Report: NSA Heads Up 'Perfect' Plan to Hunt Down Cyberthreats
Jul 8, 2010 11:27 AM PT
The federal government is launching a program to detect cyberattacks on America's critical infrastructure installations, such as the nationwide electricity grid and nuclear power plants, according to The Wall Street Journal.
The National Security Agency will allegedly run the program, dubbed "Perfect Citizen."
The agency awarded defense contractor Raytheon a classified contract worth up to US$100 million for the initial phase of the project, the Journal reported.
Perfection in a Turbid World
Cybersecurity experts have been calling for efforts to protect the U.S.'s critical infrastructure since before President Obama was sworn in. They contend America is woefully unprepared to protect its critical cyberinfrastructure.
Meanwhile, there have been multiple reports that Russian and Chinese agencies are conducting surveillance of computer systems that control critical infrastructure assets in the United States.
Add to that the constant reports of cyberattacks on U.S. government websites by hackers suspected to be subsidized by foreign governments, recent arrests of Al-Qaeda operatives in U.S. cities, and the recent roll-up of a ring of Soviet moles straight out of a James Bond movie, and the cybersecurity situation seems fraught with peril.
The situation wasn't helped by a report filed by the Inspector-General of the Department of Homeland Security in June. That report stated the U.S. Computer Emergency Readiness Team (US-CERT), which coordinates national cyber analyses as well as warnings against and responses to attacks on America's critical infrastructure, is suffering from high leadership turnover. I needs to develop a strategic plan and is woefully understaffed to perform its mission, according to the report.
The Perfect Citizen program will allegedly look at large, typically older computer control systems, many of which were designed without considering Internet connectivity or security.
The program will reportedly consist of monitoring agents implanted in networks serving critical infrastructure installations. These agents will look at network activity intermittently. However, details are sparse -- NSA representatives told TechNewsWorld the agency prefers questions in writing and did not respond to those questions by press time.
"It's not too wise to be outspoken about what you're doing, especially when it comes to cybersecurity, because folks will figure out ways around it," Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
The information gathered by the program could help companies and agencies calling upon the NSA for help in investigating cyberattacks, according to the report. Last year, the Washington Post reported that Google turned to the agency after the search company's infrastructure was broken into, apparently by Chinese hackers.
The "Perfect Citizen" program isn't entirely new -- it grew out of a project named "April Strawberry" that the NSA launched some years ago to address the problem of critical infrastructure vulnerability, the Journal stated. However, the scope of "Perfect Citizen" has been expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative (CNCI).
One of the aims of the CNCI is to create or enhance shared situational awareness of network vulnerabilities, threats and events within the federal government. Ultimately, with state, local and tribal governments and private sector partners, its goal is to to act quickly to reduce current vulnerabilities and prevent intrusion.
Other goals include enhancing U.S. counterintelligence capabilities and strengthening the future cybersecurity environment. The CNCI has launched 12 initiatives to attain its goals.
No Country for Untermenschen?
The problem with enhancing cybersecurity is that personal privacy may fall by the wayside. Concerns regarding this issue were also raised during the previous U.S. presidential administration and led cybersecurity experts to insist strongly to the Obama administration take steps to protect individual privacy.
"Perfect Citizen" has revived fears that individual privacy may be at risk.
"Even on its face, Perfect Citizen doesn't appear benign," Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, pointed out. "Civil liberties issues always arise when surveillance is implanted into systems used by and relied upon by everyday citizens, especially if the surveillance is being conducted by intelligence entities like the NSA."
The advent of smart meters and the smart grid may make highly revealing household energy usage data available to utilities and, thus, directly to the government under "Perfect Citizen," Tien pointed out. This raises "serious issues" of privacy of the home, traditionally the most private area recognized by the Fourth Amendment, Tien told TechNewsWorld.
"Whether the program should even be used is the threshold question," Tien said. "We need a public inquiry and public debate about how the system would work, why it's thought to be needed, how it's to be governed and so on."
Just Another Feel-Good Exercise?
The real problem with Perfect Citizen may be that it's more sound and fury than substance, Enderle warned.
"It's a step in the right direction, but my overall sense is that it's not going to be enough," he said.
He may be right: Politics may cripple the project. Politics were blamed for the ouster of the last director of national intelligence, Dennis Blair, who stepped down in May. They may also factor into the high turnover rate of White House cybersecurity advisors, the latest being Melissa Hathaway, who stepped down in August of 2009.
One of the issues the DHS inspector-general criticized US-CERT for in his June report was its refusal to share data and analyses from its so-called Einstein project with other agencies.
"Perfect Citizen is probably going to have more feel-good than do-good in it," Enderle opined.