Secret US cybersecurity program to protect power grid confirmed
The National Security Agency is spearheading a program, dubbed Perfect Citizen, to develop technology to protect the power grid from cyberattack. The project worries privacy rights groups.
(Page 2 of 3)
"Sensitive Control Systems (SCS) perform data collection and control of large-scale distributed utilities or provide automation of infrastructure processes," says the Perfect Citizen contract's "Statement of Work" document. "The protection of SCS is essential to mission operations and has become a significant point of interest in support of the Department of Defense and the Intelligence Community."Skip to next paragraph
Subscribe Today to the Monitor
Further, the document says, "prevention of a loss due to a cyber or physical attack, or recovery of operational capability after such an event, is crucial to the continuity of the Department of Defense, the intelligence community, and the operation of [Signals Intelligence] systems."
While most might agree the program's national-security goal is laudable, the question of just how to go about protecting the power grid has been a controversial topic in Congress and among Internet privacy advocates leery of government control of the Internet. Of particular concern among such advocates is shielding privately owned corporate computer networks deemed to be "critical infrastructure" from potentially intrusive digital monitoring.
Citing unnamed sources, the original Wall Street Journal article said that the program did indeed involve placing sensors that can detect illegitimate cyberactivity. But the new documents don't clarify this point. Deploying such sensors would be especially sensitive since the NSA is an arm of the Pentagon charged with collecting and analyzing foreign communications and defending US government communications and computer networks – not domestic spying.
"This is a research and engineering effort. There is no monitoring activity involved, and no sensors are employed in this endeavor," the 2010 statement says.
Indeed, the NSA is not authorized to intercept the communications of US citizens unless specifically authorized to do so by a special court acting under the Foreign Intelligence Surveillance Act. Yet The New York Times reported in 2005 that the NSA had been involved in conducting wiretaps of calls made by US citizens to persons overseas without first getting a warrant from the court.
"Any suggestions that there are illegal or invasive domestic activities associated with this [Perfect Citizen] contracted effort are simply not true," says the NSA's 2010 statement. "We strictly adhere to both the spirit and the letter of US laws and regulations."
Still, privacy rights groups remain worried the program is focused on digital filtering or monitoring – and developing systems to do that. The Statement of Work document, for instance, requires development of "Computer Network Defense best practices/capabilities that defend against vulnerabilities identified in a SCS."
"Previously the agency had said it was just a research program," says Ginger McCall, director of the Open Government Program at EPIC, which won release of the documents. "But we see in these documents that they do intend to conduct testing, actual research, actual vulnerability testing and develop software tools that could be operational."