The NSA (National Security Agency) of the United States is implementing a new program to monitor for signs of cyber attacks against government assets, or public and private sector entities like power companies and water treatment plants--companies that make up the critical infrastructure of the nation. The "Perfect Citizen" program is invoking fears of "Big Brother" as well, though, as some question the motives of the NSA initiative.
The name--Perfect Citizen--seems overtly Orwellian. The first thing that pops into my mind when reading about this program is the movie Eagle Eye , or HAL from Arthur C. Clarke's Space Odyssey saga. But, oppressive 'Newspeak' naming aside, the premise of the program seems both valuable and long overdue.
The simple reality is that some private sector companies provide products and services that are essential to national defense and commerce, and provide prime targets for terrorist, or state-sponsored attacks against the United States. The critical dependence of the country on those companies means they must sacrifice some autonomy and privacy for the greater good.
A report in the Wall Street Journal explains "Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems--which run everything from subway systems to air-traffic control networks--have since been linked to the Internet, making them more efficient but also exposing them to cyber attack."
Although the program will be focused on monitoring network activity and identifying suspected cyber attacks against government and critical infrastructure networks, Perfect Citizen will also yield benefits for other private sector companies that are not being actively monitored. The NSA will be able to collect intelligence related to the mechanics and strategies of cyber attacks that can be shared with and applied to network and computer security for all companies.
The concern is that Perfect Citizen could be just the beginning, or that the NSA will overstep its bounds and essentially monitor all domestic network activity. Access to critical infrastructure networks might also provide the NSA with access to details regarding the power usage, or travel plans of companies and individual citizens.
It is a difficult balance to strike. The critical infrastructure does need to be protected, and the NSA seems like the agency to do it. The challenge is to gather intelligence and provide adequate protection for national security and the critical infrastructure, without infringing on the rights and privacy of private sector companies any more than necessary.
Given the recent history of the NSA, it is easy to jump to insidious conspiracy theory conclusions. However, this is a long overdue step in safeguarding the critical infrastructure of the nation, and will hopefully be a first step in fostering more cooperation between public and private sector--as well as between various private sector companies--to collaborate on intelligence gathering and effective defense against cyber attacks.