Does LK write its operating system?
At industrial facilities, the key systems of the information infrastructure are automated process control systems (APCS), as well as emergency protection facilities. The security of the entire facility depends on the correct and stable operation of these systems.
A pronounced software and hardware heterogeneity is characteristic of the process control system. A typical enterprise technological network typically includes SCADA servers running Windows or Linux, DBMS servers (SQL Server or Oracle), multiple programmable logic controllers (PLC) from various manufacturers, HMI panels, intelligent sensors, and a communication channel with systems ERP business level. At the same time, according to the latest DHS research, on average, the technological network has 11 (!) Points of direct connection to the corporate network.
Trust point
')
Currently, there is a need to create solutions that can provide reliable protection for critical industrial facilities, and other facilities and organizations that are sensitive to information penetration and leakage. However, no matter how well such solutions work, the use of vulnerable operating systems and software in the process control system will not allow the manufacturers of protective equipment to guarantee the security of the system. And in the case of critical objects such guarantees are necessary.
It is not necessary to expect that all the developers of the automated process control system will immediately be engaged in a total check and update of all the software they use, and the heads of the enterprises will promptly update the solutions they have already installed. And if we consider that the life cycle of such systems is calculated for decades, it will become obvious that, according to the evolutionary scenario, the implementation of protected process control systems will require a significant amount of time.
However, a global solution to the problem of vulnerability is not the only possible solution capable of ensuring the safety of industrial facilities.
What is the danger of having vulnerable software? Vulnerabilities are gaps that can be used to penetrate malware. Any component of the process control system may be infected. And an infected component can perform malicious actions on a technological network, leading to a catastrophe, and at the same time misinform the operator.
In this situation, the operator of a critical system is forced to manage technical processes, with no guarantee that the information on which he makes decisions is correct. In fact, this is one of the key problems of system security - after all, the cost of an error at such facilities is very high.
For the safe operation of an industrial facility, it is critical for the operator to obtain reliable information and manage production, based on this information. This will avoid management errors and help, if necessary, to stop production in time, without allowing an accident.
Currently there are no operating systems and software that could be used in industrial environments and the results of which we could fully trust. And this left us no other way than to proceed to the independent development of such tools.
The basic security feature is the operating system. We believe that in order to control the information that circulates in the industrial network, it is first necessary to use the operating system itself. This will guarantee that the information is correct, reliable and does not contain a malicious component.
Safe OS
What requirements should meet the most secure environment for the control of information infrastructure?
- OS can not be based on some already existing program code, therefore it must be written from scratch.
- In order to guarantee security, it should not contain bugs and vulnerabilities in the kernel that controls the rest of the system’s modules. As a result, the kernel must be verified by means that prevent the existence of vulnerabilities and dual-purpose code.
- For the same reason, the kernel should contain a critical minimum of code, which means that the maximum possible amount of code, including drivers, should be controlled by the kernel and run with low privileges.
- Finally, in such an environment there should be a powerful and reliable protection system that supports various security models.
In line with this, we create our own operating system, the main feature of which is the fundamental impossibility of performing undeclared functionality in it.
Only on the basis of such an OS can you build a solution that allows the operator not only to see what is actually happening with production, but also to control it. Regardless of the manufacturers of specific operating systems, DBMS, SCADA and PLC, regardless of their degree of security or the presence of vulnerabilities in them. Moreover, regardless of their degree of infection.
In fact, we are talking about the intellectual system of emergency protection of the new generation. Protection system that takes into account the full range of indicators of the enterprise at once. Protection system that does not allow to lead to an accident, either as a result of improper actions of the operator, or as a result of errors in the software of an automated process control system, or as a result of cyber attacks. Among other things, such a system will be able to complement traditional PAZ tools, which will allow tracking more complex and complex scenarios of what is happening.
Such a solution should be built into the already existing process control systems to protect them and ensure reliable monitoring or be taken into account when designing new process control systems - in both cases ensuring the application of modern safety principles.
Conclusion
The world has changed. States are actively mastering cyber weapons, and this requires the availability of adequate remedies. Despite the fact that key information infrastructure systems are of exceptional importance, there are currently no means capable of ensuring their guaranteed protection.
On the basis of existing operating systems, it is impossible to create new, modern, and really working means of protecting the PFIC. Creating a new OS for all components of an automated process control system is a very difficult task, its solution takes time. And the problem of safety of industrial facilities must be addressed now.
Therefore, it is necessary to find the key problems of information security and first of all eliminate them. One of these problems is that information security systems of industrial facilities rely on untrusted sources of information. Until a component appears in the technological network that the operator or some controlling software could trust, it is not possible to talk about the possibility of building a security system. It is necessary to create such a “trusted base”, on the basis of which a higher level security system can be built. Such a “trusted base” requires at least a trusted OS.
We create the OS on which the security system components will work, providing all the components of the process control system with trusted information. The OS is based on a number of fundamental principles, the observance of which will ensure that it will function at any time exactly as it was intended by the developer and cannot function differently. Architecturally, the operating system is built in such a way that even hacking into any of its components or applications will not allow an attacker to gain control over it or run malicious code. This approach allows us to consider such an OS as trusted and use it as a trusted source of information, which can be the basis for building a higher level security system.
Read the story of Eugene Kaspersky on this topic here .
