Kaspersky Lab just announced they are working on their own Operating System for critical systems.
This is something that is increasingly needed, but is Kaspesrky the best entity suited to produce such OS? To contribute/review it, certainly. But to drive its development? I am not so certain. I would have thought that developing an OS requires more specific skills than just security ones. One could argue that making security the core skill used in developing that OS should make it more secure but I would argue back it could also introduce performance issues… And performance is a health/security risk on its own, especially when speaking about critical systems such as process control environments.
Kaspersky Labs is engaging with different vendors and ICS operators, so they should get some kind of expertise on what their systems require. Another interesting point is how Eugene Kaspersky ends his blog announcement, that “there will be some details that will remain for certain customers’ eyes only”. Should a truly secure environment be closed rather than open source?
Then there is the question of support and its backend infrastructure, longevity of the company, etc…
To conclude, this is a great initiative but creating an OS is not just like creating a new application…