A National Security Agency (NSA) program designed to discover security vulnerabilities at critical infrastructure companies is in full swing, according to documents reportedly obtained by the Electronic Privacy Information Center (EPIC).
The program, dubbed ‘Perfect Citizen‘, was unmasked in 2010 in a report by the Wall Street Journal that claimed it involved sensors that monitored networks at critical infrastructure companies. At the time however, the NSA stated publicly the program did not involve “the monitoring of communications or the placement of sensors on utility company systems,” and that the project provided a set of technical solutions to help the NSA understand “threats to national security networks.”
According to CNET, using a Freedom of Information Act (FOIA) request, EPIC obtained 190 pages of files on Perfect Citizen, at least 98 of which were completely deleted for security reasons. The portions that were readable showed that defense company Raytheon received a $91 million contract to build Perfect Citizen and was authorized to hire up to 28 hardware and software engineers to analyze and document vulnerability research against control systems and devices.
The program is slated to continue through at least 2014, according to CNET.
Marc Rotenberg, executive director of EPIC, told CNET that the documents may help disprove the NSA’s claims that Perfect Citizen doesn’t involve monitoring private networks.
This year has seen multiple reports of the U.S. expanding its efforts to defend cyberspace and develop offensive weapons, including reports about malware such as Stuxnet and Flame linking to secret operations involving the NSA and other agencies. The U.S. has not officially admitted to using cyberweapons in the wild. However, earlier this year, the Washington Post reported the Pentagon was accelerating plans to develop cyberweapons, and that the amount of spending disclosed by the Pentagon on cybersecurity initiatives and technology in 2012 was $3.4 billion.
“If your defense is only to try to block attacks you can never be successful,” General Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, told a Washington symposium in October.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
