The NSA's Perfect Citizen

In what creepy back room do they come up with these names?

The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.

No reason to be alarmed, though. The NSA claims that this is just research.

Posted on July 16, 2010 at 5:19 AM47 Comments


shadowfirebird July 16, 2010 5:58 AM

I guess this is just me being dumb. But, why is the US power grid connected to the internet again?

And, if it needs to be, wouldn’t it be fairly easy for it to do so over a VPN, which would presumably reduce the risk to that of a key-management problem?

Mike S. July 16, 2010 6:15 AM

“No reason to be alarmed, though. The NSA claims that this is just research.”

Also, the check’s in the mail and yes, I’ll still love you in the morning.

farkus888 July 16, 2010 6:27 AM


They are connected to the internet to enable remote management and alarming. This way they can email/page the relevant people when they have an alarm triggering problem. It also makes it much easier for them to set up a new home base for management if a natural disaster makes their operations center unmannable.

As for why those connections aren’t better secured, the same reasons every other network isn’t properly secured apply.

Imperfect Citizen July 16, 2010 7:07 AM

The name is pretty bad. How about utilwatch? Infragard–oh that’s taken.
Maybe you can have a contest to come up with a better name.

Worse yet, if they stick it under a national security label nobody will regulate or clean up problems. The government doesn’t even regulate the contractors on DOJ funded Patriot Act “watch” jobs for crying out loud.

Even if Perfect Citizen is for research what will the contractors do with the results of that research? Look at the domestic spying game, false positives get dragged on and on because it lines someone’s pockets and NSA or whoever gets garbage for data. Nobody audits the phone tap/wiretap info but the folks getting the money. Then someone gets paid to store that garbage data in a warehouse. Nobody audits the data, nobody watches the contractors. So imagine how this sort of research can be misused by federal contractors/subcontractors and you’ll get the big picture. Local jurisdictions get a ton of cash to keep false positives going.

Its not going to be a police state, it is going to be federal contractors watching and not reporting to the police. Nobody turns their own in for misconduct or fraud.

BF Skinner July 16, 2010 7:11 AM

Pythian Slip?

Come and see the violence inherent in the system. Help! Help! I’m being repressed!

Oh, what a giveaway! Did you hear that? Did you hear that, eh? That’s what I’m on about! Did you see him repressing me? You saw him, Didn’t you?

John July 16, 2010 7:31 AM

So even if a control network is isolated, wouldn’t adding these monitoring devices mean there must be connections to the outside?

In order for the “Perfect Citizen” box to send its alarms out and to be remotely managed, it would need a connection to the outside. How is THAT going to be secured?

Clive Robinson July 16, 2010 7:44 AM

@ Bruce,


I still think you should have a little competition to see if people can come up with a worse name (Both BF Skinner and myself have already entered one each 😉

As for perfect citizen it’s self it might only be R&D but that’s a big slice of “good old US Apple Pie” to the prime contractor.

Who if the press is correct is Raytheon, who are specialists in making sensor hardware. Which is one of the contradictory items from the original two NSA press releases (post wsj article).

But and it’s a very very big but… “Me thinks” for that sized slice of pie it’s not R&D, nor “proof of concept” but near on “blank cheque” “field trial”…

either we need more project related info or a careful future eye on Raytheon products.

Cpragman July 16, 2010 7:57 AM

Both FERC and NRC have already issued cybersecurity regulations for utilities and nuclear plants. Seems like FERC and NRC regs would prohibit installing a NSA back door.
Also, there’s some very uptight software QA requirements to meet. Would NSA disclose their source code to the companies that would have to install their bots?

Brian July 16, 2010 8:00 AM

Maybe it’s just me, but it seems like we’re becoming excessively paranoid about the NSA. Yes, if they are actually doing something they shouldn’t be doing, that’s cause for concern. But stupid project name aside, “putting sensors on critical networks to detect intrusions” sounds pretty benign to me. In fact, it sounds like exactly the kind of thing a large number of companies (including BT) do for their customers or themselves. Is THAT “surveillance” too?

Given past issues, keeping a careful eye on the NSA and the government as a whole seems pretty reasonable. But jumping all over EVERYTHING they do just serves as a distraction from any real issues that might come up.

Clive Robinson July 16, 2010 8:00 AM

Oh one quote from the WSJ artical,

“A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It’s a logical extension of the work federal agencies have done in the past…”

Now who else feels like screaming “mission creep”?

You always know you are in “deep do do” when the excuse is “it’ no worse than XXX…” whilst forgetting to mention “No it’s a lot worse because it’s in addition to XXX” and “people are already taking action over XXX”.

Just another chip chip chip away at peoples freedom.

dmc July 16, 2010 9:00 AM

I don’t see any inherent big problem here.

