On Thursday, a Wall Street Journal report sparked fear in the public after it described a program capable of deploying sensors to networks that control critical infrastructure, which is being led by the NSA.
NSA program is R&D not surveillance. Image: J. Anderson/NSA.
According to the NSA, the concern is unwarranted, as the program itself, which the Wall Street Journal report claims is the result of a classified contract between the NSA and defense contractor Raytheon, is “a vulnerabilities-assessment and capabilities-development” project.
Citing sources familiar with the 'Perfect Citizen' program, the report also said “surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor the whole system.”
Raytheon told The Tech Herald that it would not comment on the story, while the NSA responded to public reaction by saying suggestions that “there are illegal or invasive domestic activities associated with this contracted effort are simply not true. We strictly adhere to both the spirit and the letter of U.S. laws and regulations.”
When the Reuters news agency asked the NSA to confirm or deny the details in the Journal’s report, a spokesperson declined to answer, saying it was inappropriate due to the sensitivity of what the NSA does in the national defense arena.
When it comes to the NSA’s efforts to secure cyberspace, Perfect Citizen is nothing new, nor is the notion of the organization working in the private sector. The NSA has long maintained an Information Assurance program that is widely known and used by several major companies. Earlier this year, search giant Google turned to the NSA’s Information Assurance program for assistance after its services were attacked in China.
The idea for Perfect Citizen is to look at large and older control systems that were designed and deployed with Internet connectivity and security seen only as an afterthought. By researching ways to detect problems and attack surfaces, the NSA hopes to close “big, glaring holes,” a source told the Journal.
Perfect Citizen is an extension from another research and development project started years ago and dubbed 'April Strawberry'. The aim of that project was the same as the new one: research vulnerabilities in systems running critical infrastructure and work out a way to close them.
Granted, the NSA has never had much in the way of public support when it is linked to the private sector. USA Today reporter Leslie Cauley broke a story in 2006 that ultimately led to a series of investigations into the NSA and government policy where private citizens were concerned.
Cauley’s report centered on how every one of the major telecommunication companies, including the likes of AT&T and Verizon, were handing over domestic call information to the agency. The only telecom that did not hand out detailed call information to the NSA was Qwest. Even then, Qwest was subjected to a lot of pressure from the government to cooperate.
However, the worry is that Perfect Citizen is more political than scientific. Just last month, there was a good deal of talk about U.S. Deputy Secretary of Defense William Lynn’s comments made during a trip to Canada, during which he said more than 100 intelligence agencies and foreign militaries are actively attempting to penetrate U.S. systems.
“For most of our history, we have been shielded by geography, shielded by our oceans from attack,” said Lynn. “Those natural geographic defenses are of no use when it comes to cyber attack. The Internet can transmit malicious code in the blink of an eye.”
Lynn’s comments were treated by some as hype, but touted in the press as a warning of things to come. Given the political climate surrounding anything cyber related, Perfect Citizen might end up as election fodder and accomplish nothing of substance.
While the fear of 'Big Brother' looms, the NSA is solid on the issue, it is not interested in snooping around, but more attuned to matters of defense.
For those in the private sector who will take part in the Perfect Citizen research program, it is unknown what exactly they can share publically, but it is almost certain that they would welcome any security boost.
The original Wall Street Journal story can be read by clicking here.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Comment on this Story