There is a story in the Wall Street Journal about a new, $100+ million, classified program being run out of the National Security Agency (NSA) that will monitor critical commercial and government infrastructure systems such as electricity grids, nuclear power plants, air traffic control systems and the like in order to detect cyber attacks.
Dubbed "Perfect Citizen," the NSA hopes the program will hep it fill in what the WSJ calls the "big, glaring holes" in knowledge about exactly how massive, coordinated cyber attacks might negatively affect the US.
The Journal story goes on to quote from an internal email from US defense contractor Raytheon, the program's prime contractor, as saying:
"The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security."
"Perfect Citizen is Big Brother."
The Journal reports the project is still in its early days, and that the current $100 million investment is likely just a program down payment. Apparently, a lot of effort is being directed towards convincing commercial companies of the need to cooperate, such as allowing the NSA to put monitoring systems on their networks.
As the Journal notes:
"While the government can't force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, [government] officials said."
Hmm, I wonder what those incentives might be?
While I think this idea is generally a good one, why the program is classified is beyond me. It isn't like those likely to launch a massive cyber attack didn't quickly discover its existence way before the press did. You can't hide these types of efforts for long when you are soliciting help from dozens of commercial organizations, some of which are likely being actively spied on by those inclined to hack them.
Given the details in the WSJ story, especially the number of unnamed government officials quoted, it seems obvious that the NSA now wants the program and its aims to become public. It makes me curious as to why.
Was the NSA not getting the cooperation it was expecting? Did companies view it as indeed "Big Brother"?
Or was it just that the program's cover was blown, and the NSA wanted to try to shape its public perception while it had a chance?
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.