CNet: Revealed: NSA targeting domestic computer systems in secret test <read>
Another government testament to the risks we face with dependency on the Internet for vital systems. We hope in this particular case that the effort is actually increasing the safety of systems we all depend upon.
Newly released files show a secret National Security Agency program is targeting the computerized systems that control utilities to discover security vulnerabilities, which can be used to defend the United States or disrupt the infrastructure of other nations.
The NSA’s so-called Perfect Citizen program conducts “vulnerability exploration and research” against the computerized controllers that control “large-scale” utilities including power grids and natural gas pipelines, the documents show. The program is scheduled to continue through at least September 2014.
The Perfect Citizen files obtained by the Electronic Privacy Information Center and provided to CNET shed more light on how the agency aims to defend — and attack — embedded controllers. The NSA is reported to have developed Stuxnet, which President Obama secretly ordered to be used against Iran’s nuclear program, with the help of Israel.
U.S. officials have warned for years, privately and publicly, about the vulnerability of the electrical grid to cyberattacks. Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, told a congressional committee in February: “I know what we [the U.S.] can do and therefore I am extraordinarily concerned about the cyber capabilities of other nations.” If a nation gave such software to a fringe group, Dempsey said, “the next thing you know could be into our electrical grid.”
As we have pointed out before, the Internet is vulnerable, states, counties, cities have nowhere near the capabilities of large utilities and the Federal government to protect their networks. Unlike, online banking which is subject to frequent successful attacks, Internet voting attack is harder to detect and correct. Here a story of a voting related Internet breakdown in a state system that was detected, yet authorities remain unable to determine a cause.
For those who are legitimately skeptical of Government security, we point out that Stuxnet was likely developed by our Government and is itself subject to undetected theft, as are any reports of infrastructure vulnerability documented by this “Perfect” program.