Learn more about the specifics of the process control system and the prerequisites for creating your own OS here .
A pronounced software and hardware heterogeneity is characteristic of the process control system. A typical enterprise technological network typically includes SCADA servers running Windows or Linux, DBMS servers (SQL Server or Oracle), multiple programmable logic controllers (PLC) from various manufacturers, HMI panels, intelligent sensors, and a communication channel with systems ERP business level. At the same time, according to the latest DHS research, on average, the technological network has 11 (!) Points of direct connection to the corporate network.
Trust point
')
Currently, there is a need to create solutions that can provide reliable protection for critical industrial facilities, and other facilities and organizations that are sensitive to information penetration and leakage. However, no matter how well such solutions work, the use of vulnerable operating systems and software in the process control system will not allow the manufacturers of protective equipment to guarantee the security of the system. And in the case of critical objects such guarantees are necessary.
It is not necessary to expect that all the developers of the automated process control system will immediately be engaged in a total check and update of all the software they use, and the heads of the enterprises will promptly update the solutions they have already installed. And if we consider that the life cycle of such systems is calculated for decades, it will become obvious that, according to the evolutionary scenario, the implementation of protected process control systems will require a significant amount of time.
However, a global solution to the problem of vulnerability is not the only possible solution capable of ensuring the safety of industrial facilities.
What is the danger of having vulnerable software? Vulnerabilities are gaps that can be used to penetrate malware. Any component of the process control system may be infected. And an infected component can perform malicious actions on a technological network, leading to a catastrophe, and at the same time misinform the operator.
In this situation, the operator of a critical system is forced to manage technical processes, with no guarantee that the information on which he makes decisions is correct. In fact, this is one of the key problems of system security - after all, the cost of an error at such facilities is very high.
For the safe operation of an industrial facility, it is critical for the operator to obtain reliable information and manage production, based on this information. This will avoid management errors and help, if necessary, to stop production in time, without allowing an accident.
Currently there are no operating systems and software that could be used in industrial environments and the results of which we could fully trust. And this left us no other way than to proceed to the independent development of such tools.
The basic security feature is the operating system. We believe that in order to control the information that circulates in the industrial network, it is first necessary to use the operating system itself. This will guarantee that the information is correct, reliable and does not contain a malicious component.
Safe OS
What requirements should meet the most secure environment for the control of information infrastructure?
- OS can not be based on some already existing program code, therefore it must be written from scratch.
- In order to guarantee security, it should not contain bugs and vulnerabilities in the kernel that controls the rest of the system’s modules. As a result, the kernel must be verified by means that prevent the existence of vulnerabilities and dual-purpose code.
- For the same reason, the kernel should contain a critical minimum of code, which means that the maximum possible amount of code, including drivers, should be controlled by the kernel and run with low privileges.
- Finally, in such an environment there should be a powerful and reliable protection system that supports various security models.
In line with this, we create our own operating system, the main feature of which is the fundamental impossibility of performing undeclared functionality in it.
Only on the basis of such an OS can you build a solution that allows the operator not only to see what is actually happening with production, but also to control it. Regardless of the manufacturers of specific operating systems, DBMS, SCADA and PLC, regardless of their degree of security or the presence of vulnerabilities in them. Moreover, regardless of their degree of infection.
In fact, we are talking about the intellectual system of emergency protection of the new generation. Protection system that takes into account the full range of indicators of the enterprise at once. Protection system that does not allow to lead to an accident, either as a result of improper actions of the operator, or as a result of errors in the software of an automated process control system, or as a result of cyber attacks. Among other things, such a system will be able to complement traditional PAZ tools, which will allow tracking more complex and complex scenarios of what is happening.
Such a solution should be built into the already existing process control systems to protect them and ensure reliable monitoring or be taken into account when designing new process control systems - in both cases ensuring the application of modern safety principles.
Conclusion
The world has changed. States are actively mastering cyber weapons, and this requires the availability of adequate remedies. Despite the fact that key information infrastructure systems are of exceptional importance, there are currently no means capable of ensuring their guaranteed protection.
On the basis of existing operating systems, it is impossible to create new, modern, and really working means of protecting the PFIC. Creating a new OS for all components of an automated process control system is a very difficult task, its solution takes time. And the problem of safety of industrial facilities must be addressed now.
Therefore, it is necessary to find the key problems of information security and first of all eliminate them. One of these problems is that information security systems of industrial facilities rely on untrusted sources of information. Until a component appears in the technological network that the operator or some controlling software could trust, it is not possible to talk about the possibility of building a security system. It is necessary to create such a “trusted base”, on the basis of which a higher level security system can be built. Such a “trusted base” requires at least a trusted OS.
We create the OS on which the security system components will work, providing all the components of the process control system with trusted information. The OS is based on a number of fundamental principles, the observance of which will ensure that it will function at any time exactly as it was intended by the developer and cannot function differently. Architecturally, the operating system is built in such a way that even hacking into any of its components or applications will not allow an attacker to gain control over it or run malicious code. This approach allows us to consider such an OS as trusted and use it as a trusted source of information, which can be the basis for building a higher level security system.
Read the story of Eugene Kaspersky on this topic here .
Learn more about the specifics of the process control system and the prerequisites for creating your own OS here .
Source: https://habr.com/ru/post/154963/
All Articles