(Phys.org)—Files obtained by the Electronic Privacy Information Center (EPIC) and provided to CNET show that the National Security Agency (NSA) under its secret Perfect Citizen program is looking at the computerized systems that control large-scale utilities, checking for vulnerabilities including power grid and gas pipeline controllers. The U.S. government relies on commercial utilities for electricity, telecommunications, and other infrastructure requirements The program seeks to carry out "vulnerability exploration and research" against computerized controllers involved in these utilities.
The program is a safeguard measure against the kinds of vulnerabilities that could be exploited in attempts to undermine infrastructure. Understanding the technologies put to work in the infrastructure nodes to interoperate on the commercial backbone would strengthen protection.
U.S. officials have talked for some time about the risk of cyberattacks on the electrical grid. An attack's effects might include economic damage, loss of life and pollution.
In this latest report from CNET, it was discovered that the 190 pages of the recently obtained Perfect Citizen files are heavily redacted. At least 98 pages are deleted. CNET said the deletions were for a number of reasons, including portions classified as top secret, with damage to national security if released, according to an accompanying letter from the chief of the NSA's FOIA office.
The portions that were released show Raytheon as having a contract worth up to $91 million to establish Perfect Citizen, enabling the government to protect large-scale utilities operated by the private sector. CNET said that Raytheon is allowed to hire up to 28 hardware and software engineers to investigate and document the results of vulnerability exploration and research against specific sensitive control systems (SCS) and devices.
The Perfect Citizen program is scheduled to continue through at least September 2014.
EPIC posted this on December 20 as an update to its reports on the cybersecurity plan: "In response to a request for comments, EPIC submitted comments on the Federal Cybersecurity Research and Development Strategic Plan. The cybersecurity strategic plan calls for a coordinated research strategy across federal agencies including the Department of Homeland Security and the National Security Agency. EPIC supported the call for privacy safeguards and anonymous web access, and recommended the further integration of genuine privacy-enhancing techniques. EPIC also emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act as the plan progresses. EPIC previously submitted comments to the Department of Defense regarding Cyber Security and Information Assurance Activities."
EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on civil liberties issues and to protect privacy, the First Amendment, and constitutional values.
Explore further: US program to detect cyberattacks on companies, agencies
news.cnet.com/8301-1023_3-5756 … tems-in-secret-test/
epic.org/2012/12/epic-comments … n-federal-cyber.html