Documents that detail the NSA program "Perfect Citizen" were recently released by the NSA. The program, which was started in 2009 and ended up awarding Raytheon a contract in 2010, details the government's concerns on the security of sensitive control systems (SCS). The document defines SCS as systems that "perform data collection and control of large-scale distributed utilities or provide automation of infrastructure processes." The document goes on to say that preventing attacks on these systems is "crucial to the continuity of the DOD, the intelligence community (IC), and the operation of SIGINT systems."
The program is detailed, and involves investigating SCS for vulnerabilities and then developing best practices that defend against the vulnerabilities identified. In addition to detailing the program, the released documents include information on the positions available. From software and hardware production to penetration testers (also known as white hats, or people who test for vulnerabilities by attacking systems).
The program will have Raytheon employees working on it up through 2014, but many pages of the documents related to the program are still classified, and much of the information in the documents themselves has been censored.
With our electrical grid having been attacked recently, and new attempts to breach our critical infrastructure occurring constantly, it is interesting to see that a program has been in place to protect these vital assets for so long. The program clearly states that its goal is to develop ways to prevent attacks, or to mitigate their effectiveness, but the program is relatively small for the task it has been given. The program is only valued at $91 million, and the work force for the program is only 28 people.
It seems like an awfully big task for 28 people to handle. They are not only expected to find vulnerabilities, but to also develop tools and best practices to solve the problems these vulnerabilities cause. With the increased focus on cybersecurity, and the high stakes for failing to protect ourselves from cyber attacks, I wonder if it will be long before we see the program expanded.
No comments:
Post a Comment