In a move that is poised to become extremely unpopular with privacy advocates, the National Security Agency — you may remember them from the warrant-less wiretapping scandal — is launching a program dubbed “Perfect Citizen” to detect cyber attacks on private companies running critical infrastructure like the electricity grid or nuclear plants. All companies have to do is let the NSA deploy a bunch of sensors within their networks, and trust that the nation’s best eavesdropping agency won’t abuse the system.
Both the NSA and Raytheon, who was awarded the initial contract to develop the surveillance effort (valued at up to $100 million), are naturally being very hush-hush about Perfect Citizen. But according to the WSJ, it seems the system would rely on a series of sensors physically installed within networks that would allow the NSA to monitor activity for the telltale signs of an impending cyber attack.
The NSA insists the failsafe measures would only kick in when suspicious activity arises and would not continuously monitor the data streaming through a private company’s networks. But there’s a Big Brother aspect to Perfect Citizen that has some in government and industry grumbling about an intrusion by the government in to private affairs.
But it might be the kind intrusion that is necessary. Government officials are constantly worried about the capabilities of Chinese cyber warriors (not to mention those employed by rogue states or terror groups), and the patchwork nature of American utilities and other key infrastructure providers makes it nearly impossible for the government’s security arms to provide a common defense. One military official claims the violation of privacy is no greater than that caused by traffic cameras, as the sensors will more or less keep an eye out for suspicious patterns in network traffic among other things.
For now, Perfect Citizen is not a mandatory program, and that should allay some privacy concerns. The look of the finalized program is still unclear, as the NSA is working with private companies to persuade them of the gravity of the threat and come to agreeable terms with the government on how best to implement the sensors. Some companies might install their own sensors and then offer the NSA restricted access, a deal that might be far more agreeable to those IT departments worried about having Big Brother wandering the cyber hallways.