Print 37 comment(s) - last by Spuke.. on Jul 9 at 4:00 PM

The NSA's new program "Perfect Citizen" aims to protect aging internet-connected systems, such as those at the nuclear power plant seen here.  (Source: Tennessee Valley Authority)
Debate continues over whether government is fulfilling its duty to defend or meddling in the private sector

It's little secret that the U.S. cybersecurity could use some help.  Recent studies have shown the nation's power grid and armed forces to be highly vulnerable to a cyberattack from an internet savvy nation like China or Russia.  Under President George W. Bush and President Barack Obama slow steps have been made to improve that state of affairs.

But now there's a growing debate over one of the most ambitious cybersecurity initiatives yet, a program developed by the National Security Agency called "Perfect Citizen".  The program is designed to detect, neutralize, and counter cyberattacks on critical parts of the U.S. private sector -- such as defense contractors, power plants, and major internet firms like Google.  Its critics, though, contend that it is government meddling and playing "Big Brother".

Raytheon Corp. has reportedly been selected to spearhead the initiative, receiving a $100M USD initial phase surveillance contract.  

Internally, there's been discord over the government's plans to peer inside private networks.  States a Raytheon email leaked to 
The Wall Street Journal, "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security.  Perfect Citizen is Big Brother."

While the NSA had no official comment, unnamed U.S. officials took issue with the claim that they were playing "Big Brother".  They said the program was vital to protecting the nation and no more intrusive to privacy than traffic cams over intersections.

At the core of the issue is the fact that many "mission critical" systems which drive subway systems, air-traffic control networks, and more are composed of aging machines which were built at a time when security was less understood and considered.  The NSA believes that China and Russian may have gained deep access and exploration into these networks, but it needs to watch them in order to determine the full extent of the penetration.

One of the U.S. government's critical roles is to provide for the defense of the nation.  Under the U.S. constitution the government has the power to "raise and support armies," "provide and maintain a navy," and to "make rules for the government and regulation of the land and naval forces".

Initially, the government began to interface with the private sector -- such as power utilities -- to solve physical problems; for example sealing a manhole cover to a power line going to a critical government center.  However, those efforts quickly expanded to the digital realm.

"Perfect Citizen" sprung from an earlier surveillance project called "April Strawberry".  The new project is still in its early stages, but NSA officials have reportedly met with utility executives and politely asked them to cooperate with the surveillance.  Participation is reportedly voluntary, but those who comply will earn incentives, such as additional government contracts.

Ultimately it may be too early to judge the merits of "Perfect Citizen", but as the program is fleshed out, it seems likely to provoke a lively debate about the government, privacy, and intervention in the private sector.

Comments     Threshold

Oh Look!
By HotFoot on 7/8/2010 10:47:14 AM , Rating: 5
I just unplugged the plant-controlling computer system from the internet. People will just have to use a separate computer to check email now.

Can I have $100M now?

RE: Oh Look!
By SSDMaster on 7/8/2010 10:59:38 AM , Rating: 2
But how will they keep tabs on all the real time power plant stats? 100 million each year couldn't possibly cover the costs of running dedicated fiber lines!

RE: Oh Look!
By Cardboardtoast on 7/8/2010 11:46:00 AM , Rating: 2
Why not just a computer that has the plants stats, and nothing else? Give it no rights to change any functions of the plant. Have it send out the info as requested, but nothing can be done through it. If they (malicious hackers) manage to take it out, no biggie, just set up a new one, the plant would be fine.

RE: Oh Look!
By Flunk on 7/8/2010 12:08:40 PM , Rating: 3
That's quite obvious, it would cost twice as much.

RE: Oh Look!
By Cardboardtoast on 7/8/2010 1:15:34 PM , Rating: 2
Ummm, how would that cost twice as much???

All you would need is a crappy computer that is sent data, and it forwards it. Thats all.

RE: Oh Look!
By FaceMaster on 7/8/2010 1:50:58 PM , Rating: 3
Why settle for a crappy computer if you can get one that can run Crysis for an extra $300?

RE: Oh Look!
By Xpl1c1t on 7/8/2010 2:51:03 PM , Rating: 3
pretty sure that the military desires both the most rudimentary and most sophisticated means of controlling power in a war on US soil. imagine satellites and radio bands are being jammed or have been knocked out and the only terminal is the library down the street.

RE: Oh Look!
By HotFoot on 7/8/2010 5:04:41 PM , Rating: 2
If you want a networked method for shutting down/throttling plants, and one that uses the internet, it WILL be hackable. I can't think of a reason why the military or any government agency would require the ability to shut down or throttle a plant over the internet. Should such a desire exist, a phone call or some other communication to the local operator can be placed.

RE: Oh Look!
By afkrotch on 7/8/2010 8:22:57 PM , Rating: 2
Unless the US is invaded and the power plant happens to be controlled by the invading forces. Phone call pretty much does nothing for you.

