backtop


Print 37 comment(s) - last by Spuke.. on Jul 9 at 4:00 PM


The NSA's new program "Perfect Citizen" aims to protect aging internet-connected systems, such as those at the nuclear power plant seen here.  (Source: Tennessee Valley Authority)
Debate continues over whether government is fulfilling its duty to defend or meddling in the private sector

It's little secret that the U.S. cybersecurity could use some help.  Recent studies have shown the nation's power grid and armed forces to be highly vulnerable to a cyberattack from an internet savvy nation like China or Russia.  Under President George W. Bush and President Barack Obama slow steps have been made to improve that state of affairs.

But now there's a growing debate over one of the most ambitious cybersecurity initiatives yet, a program developed by the National Security Agency called "Perfect Citizen".  The program is designed to detect, neutralize, and counter cyberattacks on critical parts of the U.S. private sector -- such as defense contractors, power plants, and major internet firms like Google.  Its critics, though, contend that it is government meddling and playing "Big Brother".

Raytheon Corp. has reportedly been selected to spearhead the initiative, receiving a $100M USD initial phase surveillance contract.  

Internally, there's been discord over the government's plans to peer inside private networks.  States a Raytheon email leaked to 
The Wall Street Journal, "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security.  Perfect Citizen is Big Brother."

While the NSA had no official comment, unnamed U.S. officials took issue with the claim that they were playing "Big Brother".  They said the program was vital to protecting the nation and no more intrusive to privacy than traffic cams over intersections.

At the core of the issue is the fact that many "mission critical" systems which drive subway systems, air-traffic control networks, and more are composed of aging machines which were built at a time when security was less understood and considered.  The NSA believes that China and Russian may have gained deep access and exploration into these networks, but it needs to watch them in order to determine the full extent of the penetration.

One of the U.S. government's critical roles is to provide for the defense of the nation.  Under the U.S. constitution the government has the power to "raise and support armies," "provide and maintain a navy," and to "make rules for the government and regulation of the land and naval forces".

Initially, the government began to interface with the private sector -- such as power utilities -- to solve physical problems; for example sealing a manhole cover to a power line going to a critical government center.  However, those efforts quickly expanded to the digital realm.

"Perfect Citizen" sprung from an earlier surveillance project called "April Strawberry".  The new project is still in its early stages, but NSA officials have reportedly met with utility executives and politely asked them to cooperate with the surveillance.  Participation is reportedly voluntary, but those who comply will earn incentives, such as additional government contracts.

Ultimately it may be too early to judge the merits of "Perfect Citizen", but as the program is fleshed out, it seems likely to provoke a lively debate about the government, privacy, and intervention in the private sector.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Actually needed
By 3minence on 7/8/2010 12:55:00 PM , Rating: 3
I consulted for a regional water treatment organization a few years back. They had no idea of IT security and how to implement it. The CIO was a former secretary they promoted because she knew how to spell PC. She was the kind who bought an IDS and thought she could turn it on and walk away (kinda like an electronic Maginot Line). She figured a single single $40k a year guy could provide all servers, network, and security support. The guy in charge of the IT at the actual treatment plants was a process engineer they relabeled as an IT Engineer. He at least tried to learn but had a poor relationship with the CIO.

These people were totally incapable of protecting against any sort of intellegent advasaries that might target them.




RE: Actually needed
By NotAboveTheLaw on 7/9/2010 11:38:16 AM , Rating: 2
exactly - hire real network people/security people who can think outside the box and design special, private networks. The internet is not made for connecting important infrastructure, banks, or other highly secure sites.


"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki