David Frederick's | iAIR BLOG

Consulting, Innovation, Strategy, Vision, Education, & Ideation

Perfect Citizen Is Big Brother

I am a huge opponent of government intrusion in my life, in my business, and in my family. There a limited things the government is good at doing. Getting involved in my life and business in not one of them. Think I am wrong? Look at health care, the economy, tax laws, enforcement of regulatory statutes currently in place, immigration, etc. But I digress.

With the continued probing, attacks, theft of critical IP and Intelligence, viruses and the malicious cyber activities of countries like China, Russia, North Korea, as well as organized crime and sometimes even countries that are our “friends”, more needs to done to protect our IT and operating infrastructure systems AND just as important, go offensive and take the fight to those that wish to do us harm. The good news is, we are now doing this with the U.S. Cyber Command. At least that’s the objective. Dicey stuff, cyber warfare can become (when did I start talking like Yoda!). Thats a another topic for another day.

So what do we do to protect our systems that are run by technology, especially older technology systems with big gaping holes in them i.e. nuclear power plants, aviation, rail, power grids, etc.? Well, up until recently not much. It was left to the masses, public sector, and business to protect against attack. Sometimes it worked, sometimes it didn’t. However, with the increase of “cyber” attacks and probes against our military, infrastructure, and business systems, more needs to be done to mitigate our exposure and risk both at a national and private sector level.

As I said, I am not a fan of government intrusion OR big government/brother, but in this case, the Feds need to step up, protect, and fight back. There is simply too much at risk and the consequences of a hostile attack on our power grid, nuclear power systems, air traffic control systems, etc. could be cataclysmic at worst and hugely disruptive and costly at best. It’s a no win situation for us if these systems are attacked and disrupted or disabled. Which is exactly why China, Russia, North Korea, Iran, and others are trying so hard to gain access and prepare to disrupt these systems. “Just in case”. Don’t believe me? Google the Chinese White Paper that just came out on how China could disrupt and shut down the U.S. Power Grid. That’s only the tip of the iceberg of what the “bad” guys are trying to do and preparing to do… just in case the need arises. If this is what “Nation States” are doing, what do you think terrorists are trying to doing? You don’t think there is value to these nut bags in hijacking the command and control software systems for a nuclear power plant and sending it into melt down? Who do you retaliate against? It’s very hard to find the “true” foot prints of bad guys )and good guys coincidentally) in cyber space, when attacks and systems probes are executed from servers in the U.K. or the U.S., ISP’s in China, and internet cafe’s in Norway with the real bad guys sitting on a fishing trawler using a sat-connection to access the internet in the Southern Yellow Sea. Trust me. Spooky stuff.

Check out this article in the WSJ on the new Perfect Citizen program. It’s a good start, but makes me nervous. As we have seen, any and everything can be abused. Lets put in place safeguards to ensure that systems and programs like this are used for the purpose intended. Not to control the very people it was put in place to protect.

What do you think?


U.S. Plans Cyber Shield for Utilities, Companies

The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.

Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.
An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment. Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.

“The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security,” said one internal Raytheon email, the text of which was seen by The Wall Street Journal. “Perfect Citizen is Big Brother.”

Raytheon declined to comment on this email.

A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It’s a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.

U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.

Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack. The goal is to close the “big, glaring holes” in the U.S.’s understanding of the nature of the cyber threat against its infrastructure, said one industry specialist familiar with the program. “We don’t have a dedicated way to understand the problem.”

The information gathered by Perfect Citizen could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year.

The U.S. government has for more than a decade claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Initially, it established relationships with utility companies so it could, for instance, request that a power company seal a manhole that provides access to a key power line for a government agency.

With the growth in concern about cyber attacks, these relationships began to extend into the electronic arena, and the only U.S. agency equipped to manage electronic assessments of critical-infrastructure vulnerabilities is the NSA, government and industry officials said. The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes.

That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country. The classified program is now being expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country.

Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said. Intelligence officials have met with utilities’ CEOs and those discussions convinced them of the gravity of the threat against U.S. infrastructure, an industry specialist said, but the CEOs concluded they needed better threat information and guidance on what to do in the event of a major cyber attack. Access thousands of business sources not available on the free web. Learn More

Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to an agreement about what data they will then share with the government, industry and government officials said.

While the government can’t force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.
Raytheon, which has built up a large cyber-security practice through acquisitions in recent years, is expected to subcontract out some of the work to smaller specialty companies, according to a person familiar with the project.



Written by David Frederick

July 8, 2010 at 1:17 PM

2 Responses

Subscribe to comments with RSS.

  1. Perfect Citizen Is Big Brother « iAIR | The Institute For Advanced ……

    I found your entry interesting do I’ve added a Trackback to it on my weblog :)…

    World Wide News Flash

    July 8, 2010 at 5:32 PM

  2. GuadalupeKK

    July 26, 2010 at 4:41 AM

Comments are closed.

%d bloggers like this: