NSA’s cybersecurity program to protect critical infrastructure revealed
With our electrical grid having been attacked recently, and new attempts to breach our critical infrastructure occurring constantly, it is interesting to see that a program has been in place to protect these vital assets for so long. The program clearly states that its goal is to develop ways to prevent attacks, or to mitigate their effectiveness, but the program is relatively small for the task it has been given. The program is only valued at $91 million
Documents that detail the NSA program “Perfect Citizen” were recently released by the NSA. The program, which was started in 2009 and ended up awarding Raytheon a contract in 2010, details the government’s concerns on the security of sensitive control systems (SCS).
In documents recently released to the Electronic Privacy Information Center, the National Security Agency unveiled some – but far from all – details about its controversial cybersecurity program designed to shield critical infrastructure and other crucial U.S. networks.
The document is partially classified. Statement of Work for (U) PERFECTCITIZEN here .
Within the documents is the original contract for Perfect Citizen’s development, which was awarded to defense contractor Raytheon with a value of up to $91 million. Included in the contract are work orders – software engineers, program managers, laboratory personnel and “penetration testers” – to detect and fix vulnerabilities in utilities such as the electric grid. It also calls for the development of defense practices and capabilities.
“Previously the agency had said it was just a research program,” Ginger McCall, director of EPIC’s Open Government Program, told ABC News. “But we see in these documents that they do intend to conduct testing, actual research, actual vulnerability testing and develop software tools that could be operational.”
If Perfect Citizen’s operations include the deployment of sensors on U.S. networks to detect malicious cyber activity, it could be in conflict with the NSA’s authority as the Defense Department’s agency in charge of foreign intelligence. Domestic networks are the Homeland Security Department’s domain, and monitoring U.S. citizens’ activities online would require proper authorizations.
The new details on Perfect Citizen come amid a lull in the ongoing and acrimonious debate over the best ways to secure critical infrastructure and prevent potentially damaging cyber attacks. Cybersecurity legislation addressing cyber defenses in the arena failed last fall, and while lawmakers say they will be taking up the issue in the new Congress, it is also expected that President Barack Obama will issue an executive order handing down security mandates. That executive order is believed to be imminent – possibly coming before Obama’s inauguration, according to FCW sources speaking on background.