Sunday, November 27, 2016

HackProof OS

Kraftway Layer 3 Switch, CEO Eugene Kaspersky says

At last – we’ve done it!
I’ve anticipated this day for ages – the day when the first commercially available mass market hardware device based our own secure operating system landed on my desk. And here she is, the beaut.
This unassuming black box is a protected layer 3 switch powered by Kaspersky OS and designed for networks with extreme requirements for data security.
And there’s plenty more in the pipeline where this came from too, meaning the tech will be applied in other Internet-connected bits of kit, aka the Internet of Things (IoT). Why? Because this OS just so happens to be ideal for applications where a small, optimized and secure platform is required.
The operating system boasts several distinctive features. Let me run through the main ones briefly…
First, it’s based on microkernel architecture, which allows to assemble ‘from blocks’ different modifications of the operating system depending on a customer’s specific requirements.
Second, there’s its built-in security system, which controls the behavior of applications and the OS’s modules. In order to hack this platform a cyber-baddie would need to break the digital signature, which – any time before the introduction of quantum computers – would be exorbitantly expensive.
Third, everything has been built from scratch. Anticipating your questions: not even the slightest smell of Linux. All the popular operating systems aren’t designed with security in mind, so it’s simpler and safer to start from the ground up and do everything correctly. Which is just what we did.
And just the other day we celebrated the birth of this new OS!
The very first meeting held regarding this project took place 14 (fourteen!) years ago almost to the day – on November 11! Not that we’ve been diligently coding and testing since then; in that amount of time with sufficient resources you could see several projects through to the end and update and improve them all several times over!
No, in the first several years not a single line of code was written. We met from time to time, discussed technical details, architecture, and drew pretty pictures on large sheets of paper. Then we built up a team – very slowly, since OS specialists are few and far between. And onwards we move, slowly but surely. Fast forward several years, and today we aren’t simply celebrating the latest team discussion, but our first commercial hardware device actually ready!
November 11 is of course easy to remember as it’s 11-11. Which is birthday of our big, ambitious project. Indeed, within the company the project is known simply as ’11-11′.
14 years is a serious age for any project. Looking back it seems so quaint now how at the start we argued about the architecture and the basic parameters of the future OS and felt a little bit like… alchemists with compasses trying to make squares out of circles.
The question to which we were searching for an answer was this: how can we build an operating system that will be impossible to hack in principle? Is it possible in practice? Meanwhile, all around this alchemy folks were fairly astonished: just what were we thinking? We’d decided to make an unhackable platform and ruin our other security business model?!
Indeed, we were often asked why such an OS is really necessary. Here’s why:
Once, cyberthreats targeting critical infrastructure, telecoms and other modern-life-essential systems looked mostly like science fiction. No one – besides us paranoids (actually, and also the most advanced hackers, cyber-spies and cyber-militaries) really had any idea that data security could directly affect physicalsecurity. Nor were they aware that literally all digital systems in existence around the world can be hacked. After all, we started our project long before Stuxnet, and even before Die Hard 4, where the cyber-baddies hacked and wrecked critical infrastructure. But as time has passed the general level of understanding of the threats has gradually – and increasingly conspicuously – risen…
The serious problem of security of critical infrastructure started to be discussed at high-profile international conferences. Then, gradually, the topic started to spread into the imaginations of Hollywood (Die Hard 4, Skyfall…). Next, literally in the last year to 18 months, attention has risen still further – exponentially – to finally make the topic of cybersecurity one of the main topics at various top-level international summits and meetings of world leaders. Meanwhile, quietly in the background all this time, alchemists KL experts were toiling away in their workshops edging ever nearer to the unveiling of our very own OS!
We realized that the operating system needed to have lots of different applications.
First, it should provide a basis for the development of protected industrial control systems.
Second, it should provide a basis for the development of protected embedded devices, including the IoT. Btw, the recent DDoS attack on Dyn’s DNS servers, which brought down sites like Amazon and Twitter, was carried out by a botnet that had infected ‘smart’ (actually, rather stupid:) devices like IP-cameras. The attack generated an astounding 1.2 terabytes a second – the biggest DDoS in history.
So, I’m hoping it’s obvious by now how protecting the IoT and, of course, critical infrastructure (industry, transport, telecoms, etc.) from IT threats is simply mandatory. I also hope it’s clear that it’s better – no matter how difficult – to build IoT/infrastructure devices from the very beginning in such a way that hacking them is practically impossible. Indeed, that is a fundamental goal with Kaspersky OS.
That was all mostly a teaser really. Coming up soon – more details about our secure operating system.


Post a Comment