U.S. quietly launches protection program against cyber attacks on critical infrastructure
The administration has quietly launched Perfect Citizen, a digital surveillance project to be run by the NSA; the project’s goal is to detect and detect cyber attacks on private companies and government agencies running critical infrastructure such as the electricity grid, nuclear-power plants, dams, and more; the program would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack — although it would not persistently monitor the whole system
The U.S. government is launching an expansive program dubbed Perfect Citizen to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.
The surveillance by the National Security Agency (NSA), the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it would not persistently monitor the whole system, these people said.
Siobhan Gorman writes in the Wall Street Journal that defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million.
An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.
Gorman writes that some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.
A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It is a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.
U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure (“Critical infrastructure executives fear China,” 29 January 2010 HSNW; and “U.S. worried about China industrial espionage activities during World’s Expo,” 3 May 2010 HSNW). Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.
Gorman notes that Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems — which run everything from subway systems to air-traffic control networks — have since been linked to the Internet, making them more efficient but also exposing them to cyber attack.
The goal is to close the “big, glaring holes” in the U.S.’s understanding of the nature of the