NSA conducts cyber security tests on utilities
SUBNET Solutions Inc | Thursday, January 03, 2013
While it has been known for years that the North American electric grid has become susceptible to attacks from cyber criminals, it only recently came to light that the federal government has been conducting security tests on many of the largest utilities in the country, Fierce Smart Grid reports.
According to the media outlet, cyber security has grown beyond spam emails containing Trojan horses, and now has the federal government worried about coordinated, devastating attacks or even simple surveillance conducted by foreign countries. With the electric grid growing increasingly wireless, it has become easier than ever for attackers to penetrate once-secure walls.
To protect against such cyber intruders, President Bush issued the National Security Presidential Directive 54 in 2008, giving the National Security Administration (NSA) the authority to monitor computer networks all over the country. A few details were released in 2010 when The Wall Street Journal wrote an article on the directive, calling it a "cyber shield for utilities," but it wasn't until recently that more information on the directive emerged.
According to the news source, the Electronic Privacy Information Center (EPIC) obtained a copy of the secret directive and released it to the public. The file, granted to EPIC through the Freedom of Information Act, discussed an NSA-led program called Perfect Citizen, which used utility's networks and control systems as guinea pigs to determine how well these facilities could defend against cyber attacks.
According to CNet, NSA deleted as many as 98 pages from Perfect Citizen, saying the segments were "classified top secret" and that if they were released to the public, it could cause "exceptionally grave damage to the national security."
What was released, however, showed that Raytheon was given a contract for about $91 million to create the Perfect Citizen project, which would help the government create systems designed to protect large-scale utilities from cyber attacks. The project focused on "sensitive control systems (SCS)," which "provide automation of infrastructure processes." Raytheon is allowed to hire up to 28 hardware and software engineers who are supposed to "investigate and document the results of vulnerability exploration and research against specific SCS and devices."
SUBNET helps utilities stay protected from cyber attacks by ensuring compliance with NERC CIP standards, which were developed to push utilities to install the most advanced forms of critical infrastructure cyber security.
Substation Automation & Remote Access