Maybe there’s good intentions here but the title of this recently confirmed National Security Agency (NSA) program screams of “Big Brother.” Called “Perfect Citizen,” the Wall Street Journal (WSJ) first uncovered this effort in 2010 as a program designed to detect any cyber attacks on nuclear power plants, power grids and other infrastructure. At that time the NSA would not confirm or deny the existence of the program and called the WSJ’s findings inaccurate.
A new source is providing details about “Perfect Citizen” though. The Electronic Privacy Information Center (EPIC) recently released a 190 page document obtained through a Freedom of Information Act request that confirms the NSA released a statement of work (SOW) in June 2009. The release also shows that Raytheon received the contract in June 2010, just prior to the WSJ publishing their story on the project. The SOW confirmed the government’s concern over the security of sensitive control systems.
“Perfect Citizen” has triggered privacy concerns in the past, with one Raytheon employee referring to it as “Big Brother.” NSA had denied that allegation stating that the program was for vulnerability assessments and capabilities development only, and not used for monitoring communications or for placing sensors on utility companies. With EPIC’s recent release, however, it looks more like “Perfect Citizen” mirrors the WSJ’s original 2010 depiction.
Back in 2010, The Wall Street Journal first uncovered evidence of an NSA program called Perfect Citizen, which was designed to detect cyber assaults on things like power grids, nuclear plants, and other critical infrastructure. The WSJ had sources within the NSA and Raytheon (who allegedly won the government contract to work on the project), but both groups initially declined to comment on the full extent of the program. The NSA told CNET in 2010 that that Perfect Citizen “does not involve the monitoring of communications or the placement of sensors on utility company systems,” and called the WSJ‘s report an “inaccurate portrayal of the work performed at the National Security Agency” — but the intelligence agency declined to confirm or deny specifics in the report. But now, thanks to documents obtained by the Electronic Privacy Information Center (EPIC) via the Freedom of Information Act, details of Perfect Citizen have been revealed.
The recently-released document is 190 pages of dry legalese, but it does confirm that a statement of work was first released back in September of 2009, with Raytheon being awarded the government contract in June of 2010 — just before The Wall Street Journal published its story on the project. The background in the statement of work confirms the government’s concern with the security of sensitive control systems (SCS), sayng that “the protection of SCS… has become a significant point of interest in support of the Department of Defense and the Intelligence Community.” It goes on to say that “the prevention of a loss due to a cyber of physical attack, or recovery of operational capacity after such an event, is crucial… to the DOD, the IC, and the operation of SIGINT [signals intelligence] systems.”
What do you think about Perfect Citizen? Post your comments below. Today’s post pic is from the Virginia Tech IC-CAE.