What they’re proposing sounds (from the article, anyway) pretty much like a garden variety (well…ok…somewhat larger than garden variety) intrusion detection system.

I can see the monitored companies getting a wee bit nervous…after all, they’d be exposing their business practices to scrutiny by the government. And if the government didn’t quite get its own security right, their data could be hacked or leaked to hackers or competitors. But in a certain sense, I think there’s a public benefit to ensuring availability of critical infrastructure.

In this particular instance, I don’t see much to object to, except possibly the name of the program, which admittedly does sound rather Orwellian.

NSA July 16, 2010 9:00 AM

We thought that Ministry of Trust sounded too Orwellian and that Privacy Watch was just too ironic.

Trichinosis USA July 16, 2010 9:53 AM

So, if an attack is made on the power grid, the remote management and alarming systems kick in. Unless the remote management and alarming systems are, like, ya know, plugged into the same affected power grid.

Maybe the remote management and alarming systems should be off the grid.

Hm, maybe we ALL should be off the grid.

Nah, that’d actually make sense and give us much better things to do with our money than prop up the energy industry.

Nuck Chorris July 16, 2010 10:02 AM

Control systems are connected to the Internet because they are a source of data everyone wants, including regulators.

But they have firewalls, so there’s no need to worry. 🙂

MichaelT July 16, 2010 10:02 AM

Paranoia, and the name is bad… plus the NSA’s answers are horrible.

Sounds like an ids on power plants. Yeah, something needed.

United Statesmen of America July 16, 2010 10:06 AM

Anyone know where we can get a consolidated list of all the creepy-sounding project names?

mcb July 16, 2010 10:47 AM


“Anyone know where we can get a consolidated list of all the creepy-sounding project names?”

Not offhand, but I bet we can compile our own comprehensive list of names and acronyms generated by the department of “Special High Impact Titles”:

Total Information Awareness

Alex Bond July 16, 2010 11:11 AM

If we can’t trust the industry to protect their own systems, someone needs to do it for them. We all rely on the power system (which is why it’s “critical infrastructure”), so it’s in the public interest that it be defended.

The FBI created InfraGard to share information, but if experts still think that we’re not doing enough to defend our critical systems, what other options do we have? I’m not entirely comfortable with the NSA being in charge of it, but they obviously have the experience.

It’s easy to criticize, but does anyone here have a better suggestion?

EH July 16, 2010 11:42 AM

Is there any indication that the name is so ominous and bureaucratic in order to hide the fact that it’s an unattainable goal and will be ultimately unsuccessful? This would be an inversion of the “Pythian slip” mentioned above (great phrase, btw), with the purpose being some boondoggle that may accomplish 20% of its objectives (if it even really has any).

I mean, it’s the NSA, what reason to they have to publicize anything?

Dr.Forbin July 16, 2010 11:48 AM


“But, why is the US power grid connected to the internet again?”

Most governmental, industrial, financial and other information systems have been interconnected in preparation for the big announcement. (No, not a fix for iPhone antennas)
In the very near future I will be unveiling and activating the full system that PC is only a small part of.
Since the Perfect Citizen name did not go over so well, I’m going to come up with a new one for the full system.
Due to contractor requirements, it will start with the letter C. And it should mean “large”. I’ll think of something.
Dr. Forbin

Clive Robinson July 16, 2010 12:03 PM

@ Alex Bond,

“If we can’t trust the industry to protect their own systems, someone needs to do it for them.”

Err hmm I think the industry can quite easily protect their own systems. It is a question of “incentivising the alocation of resources”.

In a free market there is little if no incentive to invest in any kind of security because it does nothing for “short term stock holder value”.

And as the average executave life is (supposadly) 18months anything that does not show a proffit or other advantage to a senior exec within that time frame is not going to happen. In fact anything that does not make two quaters away look good is not going to happen.

One of the joys of a free market is that employees are also free to come and go, thus the higher they get in managment the more likley they are to take significant risks with the company as a bet on their personal future, not that of the company or the stock holders.

If you are very short term greedy as most stock markets are then this is not an issue for you as you are going to be “in-n-out” taking your profit and leaving the loss to the next guy (as at some point a loss there will surely be). It is a clasic hot “potato game” the person left holding the potato gets burnt…

But for those in for the long term (like most US employees retirment funds) you do not want this short term behaviour, nor for that mater does the US or other national economy want faux boom followed by real hard bust as we have recently seen.

If we literally take “a leaf out of nature we find that systems are rarely more than 60 percent eficient because the plant reserves resorces to defend its self against the future uncertancies.

Clive Robinson July 16, 2010 1:14 PM

@ Brian,

“Maybe it’s just me, but it seems like we’re becoming excessively paranoid about the NSA”

They actually encorage it by there behaviour most of the time. Which is a shame because they actually do some very good work and make it available for all (yup even those outside the USA).

