Privacy group gets NSA files on utility research

December 26, 2012 by Nancy Owano, weblog

(—Files obtained by the Electronic Privacy Information Center (EPIC) and provided to CNET show that the National Security Agency (NSA) under its secret Perfect Citizen program is looking at the computerized systems that control large-scale utilities, checking for vulnerabilities including power grid and gas pipeline controllers. The U.S. government relies on commercial utilities for electricity, telecommunications, and other infrastructure requirements The program seeks to carry out "vulnerability exploration and research" against computerized controllers involved in these utilities.

The program is a safeguard measure against the kinds of vulnerabilities that could be exploited in attempts to undermine infrastructure. Understanding the technologies put to work in the infrastructure nodes to interoperate on the commercial backbone would strengthen protection.

U.S. officials have talked for some time about the risk of cyberattacks on the . An attack's effects might include , loss of life and pollution.

In this latest report from CNET, it was discovered that the 190 pages of the recently obtained Perfect Citizen files are heavily redacted. At least 98 pages are deleted. CNET said the deletions were for a number of reasons, including portions classified as top secret, with damage to national security if released, according to an accompanying letter from the chief of the NSA's FOIA office.

The portions that were released show Raytheon as having a contract worth up to $91 million to establish Perfect Citizen, enabling the government to protect large-scale utilities operated by the private sector. CNET said that Raytheon is allowed to hire up to 28 hardware and to investigate and document the results of vulnerability exploration and research against specific sensitive control systems (SCS) and devices.

The Perfect Citizen program is scheduled to continue through at least September 2014.

EPIC posted this on December 20 as an update to its reports on the cybersecurity plan: "In response to a request for comments, EPIC submitted comments on the Federal Cybersecurity Research and Development Strategic Plan. The cybersecurity strategic plan calls for a coordinated research strategy across federal agencies including the Department of Homeland Security and the . EPIC supported the call for privacy safeguards and anonymous web access, and recommended the further integration of genuine privacy-enhancing techniques. EPIC also emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act as the plan progresses. EPIC previously submitted comments to the Department of Defense regarding Cyber Security and Information Assurance Activities."

EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on civil liberties issues and to protect privacy, the First Amendment, and constitutional values.

Explore further: US program to detect cyberattacks on companies, agencies

More information: … tems-in-secret-test/ … n-federal-cyber.html

Related Stories

US program to detect cyberattacks on companies, agencies

July 8, 2010

The United States is launching a program to detect cyberattacks on private US companies and government agencies running critical infrastructure such as the electricity grid and nuclear power plants, The Wall Street Journal ...

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

US cybersecurity efforts trigger privacy concerns

January 27, 2012

(AP) -- The federal government's plan to expand computer security protections into critical parts of private industry is raising concerns that the move will threaten Americans' civil liberties.

US senators call for cybersecurity czar

April 1, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

Recommended for you

How social networking sites may discriminate against women

April 20, 2018

Social media and the sharing economy have created new opportunities by leveraging online networks to build trust and remove marketplace barriers. But a growing body of research suggests that old gender and racial biases persist, ...

Virtually modelling the human brain in a computer

April 19, 2018

Neurons that remain active even after the triggering stimulus has been silenced form the basis of short-term memory. The brain uses rhythmically active neurons to combine larger groups of neurons into functional units. Until ...

'Poker face' stripped away by new-age tech

April 14, 2018

Dolby Laboratories chief scientist Poppy Crum tells of a fast-coming time when technology will see right through people no matter how hard they try to hide their feelings.


Adjust slider to filter visible comments by rank

Display comments: newest first

3.4 / 5 (5) Dec 26, 2012
Although the Perfect Citizen program was secret until now, and probably against some sort of law (although I don't know that for sure), I believe it is better for the US to find the vulnerabilities then some foreign nation that actually wants us to the US harm.
not rated yet Dec 26, 2012
Shifty, I agree. And any country that wishes to protect its economy should be doing similar research. Stuxnet and other tools can be created and used by anyone. It is far easier to destroy than to create, but a bit of proactive prevention now can save a lot of lives in the future.

Although I hadn't heard of the NSA program, I know the US Dept of Homeland Security (DHS) has been working on this for more than 5 years. There are private IT security firms that have been working in this field for more than 15 years.
1 / 5 (3) Dec 27, 2012
Perfect Citizen is just tooo vague. Suppose the 'redacted and secret' part described a program to intrude on the lives of all who do not use microsoft's 'office' products slavishly and exclusively.

Coming in for special retaliation may be all linux users, especially those of them that really know how to program. Microsofties know nothing of real programming. College students are actively prevented from knowing anything about programming except for certain narrowly drawn majors.

This is going to be a real problem for our IT industry in the future as the world starts to move away from this dangerous single product from a single manufacturer monoculture.

This cult of monopoly run by microsoft will also hurt our defense, as China has the source code for all windows products and has 600,000 troops, programmers all, working to subvert windows and infect windows in defense systems, especially weapons systems.
5 / 5 (6) Dec 27, 2012
"Perfect Citizen" - now there's an orwellian label if ever I heard one.
2.3 / 5 (3) Dec 27, 2012
Any government/system that keeps secrets from its Citizens is not a free society. In a free society, Citizens ARE the government.
3 / 5 (2) Dec 27, 2012
Any government/system that keeps secrets from its Citizens is not a free society. In a free society, Citizens ARE the government.

On my desk by tomorrow, I expect to find: all your medical records, results of any STD screenings, your tax records, and any documents the government holds that might reveal information about you.

Oh, and we should also have a published list of all clandestine officers, right?

Or, using your own logic to counter you... any government that releases any information to its citizens is just anarchy!
1 / 5 (2) Dec 29, 2012
Hopefully they are not looking for vulnerabilities that they can themselves use against their population in a crisis situation to take control. Just saying...

The term Perfect Citizen is just the sort of tongue-in-cheek oxymoron type of name which sociopaths in charge would come up with for that... *grins*
2.5 / 5 (2) Dec 30, 2012
Of course the NSA wants to identify vulnerabilities in power grids and utility grids... so they can then exploit them, against you and me, in the police state the federal government is building for themselves. All the more reason why people at the leading edge of the bell curve are for clean energy like LENR and solar and wind, which do not require a grid of such complexity as we have today but are more de-centralized. De-centralization is good for the little guy; you're benefiting from a de-centralized system right now - the internet, which was never even intended for civilian use.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.