how-to block ads
BlackbirdBuilt for SpeedPremiumReviews:
Fort Wayne, IN
|reply to OZO |
Re: Kaspersky Lab To Create New OS 'To Save The World'
said by OZO:The absolute worst thing they could do would be to make an OS functionally dependent on the Internet, especially for ICS applications. Those kinds of apps should not be on systems connected to the Internet... that's how so many infrastructure systems have become vulnerable in the first place. Infrastructure and critical manufacturing control systems should be operated over private, encrypted networks - not the Internet. Until that lesson is learned, Internet-related vulnerabilities, phone-home exploits, and cyber-attacks can only worsen in magnitude and rate of occurrance, whatever the OS.
Well, good luck to them. I guess they will call it "Passports OS", because each application will need to carry an Internet passport in order to run and Task Manager will ask them time-to-time - show your papers... The old vision of Kaspersky's kind of world...
Of course, what (if anything) emerges from their OS development efforts or whether it would have any Internet involvement remain to be seen.
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775
Fully agree. If it's connected to the internet and allows _anything_ to happen over the internet then that's an abuse waiting to happen. Doesn't matter how secure you make it, when you need someone to log in and check something then you're going to have a problem.
Vendor: TinyMem - No bloat, energy efficient security and system software
|reply to Blackbird |
You are correct that ICS systems should not be connected to the Internet, But in the end most of the larger company do connect them. They also have the IT department configure them in most cases like a regular network.
I worked in this field for many years, and we had a department to do just the network design and configuire all the network hardware setting to best practices but most company's would not pay the high price for the service.
The newer controller have built in firewalls that should stop any virus from making changes to the controllers controls. But that does not stop them on the PCS (Process Control Network). So like in this last virus it could hit the Operator Stations, and the other servers even if it did not make it to the controllers. That is where the paid service above comes in, as it breaks the network into at least 4 levels, each with very high priced switches that limit which PC on the upper level can even talk to PC on each lower level and what protocols are allowed through each level. This might of stopped that last virus.