Privacy group gets NSA files on utility research

Dec 26, 2012 by Nancy Owano weblog

(Phys.org)—Files obtained by the Electronic Privacy Information Center (EPIC) and provided to CNET show that the National Security Agency (NSA) under its secret Perfect Citizen program is looking at the computerized systems that control large-scale utilities, checking for vulnerabilities including power grid and gas pipeline controllers. The U.S. government relies on commercial utilities for electricity, telecommunications, and other infrastructure requirements The program seeks to carry out "vulnerability exploration and research" against computerized controllers involved in these utilities.

The program is a safeguard measure against the kinds of vulnerabilities that could be exploited in attempts to undermine infrastructure. Understanding the technologies put to work in the infrastructure nodes to interoperate on the commercial backbone would strengthen protection.

U.S. officials have talked for some time about the risk of cyberattacks on the . An attack's effects might include , loss of life and pollution.

In this latest report from CNET, it was discovered that the 190 pages of the recently obtained Perfect Citizen files are heavily redacted. At least 98 pages are deleted. CNET said the deletions were for a number of reasons, including portions classified as top secret, with damage to national security if released, according to an accompanying letter from the chief of the NSA's FOIA office.

The portions that were released show Raytheon as having a contract worth up to $91 million to establish Perfect Citizen, enabling the government to protect large-scale utilities operated by the private sector. CNET said that Raytheon is allowed to hire up to 28 hardware and to investigate and document the results of vulnerability exploration and research against specific sensitive control systems (SCS) and devices.

The Perfect Citizen program is scheduled to continue through at least September 2014.

EPIC posted this on December 20 as an update to its reports on the cybersecurity plan: "In response to a request for comments, EPIC submitted comments on the Federal Cybersecurity Research and Development Strategic Plan. The cybersecurity strategic plan calls for a coordinated research strategy across federal agencies including the Department of Homeland Security and the . EPIC supported the call for privacy safeguards and anonymous web access, and recommended the further integration of genuine privacy-enhancing techniques. EPIC also emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act as the plan progresses. EPIC previously submitted comments to the Department of Defense regarding Cyber Security and Information Assurance Activities."

EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on civil liberties issues and to protect privacy, the First Amendment, and constitutional values.

Explore further: Facebook apologizes to drag queens for name policy

More information: news.cnet.com/8301-1023_3-5756… tems-in-secret-test/
epic.org/2012/12/epic-comments… n-federal-cyber.html

Related Stories

US program to detect cyberattacks on companies, agencies

Jul 08, 2010

The United States is launching a program to detect cyberattacks on private US companies and government agencies running critical infrastructure such as the electricity grid and nuclear power plants, The Wall ...

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

US cybersecurity efforts trigger privacy concerns

Jan 27, 2012

(AP) -- The federal government's plan to expand computer security protections into critical parts of private industry is raising concerns that the move will threaten Americans' civil liberties.

Privacy group urges probe of Google cloud services

Mar 18, 2009

A US electronic privacy group has called for the Federal Trade Commission (FTC) to investigate the security and privacy of Google's Web-based products such as email and photo services.

US senators call for cybersecurity czar

Apr 01, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

Recommended for you

Say Ello to the new privacy debate on social media

Sep 29, 2014

Ello is new social networking space on the web that is receiving a lot of attention of late – so much that it's caused a few problems with the website out of action from time to time. ...

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

Shifty0x88
3.4 / 5 (5) Dec 26, 2012
Although the Perfect Citizen program was secret until now, and probably against some sort of law (although I don't know that for sure), I believe it is better for the US to find the vulnerabilities then some foreign nation that actually wants us to the US harm.
SteveL
not rated yet Dec 26, 2012
Shifty, I agree. And any country that wishes to protect its economy should be doing similar research. Stuxnet and other tools can be created and used by anyone. It is far easier to destroy than to create, but a bit of proactive prevention now can save a lot of lives in the future.

Although I hadn't heard of the NSA program, I know the US Dept of Homeland Security (DHS) has been working on this for more than 5 years. There are private IT security firms that have been working in this field for more than 15 years.
Osiris1
1 / 5 (3) Dec 27, 2012
Perfect Citizen is just tooo vague. Suppose the 'redacted and secret' part described a program to intrude on the lives of all who do not use microsoft's 'office' products slavishly and exclusively.

Coming in for special retaliation may be all linux users, especially those of them that really know how to program. Microsofties know nothing of real programming. College students are actively prevented from knowing anything about programming except for certain narrowly drawn majors.

This is going to be a real problem for our IT industry in the future as the world starts to move away from this dangerous single product from a single manufacturer monoculture.

This cult of monopoly run by microsoft will also hurt our defense, as China has the source code for all windows products and has 600,000 troops, programmers all, working to subvert windows and infect windows in defense systems, especially weapons systems.
antialias_physorg
5 / 5 (6) Dec 27, 2012
"Perfect Citizen" - now there's an orwellian label if ever I heard one.
Claudius
2.3 / 5 (3) Dec 27, 2012
Any government/system that keeps secrets from its Citizens is not a free society. In a free society, Citizens ARE the government.
bhiestand
3 / 5 (2) Dec 27, 2012
Any government/system that keeps secrets from its Citizens is not a free society. In a free society, Citizens ARE the government.

On my desk by tomorrow, I expect to find: all your medical records, results of any STD screenings, your tax records, and any documents the government holds that might reveal information about you.

Oh, and we should also have a published list of all clandestine officers, right?

Or, using your own logic to counter you... any government that releases any information to its citizens is just anarchy!
Kieseyhow
1 / 5 (2) Dec 29, 2012
Hopefully they are not looking for vulnerabilities that they can themselves use against their population in a crisis situation to take control. Just saying...

The term Perfect Citizen is just the sort of tongue-in-cheek oxymoron type of name which sociopaths in charge would come up with for that... *grins*
extinct
2.5 / 5 (2) Dec 30, 2012
Of course the NSA wants to identify vulnerabilities in power grids and utility grids... so they can then exploit them, against you and me, in the police state the federal government is building for themselves. All the more reason why people at the leading edge of the bell curve are for clean energy like LENR and solar and wind, which do not require a grid of such complexity as we have today but are more de-centralized. De-centralization is good for the little guy; you're benefiting from a de-centralized system right now - the internet, which was never even intended for civilian use.