NSA Targeting Domestic Computer Systems
The National Security Agency‚Äôs Perfect Citizen program hunts for vulnerabilities in ‚Äúlarge-scale‚ÄĚ utilities, including power grid and gas pipeline controllers, new documents from EPIC show.
Newly released files show a secret National Security Agency program is targeting the computerized systems that control utilities to discover security vulnerabilities, which can be used to defend the United States or disrupt the infrastructure of other nations.
The NSA‚Äôs so-called Perfect Citizen program conducts ‚Äúvulnerability exploration and research‚ÄĚ against the computerized controllers that control ‚Äúlarge-scale‚ÄĚ utilities including power grids and natural gas pipelines, the documents show. The program is scheduled to continue through at least September 2014.
The Perfect Citizen files obtained by the Electronic Privacy Information Center and provided to CNET shed more light on how the agency aims to defend ‚ÄĒ and attack ‚ÄĒ embedded controllers. The NSA is reported to have developed Stuxnet, which President Obama secretly ordered to be used against Iran‚Äôs nuclear program, with the help of Israel.
U.S. officials have warned for years, privately and publicly, about the vulnerability of the electrical grid to cyberattacks. Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, told a congressional committee in February: ‚ÄúI know what we [the U.S.] can do and therefore I am extraordinarily concerned about the cyber capabilities of other nations.‚ÄĚ If a nation gave such software to a fringe group, Dempsey said, ‚Äúthe next thing you know could be into our electrical grid.‚ÄĚ
Discussions about offensive weapons in the U.S. government‚Äôs electronic arsenal have gradually become more public. One NSA employment posting¬†for a Control System Network Vulnerability Analyst says the job involves ‚Äúbuilding proof-of concept exploits,‚ÄĚ and an Air Force announcement in August called for papers discussing ‚ÄúCyberspace Warfare Attack‚ÄĚ capabilities. The Washington Post reported¬†last month that Obama secretly signed a directive in October outlining the rules for offensive ‚Äúcyber-operations.‚ÄĚ
‚ÄúSabotage or disruption of these industries can have wide-ranging negative effects including loss of life, economic damage, property destruction, or environmental pollution,‚ÄĚ the NSA concluded in a public report (PDF) discussing industrial control systems and their vulnerabilities.
The 190 pages of the NSA‚Äôs Perfect Citizen files, which EPIC obtained through the Freedom of Information Act last week, are heavily redacted. At least 98 pages were completely deleted for a number of reasons, including that portions are ‚Äúclassified top secret,‚ÄĚ and could ‚Äúcause exceptionally grave damage to the national security‚ÄĚ if released, according to an accompanying letter from Pamela Phillips, chief of the NSA‚Äôs FOIA office.
But the portions that were released show that Raytheon received a contract worth up to $91 million to establish Perfect Citizen, which ‚Äúenables the government to protect the systems,‚ÄĚ especially ‚Äúlarge-scale distributed utilities,‚ÄĚ operated by the private sector.
The focus is ‚Äúsensitive control systems,‚ÄĚ or SCS, which ‚Äúprovide automation of infrastructure processes.‚ÄĚ Raytheon is allowed to hire up to 28 hardware and software engineers who are supposed to ‚Äúinvestigate and document the results of vulnerability exploration and research against specific SCS and devices.‚ÄĚ
One job description, for a senior penetration tester, says the position will ‚Äúidentify and demonstrate vulnerabilities,‚ÄĚ and requires experience using security-related utilities such as Nmap, Tenable‚Äôs Nessus, Libnet, and Netcat. Raytheon is required not to disclose that this work is being done for the NSA.
The Wall Street Journal disclosed the existence of Perfect Citizen in a 2010 article, which reported the NSA‚Äôs ‚Äúsurveillance‚ÄĚ of such systems relies ‚Äúon a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack.‚ÄĚ
An NSA spokeswoman¬†responded to CNET at the time by saying that Perfect Citizen is ‚Äúpurely a vulnerabilities assessment and capabilities development contract‚ÄĚ that ‚Äúdoes not involve the monitoring of communications or the placement of sensors on utility company systems.‚ÄĚ
Marc Rotenberg, EPIC‚Äôs executive director, said that the newly declassified documents ‚Äúmay help disprove‚ÄĚ the NSA‚Äôs argument that Perfect Citizen doesn‚Äôt involve monitoring private networks.
The FOIA‚Äôd documents say that because the U.S. government relies on commercial utilities for electricity, telecommunications, and other infrastructure requirements, ‚Äúunderstanding the technologies utilized in the infrastructure nodes to interoperate on the commercial backbone enables the government to protect the systems.‚ÄĚ
Neither the NSA nor Raytheon immediately responded to requests to comment from CNET this morning. We‚Äôll update this story if we receive a response.