Cyber roundup (10/16): Secure OS, a late push for a cyber bill, and more analysis on Panetta speech

Quick survey of recent news . . .

***

Kim Zetter reported for Wired on Kaspersky Lab’s efforts to create a “secure operating system to protect critical infrastructure systems from online attacks.”  The article explained how Eugene Kaspersky envisions creating a pared down operating system that could run industrial control system applications.   Those ICS applications currently run on a Windows OS, which has more functionality than the ICS applications need.  That additional functionality brings additional vulnerabilities, so Kaspersky’s idea is to “reduc[e] the attack surface for malware to target.”  However, the article cites several sources who believe the effort won’t get far: there’s trust issues behind letting a Russian lab produce an ICS OS and ICS vendors might not have a motive to go along.

***

Heather Roff offered analysis on SecDef Panetta’s speech for The Huffington Post.  Roff wrote that the speech had three targets/goals:

1. Rouse the U.S. Congress to pass cyber legislation
2. Publicly address a topic that has been kept largely hush hush
3. “Show the U.S.’ hand” and intimidate our potential cyber adversaries

Likewise, Jack Goldsmith wrote a great blog post for Lawfare analyzing Panetta’s cyber speech.

***

Charles Cooper, for CNet, with some distressing news: “[77%] of small- and medium-sized businesses believe that their companies are safe from cyberthreats and yet [83%] of them have no formal cybersecurity plan.”  That result via a survey of 1,105 small and medium sized businesses.

***

Finally, Foreign Policy’s John Reed on the possible revival of cyber legislation.  Sen. Harry Reid recently expressed interest in bringing cybersecurity legislation back for another round, and Sen. Barbara Mikulski believes that Panetta’s recent comments will serve as an impetus to passage.  The hope is to get the Lieberman-Collins bill (i.e. the Cyber Security Act of 2012) passed when Sen. Reid brings the bill back to the floor in November.

Unfortunately, the bill will still fall flat.  I remember that the FBI (or some agency) took a number of Senators through a simulation of what would happen if a catastrophic cyberattack hit the U.S.  They all agreed that the simulation was terrifying and gave them a lot to think about.  They then failed to pass a bill.  My point is, SecDef Panetta’s comments about cyber Pearl Harbors aren’t all that new, and probably won’t provide a sufficient impetus for cybersecurity legislation passage during a lame duck session.