A laser guided bomb would do the trick, but we'd have to rebuilt the plant again. Course shutting it down remotely would probably give a reason for invading forces to destroy it themselves, so it can't be used against them later on.

Who knows. I figure a non-internet connected network would be fine and if they wanted stats. They can sneakernet the data to an internet connected terminal for data transmission.

RE: Oh Look!
By geddarkstorm on 7/8/2010 12:48:37 PM , Rating: 2
But.. now how will they get their farmville fix while operating complex, highly important equipment :<?

RE: Oh Look!
By Wiggy Mcshades on 7/8/2010 2:51:13 PM , Rating: 2
None of these computers would even be capable of "checking email" in the first place.

RE: Oh Look!
By Reclaimer77 on 7/8/2010 4:50:46 PM , Rating: 2
Notice how when Republicans are in the White House, shit like this causes a media hellstorm? Where is all the outrage over the Obama administration infringing on our rights and privacy?

RE: Oh Look!
By HotFoot on 7/8/2010 5:10:13 PM , Rating: 2
Well, for my part, I'm outraged. This is a waste of money. It truly bothers me how little justification seems to be required when spending money that is taken involuntarily from taxpayers.

In Bush's case, I'd have held this kind of news against his administration, as I never believed he became President to act in the citizen's interest. In Obama's case, to me this goes on the pile of let-downs alongside ACTA. Frankly, just because a program wasn't started by the current administration doesn't absolve them of the credit for it when they continue to support or even grow it.

RE: Oh Look!
By KCjoker on 7/8/2010 6:36:11 PM , Rating: 3
Because it's ok when Obama(Dems) do this because it's "for our own good" but when Bush(Repubs) did it they were evil. It's such BS. And people bash FoxNews and wonder why they get higher ratings than CNN and MSNBC. Botton line Bush sucked but Obama is even worse....wake up people. Spending under Bush was out of control and spending under Obama(Dems) is even worse.

RE: Oh Look!
By YashBudini on 7/8/2010 7:03:29 PM , Rating: 1
Precisely and yet the political extremists here will waste no time calling you a bleeding heart lib.

RE: Oh Look!
By YashBudini on 7/8/2010 7:06:32 PM , Rating: 2
"Where is all the outrage over the Obama administration infringing on our rights and privacy? "

The initial shock is gone and the sheeple are getting used to being even more sheeple-like. It's just a new equilibrium point for the thoughtless.

RE: Oh Look!
By moenkopi on 7/9/2010 11:28:28 AM , Rating: 2
BINGO! I was reading that thinking, where id the "duh" moment for these people?

Unnamed US Official
By nvalhalla on 7/8/2010 10:53:00 AM , Rating: 5
Said an unnamed US official "It's not Big Brother. This is no more intrusive to privacy than when we read all of your emails..."

RE: Unnamed US Official
By snakeInTheGrass on 7/8/2010 11:47:15 AM , Rating: 3
:) Exactly.

So once we have those big companies secured, the next logical step is to secure all home networks by monitoring them too. It would make sense to sweep all the files on your hard drives, because it's possible your machine has been compromised and the government can let you know that too. And if you have a webcam... hey, we're almost to Orwell's vision, it just took an extra 30 years! We're all going to be so much safer!

Now along those lines, if you can take some entangled photons, fly one of them near light speed for a while, could you then use the one that flew as a receiver for messages 'from the future'? I mean, issues with sending data and flying near light speed aside... we could conceivably be able to do the 'Minority Report' thing at some point (not to mention play the markets, etc.). I know, causality and all that, but... and it's not like sending a object back in time since nothing is actually being sent, just using relativity to adjust the local time of the photon. At least to my simple mind... Anyway, the good thing would be you could actually stop monitoring everyone, look for actual crimes that occur, and then send info back to stop those. If there isn't a crime taking place, then there's no need to try to snoop on everyone and everything. Cool.

RE: Unnamed US Official
By HotFoot on 7/8/2010 5:13:03 PM , Rating: 2
Doesn't observing the state of the entangled particles break the entanglement? I thought this was a sort of dead-cat-in-a-box problem.

Yeah, it's Big Brother....
By AEvangel on 7/8/2010 11:48:03 AM , Rating: 4
While the NSA had no official comment, unnamed U.S. officials took issue with the claim that they were playing "Big Brother". They said the program was vital to protecting the nation and no more intrusive to privacy than traffic cams over intersections.

I don't know about you, but I find traffic cams to be obtrusive and just another example of Big brother watching me all the time.

RE: Yeah, it's Big Brother....
By YashBudini on 7/8/2010 7:30:02 PM , Rating: 2
"I don't know about you, but I find traffic cams to be obtrusive and just another example of Big brother watching me all the time. "

How do you feel when you're involved in an accident that's not your fault and the guy who caused it blames you?

RE: Yeah, it's Big Brother....
By Lerianis on 7/8/2010 8:38:53 PM , Rating: 3
They can find out who is to blame WITHOUT traffic cams, as they did in the past, by doing some REGULAR INVESTIGATION!

private non-IP protocol network?
By NotAboveTheLaw on 7/8/2010 1:35:55 PM , Rating: 2
Not sure why the power grid or anything that is not meant for public access on the internet. There are other less used, less understood protocols that can be used that most people would not have access to from their PC's. Seems like the power grid should be on their own private network. The Internet is not made to be secure so don't use this excuse to invade my privacy. Fix your own network by using a private network and/or different protocol or sub it out to someone who knows how to do this. That goes for the Federal government networks also. This is an excuse to try to take over the communications similar to what Hugh Chavez did.

RE: private non-IP protocol network?
By NotAboveTheLaw on 7/8/2010 1:43:59 PM , Rating: 2
I meant Hugo Chavez, President of Venezuela.

RE: private non-IP protocol network?
By Master Kenobi (blog) on 7/8/2010 6:23:20 PM , Rating: 2
You would need to write something new from the ground up, and then who would support it? The costs to have such a specialized network would be quite insane. Easier and cheaper to set up an isolated one without external network access and call it a day.

By JonnyDough on 7/9/2010 2:31:44 PM , Rating: 2
Agreed. Does anyone else feel that the energy/defense infrastructures ought to be more updated already? They must be quite highly inefficient by today's standards. It just seems that change is costly in the short term, and scary to management. Implementation of new major systems is not usually a perfectly smooth process either. Its no surprise that it takes the energy sector/DOD a long time to get around to making these updates. Its actually a bit sad that it would require recent (perceived?) security threats to update outdated and inefficient computer and network systems.

Actually needed
By 3minence on 7/8/2010 12:55:00 PM , Rating: 3
I consulted for a regional water treatment organization a few years back. They had no idea of IT security and how to implement it. The CIO was a former secretary they promoted because she knew how to spell PC. She was the kind who bought an IDS and thought she could turn it on and walk away (kinda like an electronic Maginot Line). She figured a single single $40k a year guy could provide all servers, network, and security support. The guy in charge of the IT at the actual treatment plants was a process engineer they relabeled as an IT Engineer. He at least tried to learn but had a poor relationship with the CIO.

These people were totally incapable of protecting against any sort of intellegent advasaries that might target them.

RE: Actually needed
By NotAboveTheLaw on 7/9/2010 11:38:16 AM , Rating: 2
exactly - hire real network people/security people who can think outside the box and design special, private networks. The internet is not made for connecting important infrastructure, banks, or other highly secure sites.

Extent Of Penetration
By ImJustSaying on 7/8/2010 12:20:57 PM , Rating: 2
Shouldn't the government just use its meat thermometer to determine the extent of penetration?

Just sayin....


RE: Extent Of Penetration
By Spuke on 7/9/2010 4:00:21 PM , Rating: 2
I'm going to be testing the "extent of penetration" this weekend.

Day in the life of...
By Daniel8uk on 7/8/2010 4:52:54 PM , Rating: 2
Consultant: We should consider the threat of multiple DoS attacks on the countries infrastructure, perhaps disconnecting critical systems and having protected forwarding systems if/ when they need to contact the outside world, this could be monitored in real-time by a central agency, solely focused on monitoring critical systems, such as nuclear power plants.

Politician: You consultants are so 20th century, just have every one thrown in jailed, tagged, and monitored and then shot if they even dare to think.

Air gap security
By glanglois on 7/8/2010 5:23:53 PM , Rating: 2
is not complicated and thus comparatively easy (and cheap) to maintain.

SCADA networks were designed to run all on their own - quite happily managing our critical services without (and prior to) the Internet.

Given the complexity, costs, and uncertain outcome of IP security efforts, separate networks/protocols are a better choice.

And no, that does not mean a second set of optical routes to each substation. Where the heck did that idea come from ???

I wish I was a big company
By YashBudini on 7/8/2010 7:09:25 PM , Rating: 2
So that the government would kiss my ass while doing all my bidding at the expense of everyone else.

How stupid can they be?
By heavyIon on 7/8/2010 11:18:26 PM , Rating: 2
Naming the program "Perfect Citizen" if it's only about securing "mission-critical" systems. Kinda asking for trouble, aren't they?

Oh, wait! This is a government program.

By JonnyDough on 7/9/2010 2:18:55 PM , Rating: 2
They said the program was vital to protecting the nation and no more intrusive to privacy than traffic cams over intersections.

Which many people do and should take issue with...

By JonnyDough on 7/9/2010 2:25:03 PM , Rating: 2
Participation is reportedly voluntary, but those who comply will earn incentives, such as additional government contracts.

That could be labeled as bribery/extortion. Contracts by the government should be awarded based solely on MERIT. Participating in a "voluntary surveillance" on U.S. citizens surfing habits does not = government contract except by immoral measures. Whoever proposed this to the companies should be prosecuted by the people in a court of law. That is TAXPAYER money they are awarding, and that money belongs to the VERY PEOPLE THEY ARE SPYING ON.

"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

DailyTech Poll
How old are you? 


Copyright 2010 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki