The Critical Infrastructure Cocoon

Whenever the mainstream media speaks about vulnerabilities in IT security, the topic of critical infrastructure, such as nuclear power plants, water treatment plants, and chemical distribution systems, inevitability gets raised.

Critical infrastructure is one area that those of us in IT security tend to ignore. Not because we think it’s unimportant, but because there’s not a great deal of advancement. The technology behind many of these systems is antiquated, and it’s difficult to add security features without requiring major updates. Therefore, decision makers have determined that it’s not cost effective to replace these systems simply for the sake of security.

Instead of replacing these insecure systems, what if we were to encapsulate critical infrastructure within a far more secure system – essentially a security cocoon?

That’s what researchers at the Kaspersky Lab are attempting to accomplish. Their goal isn’t to replace supervisory control and data acquisition (SCADA) systems, but rather, secure the infrastructure within which these systems operate. You may never have heard of SCADA systems before, but you’ve probably heard of the infamous Stuxnet and Flame worms that targeted and took down Iranian nuclear reactors for several months. These same SCADA systems are used around the world and operate critical infrastructure equipment from companies such as Siemens and Honeywell. Widespread usage, and the difficulty of replacing or patching SCADA systems, require an alternative to a complete forklift upgrade. A purpose-built secure network may be just the trick.

One of the first decisions that Kaspersky Lab made was to choose an operating system on which to base their secure infrastructure. While the company isn’t disclosing any details, it seems that it is planning to build an OS nearly from scratch – with roots found in Linux. The brand-new OS will be used to manage virtualized SCADA systems and protect them from external attacks. Virtualization is nothing new, but Eugene Kaspersky, CEO of Kaspersky Lab, claims that the major difference between his OS and all others is their laser focus on security – not ease of use.

In many ways, Kaspersky is right that security often takes a back seat to user operability. Critical infrastructure systems are one area where security could, and should, be valued above usability. The mindset moving toward securing critical systems should be: guaranteed security first, functionality second. While Kaspersky Lab isn’t the first company to attempt to secure SCADA systems, its decision to create a secure OS from the ground up provides the added (and often undervalued) benefit of security through obscurity.

I’m elated to see that people are taking a fresh look at how to secure our critical infrastructure systems using modern infrastructure technologies, such as virtualization. The combination of a secure, virtual environment – without having to actually touch SCADA systems – seems to strike the right balance between security and budget constraints. It’s a moral obligation to protect all of our critical infrastructure systems to the best of our ability. The last thing we want is to end up being crippled by the next Stuxnet or Flame virus. A secure network cocoon is a great place to start.

Andrew Froelich writes for UBM Tech.

Andrew Froelich
Andrew Froehlich is the President and Lead Network Architect at West Gate Networks, an IT consulting firm based in Northern Colorado that specializes in enterprise network architectures and datacenter build-outs. He has well over a decade of enterprise networking experience at organizations such as State Farm Insurance, United Airlines and the University of Chicago Medical Center. When he's not consulting, Andrew enjoys writing technical blogs and is the author of two Cisco certification study guides published by Sybex.
Andrew Froelich
Tags: IT Security,Technology,Virtualization