Shutterstock.com Privacy Security Kaspersky releases secure IoT operating system for developers Howard Solomon @HowardITWC Published: February 21st, 2017The lack of security in the number of Internet of Things (IoT) devices is increasingly worrying to CISOs trying to protect corporate networks, particularly after the distributed denial of service attacks marshalled last year by the Mirai botnet.So developers and manufacturers of IoT devices will be interested in the release announced Monday of KasperskyOS, which the namesake company calls a secure operating system for network devices, industrial control systems, and the IoT.“Our OS is not an out-of-the-box product; it’s a project offering,” company CEO Eugene Kaspersky said in a blog. “We’re not selling a boxed solution with a cure-all for everyone. Instead, we collaborate with vendors and developers who provide, say, networking equipment, industrial automation systems, automotive solutions, even smart fridges. We provide the code and help configure the system based on their requirements.”Because solutions are customized he didn’t cite a price. Related Articles Security framework released for industrial Internet of ThingsSecurity experts have warned for some time that the so-called Internet of Things opens many vulnerabilities when interconnecting industrial devices... September 21st, 2016 Howard Solomon @HowardITWC Organizations still not ready for Internet of Things, says Intel Security execDespite warnings from a number of industry analysts and vendors organizations still aren't prepared for the security problems that the... May 18th, 2016 Howard Solomon @HowardITWC While he doesn’t claim the OS cannot be hacked, Kaspersky says security is enhanced because the OS does only what it’s instructed to do; it can’t do anything else. Developers can look at the source code and immediately see if anything has been added that they don’t want. The kernel does not transmit data, the company says, and the microkernel “has practically nothing in it. All drivers are kept isolated. So to pass any data, one has to write another piece of code. It will be seen quite clearly — you don’t even have to look at the source code to see it. All of this is written in security policies. And the customer will always be able to audit those policies, regardless of the code. If the policies contain no instructions to send data, the system doesn’t do it.”The OS is made up of three components: An OS (KOS), a standalone secure hypervisor (KSH), and a dedicated system for secure interaction among OS components (KSS). Developers can licence any of them for the purpose they need. For example, the blog says, a German company licensed KSS for its own operating system. The blog says some vendors are interested only in the KSH hypervisor, which lets them securely run existing applications without modification.“At first glance this is a positive development as it reaffirms how many vendors are working to improve IoT security,” Forrester Research security analyst Merritt Maxim said in an email. “There will likely never be one solution/product that solves IoT security but a secure OS is another tool available for organizations and developers to help secure IoT from cyber attacks.”The solution is one that developers should consider when designing new network devices. Unfortunately, it won’t help fix the millions of unpatched and insecure devices already on the Internet. It will be a while before they are retired. Meanwhile such devices will continue to be a menace. Related Download Sponsor: Micro Focus How GDPR can be a strategic driver for your business Register Now Privacy, Security Internet of Things, Kasp, security strategies
