The industrial control system is the heart of industrial automation and smart manufacturing. However, as industrial environments evolve, security considerations increasingly come to the forefront. The growing functionality of connected devices and the complexity of managing the connected IT/OT converged infrastructure in a smart manufacturing era makes industrial control systems increasingly vulnerable to cyberattacks.
KasperskyOS helps industrial automation vendors to add cybersecurity capabilities to new equipment connected to the internet while preserving safety, quality, reliability, performance, time to market and the openness of the software. KasperskyOS also helps mitigate risks associated with the use of third-party software that may have vulnerabilities.
In a highly competitive market like industrial automation, manufacturers can no longer afford to only use proprietary software and it is now common to use third-party technologies for the operating system, real-time engine, communication and field bus protocol stacks as well as the logic engine. These technologies come with vulnerabilities that turn the ICS into an easy target.
Most embedded software technologies, such as logic engines executing code in a development system (e.g. IEC 61131 tool), are not secure by design. They weren’t and still aren’t developed with cybersecurity in mind. Quality, reliability, performance, time to market and openness of the software remain the priority of tool manufacturers.
Monolithic systems do not provide a secure architecture against incidents and attacks. Moreover, many manufacturers lack knowledge when it comes to security and are largely unaware of the threats as well as the techniques and technologies necessary to secure their ICS.
For manufacturers to meet the security requirements of an ICS, they need to start with a system redesign in combination with specialized software. The embedded software needs to be separated in different domains and run as different processes. All communication between processes must run through a dedicated security system that can control all communications in accordance with predefined security policies.