperskyOS. The kit is a new layer-3 switch from Russian firm Kraftway.
The company has said a completely new OS is needed to protect industrial control systems (ICS) and Internet of Thing (IoT) devices. Kaspersky points to the recent Mirai IoT botnet as evidence that it is the right time for KasperskyOS.
The OS is supposed to cater to applications that need to run on small, optimized and secure platforms, including ICS switches, routers, IP cameras, and IoT controllers.
It’s also designed to be extremely locked down, only allowing programs to execute documented operations within the context of a security policy that the customer defines. The security policy is aimed at offering choices to prevent a variety of IoT devices from being exploited to cause physical harm.
“Everything has been built from scratch,” says Kaspersky. “Anticipating your questions: not even the slightest smell of Linux. All the popular operating systems aren’t designed with security in mind, so it’s simpler and safer to start from the ground up and do everything correctly. Which is just what we did.”
According to Kaspersky, the project to build KasperskyOS has in fact been under way for the past 14 years, although coding didn’t start until more recently.
Two other features the CEO highlights include the OS microkernel and its in-built security system.
The microkernel architecture allows users to “assemble ‘from blocks’ different modifications of the operating system depending on a customer’s specific requirements”.
The security system, Kaspersky Security System, is the on-board anti-malware platform, which only allows signed applications to run. It’s also embedded in the firmware of IoT devices.
“To hack this platform, a cyber-baddie would need to break the digital signature, which — any time before the introduction of quantum computers — would be exorbitantly expensive,” says Kaspersky.
Source: SANS ISC SecNewsFeed @ February 21, 2017 at 07:27AM