Secret US cybersecurity program to protect power grid confirmed
The National Security Agency is spearheading a program, dubbed Perfect Citizen, to develop technology to protect the power grid from cyberattack. The project worries privacy rights groups.
Newly released documents confirm that the National Security Agency (NSA), America's top cyberespionage organization, is spearheading a cloaked and controversial program to develop technology that could protect the US power grid from cyberattack.Skip to next paragraph
Subscribe Today to the Monitor
Existence of the program, dubbed Perfect Citizen, was revealed in a 2010 Wall Street Journal article. But intriguing new details are revealed in documents released by the NSA last month to the Electronic Privacy Information Center (EPIC), an Internet privacy group that petitioned for them in 2010 under the Freedom of Information Act.
Of the 188 pages of documents released by the agency, roughly half were redacted to remove classified information. Even so, the documents show Perfect Citizen to be in the fourth year of a five-year program begun in 2009. Valued at up to $91 million, the Perfect Citizen technology is being developed by Raytheon, the Waltham, Mass., defense contractor that won it.
The released documents are the contract that the NSA drew up with Raytheon. A Raytheon spokesman referred all comments on the program to the NSA.
All along, the NSA has maintained that Perfect Citizen is "purely a vulnerabilities assessment and capabilities development contract" that "does not involve the monitoring of communications or the placement of sensors on utility company systems," according to an NSA statement released in 2010 – and now rereleased to the Monitor.
What the documents reveal is an apparently small but robust program authorized to hire 28 software engineers, program managers, and laboratory personnel. This includes a pair of "penetration testers" – essentially good-guy hackers who specialize in breaking into networks.
Their assignment as part of the team: discover vulnerabilities that lie in the electronic interface that connects the computer networks of utility companies. Then the team can come up with software and hardware plugs to patch those digital holes.