A National Security Agency (NSA) program designed to discover security vulnerabilities at critical infrastructure companies is in full swing, according to documents reportedly obtained by the Electronic Privacy Information Center (EPIC).
The program, dubbed ‘Perfect Citizen‘, was unmasked in 2010 in a report by the Wall Street Journal that claimed it involved sensors that monitored networks at critical infrastructure companies. At the time however, the NSA stated publicly the program did not involve “the monitoring of communications or the placement of sensors on utility company systems,” and that the project provided a set of technical solutions to help the NSA understand “threats to national security networks.”
According to CNET, using a Freedom of Information Act (FOIA) request, EPIC obtained 190 pages of files on Perfect Citizen, at least 98 of which were completely deleted for security reasons. The portions that were readable showed that defense company Raytheon received a $91 million contract to build Perfect Citizen and was authorized to hire up to 28 hardware and software engineers to analyze and document vulnerability research against control systems and devices.
The program is slated to continue through at least 2014, according to CNET.
Marc Rotenberg, executive director of EPIC, told CNET that the documents may help disprove the NSA’s claims that Perfect Citizen doesn’t involve monitoring private networks.
This year has seen multiple reports of the U.S. expanding its efforts to defend cyberspace and develop offensive weapons, including reports about malware such as Stuxnet and Flame linking to secret operations involving the NSA and other agencies. The U.S. has not officially admitted to using cyberweapons in the wild. However, earlier this year, the Washington Post reported the Pentagon was accelerating plans to develop cyberweapons, and that the amount of spending disclosed by the Pentagon on cybersecurity initiatives and technology in 2012 was $3.4 billion.
“If your defense is only to try to block attacks you can never be successful,” General Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, told a Washington symposium in October.