China's 'secure' OS Kylin - a threat to U.S offensive cyber capabilities?
Posted by Dancho Danchev @ 6:23 am
Picture a cyber warfare arms race where the participating countries have spent years of building offensive cyber warfare capabilities by exploiting the monoculture on one another’s IT infrastructure.
Suddenly, one of the countries starts migrating to a hardened operating system of its own, and by integrating it on systems managing the critical infrastructure it successfully undermines the offensive cyber warfare capabilities developed by adversaries designed to be used primarily against Linux, UNIX and Windows.
That’s exactly what China is doing right now with their hardened OS Kylin according to Kevin G. Coleman, Senior Fellow and Strategic Management Consultant with the Technolytics Institute who presented his viewpoint in a hearing at the U.S.– China Economic and Security Review Commission.
Here’s an excerpt from the hearing:
“Chinese authors believe the United States already is carrying out offensive cyber espionage and exploitation against China. China therefore must protect its own assets first in order to preserve the capability to go on the offensive. While this is a highly unpopular statement, WE ARE IN THE EARLY STAGES OF A CYBER ARMS RACE AND NEED TO RESPOND ACCORDINGLY!
This race was intensified when China created Kylin, their own hardened server operating system and began to convert their systems back in 2007. This action also made our offensive cyber capabilities ineffective against them given the cyber weapons were designed to be used against Linux, UNIX and Windows.”
Kylin is an operating system developed by the the University of Science and Technology for National Defense, and successfully approved by China’s 863 Hi-tech Research and Development Program office in 2006. According to their web site, the OS has already achieved one of the highest national data security standards, and is therefore to be used as critical military and government servers. Is Kylin so unique and impenetrable as China is pitching it, following years of research and piles of money spent on branding it as the secure national operating system of choice? That may not be the case.