Is secure Linux ready for industrial control?
Published: 03 Feb 2003 13:48 GMT
Verano, a company that sells software for controlling everything from power plants to factories, is embracing Linux, along with security features that the U.S. National Security Agency added to the operating system.
Verano currently sells software based on Windows and on versions of Unix, but believes customers are now moving toward Linux, a sign of the gradual maturing of the operating system. The NSA-augmented version of Linux, called SELinux has tamper-proofing features useful for critical facilities that must resist attacks launched over computer networks.
"Because of the emphasis IBM has placed on Linux, followed by HP and even Sun, (customers) have naturally started considering Linux," said Pan Kamal, vice president of marketing. He expects the software will be in use controlling important infrastructure such as water-pumping systems "probably within 12 months, maybe sooner."
Verano plans two Linux-related products. Control software called Performux, which runs on Red Hat's Advanced Server version of Linux, is now shipping. And in February, the company plans to announce a bundle that includes the control software, SELinux, and security features for tasks such as detecting intrusions.
Verano sells software for "SCADA"--supervisory control and data acquisition. The software can monitor a factory's output or send an alert if there's a malfunction in an energy plant.
The company acquired its control software from Hewlett-Packard spinoff Agilent in 2000.
Customers for Verano's non-Linux products, called RTAP, include airplane manufacturer Boeing, crude oil and natural gas pipeline company Enbridge and the Thames Water utility in the United Kingdom. Other customers including Monsanto, Western Mining, Bayer and ExxonMobil use Verano software for connecting manufacturing systems to inventory and accounting software such as that sold by SAP.
Enbridge, the California Water Service Company and British defense contractor Thalus are testing the Linux versions of the software, Kamal said.
Verano plans to sell the security improvements as a product for many customers, not just those using its Performux or RTAP products, Kamal said. He hopes selling the security products to new customers will later lead them to buy the full bundle of software.
The customers use Verano's software for a wide variety of tasks. Boeing uses it to automatically shut down optional equipment such as extra lighting in three Washington production plants to cut power consumption costs. Genentech uses it to control the movement of reactive chemicals through hundreds of miles of piping in a Vacaville, Calif., pharmaceutical plant. The Parisian Metro and commuter rail systems use it to control trains.
While the company doesn't plan to discontinue its Unix products, its customers have begun migrating to Linux because it costs less to buy and run than Unix, the company said.
About 95 percent of Verano's customers employ Unix, Kamal said, with HP-UX, the version of Unix from HP, being the most widely used. About 5 percent use Windows NT or 2000.
"We have very few customers who have chosen to go with that path...They're just scared of the control-alt-delete mentality in the Windows side," Kamal said, referring to the command used to reboot crashed Windows systems. "We're careful not to take religious positions on operating systems," he added.
NSA--the U.S. agency in charge of code-breaking and of the encryption of secure information--funded SELinux to build features into Linux so it can match to other operating systems. The major difference between SELinux and conventional versions of Linux is the addition of "mandatory access controls," constraints that limit which users have access to which resources in the computer. Those features make it harder for would-be attackers to get potentially damaging privileges on a computer.
The company plans to announce its SELinux-based products at the end of March at the Entelec conference for companies with major industrial control systems, Kamal said.
Verano will build its own version of SELinux, augmenting Red Hat Linux 7.3 with the updates from the NSA, Kamal said. "We do not have a formalized partnership with Red Hat," he said.
The SELinux product bundle will be geared for controlling mass transit systems, dams, power generation systems, pipelines and water treatment plants--systems that some fear are "vulnerable to cyberattack," Kamal said.
The company charges $20,000 to $30,000 for software to control a small or medium system, but more elaborate projects such as water distribution networks with hundreds of thousands of sensors cost north of $100,000, Kamal said. The company also charges annual support fees.
Verano's 40 employees work at its Mansfield, Mass., headquarters, with research offices in Calgary, Canada.
For a weekly round-up of the enterprise IT news, sign up for the
Enterpise newsletter.
Tell us what you think in the
Enterprise Mailroom.
Did you find this article useful?
37 out of 67 people found this useful
- Share this article:
