The National Security Agency claims a report this week inaccurately asserted that the agency’s so-called Perfect Citizen program is designed to monitor critical U.S. cybernetworks.
The Wall Street Journal reported recently that an NSA-headed project dubbed “Pefect Citizen” is aimed at monitoring networks for America’s critical infrastructure and that the data gathered may be used to help private companies investigate cyberattacks.
“There is no monitoring activity involved, and no sensors are employed in this endeavor,” NSA spokesperson Judith Emmel told TechNewsWorld.
“Any suggestions that there are illegal or invasive domestic activities associated with this contracted effort are simply not true,” Emmel added. “We strictly adhere to both the spirit and the letter of U.S. laws and regulations.”
Groping Toward Perfection
The NSA awarded defense contractor Raytheon a classified contract worth up to $100 million for the initial phase of the project, according to the Journal‘s story.
This will involve implanting monitoring agents in networks serving America’s critical infrastructure installations that will intermittently monitor network activity for potential cyberthreats, the paper reported.
“Perfect Citizen is purely a vulnerabilities-assessment and capabilities-development contract,” Emmel said. “This is a research and engineering effort.”
Emmel also dismissed fears that the NSA will monitor electric utilities’ grids and may leverage the data gained from that to peer into peoples’ lives. “Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems.”
The contract with Raytheon “provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks, which is a critical part of NSA’s mission of defending the nation,” Emmel said.
However, the NSA declined to state whether this will result in a set of guidelines or actual solutions that need to be implemented, nor would it confirm whether further action might need to be taken in the form if implementing these guidelines or solutions.
“We have nothing to add to the statement,” Vanee’ Vimes of the NSA’s Public and Media Affairs Office told TechNewsWorld.
Expect Progress, Not Perfection
Whether the Perfect Citizen program results in a set of guidelines or actual solutions, it will be just the first step in the long journey toward improving the cybersecurity of our national infrastructure installations.
Back in 2008, then Homeland Security Secretary Michael Chertoff said the DHS was launching what he described as a “reverse Manhattan Project” to secure the Internet. Among other things, this involved reducing the number of outside access points to U.S. government systems from a few thousand to about 50.
The situation didn’t appear to have been improved much by this year — former Director of U.S. National Intelligence Dennis Blair told Congress in February that the United States cannot be certain that its cyberspace infrastructure would remain available and reliable during a time of crisis.
The Perfect Citizen program is no more than another step down the road toward securing America’s national infrastructure.
“This is really only the tip of the solution, and what’s being paid for Perfect Citizen is a fraction of the cost that’s needed,” Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
“In effect, this is a funded diagnosis, but the cure is what the country needs, and that won’t be cheap or easy to come by,” Enderle warned.
The Long and Winding Road
The number of agencies and variety of computer systems involved will complicate things further and add to the cost. It’s not likely that any recommendations produced by the Perfect Citizen program can be applied evenly across the board.
“There can be considerable variation from one organization to another, so perhaps standardizing an approach to improving capability may itself be an objective,” Scott Crawford, a research director at Enterprise Management Associates, pointed out.
“How consistent such improvements might be across the board may depend on the nature of the organization or group tasked with specific improvements,” Crawford told TechNewsWorld.
Any recommendations made must be acted on immediately in order to be successful, Enderle said.
“Programs like this can become a template for attackers if the recommendations aren’t acted on in a timely fashion and the details of these recommendations are released,” he warned.
Can There Be Perfect Privacy?
Although the NSA has stated the Perfect Citizen contract does not involve illegal or invasive domestic activities, it did not extend that statement to possible further action to secure America’s critical infrastructure.
That could be cause for concern.
“It is likely the program will recommend deeper monitoring, and someone in authority will, as is always the case, need to balance civil liberties against the desired security goals and ensure power isn’t abused,” Enderle pointed out.
“Often, this isn’t the case, and effective oversight will be critical to ensure we don’t have an abuse of power,” Enderle said.