Secret US cybersecurity program to protect power grid confirmed
The National Security Agency is spearheading a program, dubbed Perfect Citizen, to develop technology to protect the power grid from cyberattack. The project worries privacy rights groups.
(Page 3 of 3)
Other experts say the documents are suggestive, but do not ultimately clarify Perfect Citizen’s scope.Skip to next paragraph
Subscribe Today to the Monitor
"It's hard to say if the project is only research, only operational, or a combination of both," says John Bumgarner, a research director for the US Cyber Consequences Unit, a nonprofit security think tank that advises government and industry. "The contract cost for the project seems way too low to be an operational program to, say, protect the entire US electric grid from cyberattack."
But EPIC's main concern is that Perfect Citizen could be already conducting, or planning to conduct, online digital monitoring of data without proper authorizations or having the program itself evaluated for privacy implications. When the Department of Homeland Security undertakes such projects, Ms. McCall notes, it is required to conduct privacy impact assessments. She questions what has happened in this case (which is not under the authority of DHS).
"It appears as though the NSA is trying to develop cybersecurity protective technology, but that as part of this contract, they're conducting testing already," she says. "This isn't merely research."
Others, however, applaud the project, saying such measures are needed.
"The project makes sense, as the government relies on industry for most of its requirements in the way of water, sewer, and power," says one cybersecurity expert who requested anonymity because his company does business with the government.
Threats to the grid seem to be rising. In recent months, he notes, DHS has issued reports about cyberattacks against utility companies whose business computer networks also have industrial networks connected to the grid.
Last month, DHS reported that federal cyberresponse teams recently provided on-site support "at a power generation facility where both common and sophisticated malware had been discovered in the industrial control system environment."
The DHS team also performed preliminary on-site analysis of those machines and "discovered signs of the sophisticated malware on two engineering workstations.” Both machines were "critical to the operation of the control environment."
President Obama is reported to be nearing announcement of an executive order that would expand federal protection to include the power grid and other critical infrastructure networks. Cybersecurity legislation failed in the last Congress. The White House has said that it prefers a comprehensive bill, but that the matter is too urgent to wait any longer.