Skip to main content

NSA's secret 'Perfect Citizen' cybersecurity program detailed by recently-released documents

NSA's secret 'Perfect Citizen' cybersecurity program detailed by recently-released documents

Share this story

cluster of locks security privacy stock 1024
cluster of locks security privacy stock 1024

Back in 2010, The Wall Street Journal first uncovered evidence of an NSA program called Perfect Citizen, which was designed to detect cyber assaults on things like power grids, nuclear plants, and other critical infrastructure. The WSJ had sources within the NSA and Raytheon (who allegedly won the government contract to work on the project), but both groups initially declined to comment on the full extent of the program. The NSA told CNET in 2010 that that Perfect Citizen "does not involve the monitoring of communications or the placement of sensors on utility company systems," and called the WSJ's report an "inaccurate portrayal of the work performed at the National Security Agency" — but the intelligence agency declined to confirm or deny specifics in the report. But now, thanks to documents obtained by the Electronic Privacy Information Center (EPIC) via the Freedom of Information Act, details of Perfect Citizen have been revealed.

The recently-released document is 190 pages of dry legalese, but it does confirm that a statement of work was first released back in September of 2009, with Raytheon being awarded the government contract in June of 2010 — just before The Wall Street Journal published its story on the project. The background in the statement of work confirms the government's concern with the security of sensitive control systems (SCS), sayng that "the protection of SCS... has become a significant point of interest in support of the Department of Defense and the Intelligence Community." It goes on to say that "the prevention of a loss due to a cyber of physical attack, or recovery of operational capacity after such an event, is crucial... to the DOD, the IC, and the operation of SIGINT [signals intelligence] systems."

More than two years later, the existence of Perfect Citizen has been confirmed

As EPIC states, Perfect Citizen runs by employing sensors in computer networks that would be automatically activated by suspicious activity, but the program was not designed to monitor computers continuously. That hasn't stopped the program from triggering privacy concerns — the WSJ's 2010 report contained an internal email from a Raytheon employee that said "Perfect Citizen is Big Brother."

Shortly after that initial report, the NSA issued a brief statement claiming the program was "purely a vulnerabilities assessment and capabilities development contract" that "does not involve the monitoring of communications or the placement of sensors on utility company systems." Furthermore, the NSA made it clear that it was not engaging in any illegal or unauthorized monitoring, saying "we strictly adhere to both the spirit and the letter of U.S. laws and regulations."

While these documents don't tell the entire story of Perfect Citizen — some 98 additional pages were withheld, and the pages that were released contain a large amount of censored material — it seems pretty clear that the program is closer to what The Wall Street Journal originally reported and is a lot more than a vulnerabilities assessment. From the contracts within the released documents, it looks like Raytheon will have employees working on the program through September of 2014. We've reached out to EPIC for any more details on the Perfect Citizen program that they'd be willing to share, and will update with any other information we receive.

Today’s Storystream

Feed refreshed Sep 24 Striking out

External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.

Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.

The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.

Andrew WebsterSep 24
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.

A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.

External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.

External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.