Skip to Content
MIT Technology Review
  • Featured
  • Topics
  • Newsletters
  • Events
  • Podcasts
    • Sign in

    An Operating System for the Cyber War Era

    Kaspersky thinks it can protect the control systems for power plants and other critical infrastructure.
    October 16, 2012

    As I wrote last week and today, there is rising concern that the control systems of infrastructure such as power grids and nuclear plants are dangerously naive in an era of targeted attack software (see “Old-Fashioned Control Systems Make U.S. Power Plants a Hacking Target” and “Preparing for Cyber-War, Without a Map”). Now one computer security company says it is building a new operating system that will protect such systems, wrapping out-dated control software in a protective barrier.

    Eugene Kaspersky, founder of the Russian company Kaspersky, which has led discovery and analysis of state-backed malware such as Stuxnet, wrote in a blog post today that the project was needed to protect “defenseless” industrial control software.

    “Ideally, all ICS [industrial control system] software would need to be rewritten, incorporating all the security technologies available and taking into account the new realities of cyber-attacks. Alas, such a colossal effort coupled with the huge investments that would be required in testing and fine-tuning would still not guarantee sufficiently stable operation of systems.”

    Creating a secure operating system onto which industrial control systems can be installed is feasible, claims Kaspersky, who added that his company’s researchers are on the road to completing it. However, while those motivations seems reasonable, one of Kaspersky’s claims for the as-yet-unfinished OS will be difficult to meet:

    “To achieve a guarantee of security it must contain no mistakes or vulnerabilities whatsoever in the kernel, which controls the rest of the modules of the system. As a result, the core must be 100% verified as not permitting vulnerabilities or dual-purpose code.”

    That will be challenging. Techniques exist that can prove code is without vulnerabilities or bugs, but they are impractical on more than just small chunks of code (see “Crash-Proof Code”). Even a limited operating system designed only for a small range of software to be installed will take considerable efforts to exhaustively check out.

    Keep Reading

    Most Popular

    Workers disinfect the street outside Shijiazhuang Railway Station
    Workers disinfect the street outside Shijiazhuang Railway Station

    Why China is still obsessed with disinfecting everything

    Most public health bodies dealing with covid have long since moved on from the idea of surface transmission. China’s didn’t—and that helps it control the narrative about the disease’s origins and danger.

    individual aging affects covid outcomes concept
    individual aging affects covid outcomes concept

    Anti-aging drugs are being tested as a way to treat covid

    Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

    solar panels concept
    solar panels concept

    These materials were meant to revolutionize the solar industry. Why hasn’t it happened?

    Perovskites are promising, but real-world conditions have held them back.

    Europe's AI Act concept
    Europe's AI Act concept

    A quick guide to the most important AI law you’ve never heard of

    The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

    Stay connected

    Illustration by Rose WongIllustration by Rose Wong

    Get the latest updates from
    MIT Technology Review

    Discover special offers, top stories, upcoming events, and more.

    Thank you for submitting your email!

    Explore more newsletters

    It looks like something went wrong.

    We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.