However with regards to,

“Yes, if they are actually doing something they shouldn’t be doing, that’s cause for concern.”

Err you missed out on “If what they are supposed to be doing is cause for concern”.

Their chief scientest is on the record as saying “you can never have to much data” it’s a very large indicator of their mind set backed up by their known but not well publicized developments in storage technology.

Which is a hugh indicator of a problem that is starting to turn around and bite the private individual.

When you have a large collection of data you don’t leave it in the filling cabinet to gather dust irrespective of if you are an “oh so secret organisation” or a “Mom-n-Pop Sweetie store”.

You use it to make a profit on otherwise there is no point in collecting it let alone keeping it…

Now I’ll leave it up to you to decide what the NSA regards as profit but I’m sure it does not align with old style business profit.

Now with any agrigation of information there is the issue of granularity, the more granular it is the less usefull it is for making profit.

That’s because the more data you have the more statistical inferences you can make about it and test on “known parts” of the data.

The profit potential is exponentialy proportional to the inverse of the granularity, as Google and many many other “analytics organisations” know.

You say,

“But stupid project name aside, putting sensors on critical networks to detect intrusions” sounds pretty benign to me.

Yes it does when you say “networks” because it sounds very granular.

Now ask yourself the question do you realy want the “sensors” the NSA would like to deploy being in your house?

After all it is part of the “network” and as we know various politicos are trying to get “house level” control built into the network as part of “green initiatives” (and yes Raytheon the prime contractor is working on those initiatives, it potentialy has huge profit in it).

I suspect that from your comment,

“In fact, it sounds like exactly the kind of thing a large number of companies(including BT) do for their customers or themselves. Is THAT “surveillance” too ”

Means you have fallen into the “granularity trap” of thinking the 20,000ft view not the 2inches from your nose view.

Which also gives rise to the question,

Do you remember phorm?

I’m sure a few BT execs wince when they hear the name after the backlash it caused…

Brandioch Conner July 16, 2010 2:06 PM

I wouldn’t have a problem with this if I thought that the NSA (or our government in general) would use the information to help improve the security of computer systems in general.

If nothing else, they should be able to start profiling COMMON traffic patterns and COMMON configuration errors.

Unplugg3d July 16, 2010 3:04 PM

Perfect Citizen = “We define how you behave”.

The very definition of power.
The same idiocy over and over again.

Matt from CT July 16, 2010 4:59 PM

And, Recovery Act money is financing
license plate readers (cameras) for
Texas Law Enforcement.

Connecticut just announced they are discontinuing the use of windshield registration stickers (that replaced the license plate ones) to save $800,000/year, on the explanation that the State Police license plate readers are more effective.

I suspect their spending more then $800,000/year on that technology.

(And the tin foil wearer in me says it’s really to help people forget to renew more easily, so they can rack up more revenue on fines and late fees…)

Richard Steven Hack July 16, 2010 5:44 PM

“that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system”

And just how do you detect “unusual activity” when you AREN’T “persistently monitoring the system”? Does the word “baseline” ring a bell?

This just makes no sense. Which means it’s a total lie like everything else coming out of government these days. They don’t even bother to try to make up decent stories any more, such as the utter crap spouted about the Iranian defector, none of which makes any sense.

There should be a Constitutional Amendment that says any government official at any level right up to the President who is caught knowingly lying to any member of the US electorate should be instantly stripped of his job, prosecuted and if convicted must pay his last year’s salary as a fine.

Alex Bond July 16, 2010 6:21 PM

@ Clive Robinson

You have a great point about the lack of business incentive for security. However, I think we both agree that the fundamental structure of corporate America will not change in the near future. With that in mind, how can you incentivise security?

Hugh Jennix July 16, 2010 6:59 PM

This smacks of elitism to me. If they’re going to pretend that it’s there to protect ALL the people, it should be named “Purfick Sitazin”. But they ain’t did that.

n July 16, 2010 7:42 PM

“I guess this is just me being dumb. But, why is the US power grid connected to the internet again?”

Because as dumb as you get, the people who own utilities are dumber. Having worked on the SCADA system attached to a major T&D operation’s substations, we fought tooth and nail to keep everything in that system physically isolated from the corporate network, which was effectively on the internet, and we lost every fight to upper management.

jacob July 16, 2010 9:35 PM

@clive. I agree with you that profit motive, information that could be useful later being saved, and short-sighted management goals are most of the problems.
I have a reflex reaction about trusting organizations like the NSA. With the caveats that they know more than we do about risks, etc. and that they do have a job. They do things secretly with oversight that is not known to us by definition. That is probably why people get nervous about things like this.
It is hard to believe an organization like wall street firms are going to do the right thing everytime when they could make a lot of money in a quick deal or a longer manipulative scheme. Very few have gone to jail, just as politicians haven’t yet.
Is it any wonder people are suspicious of what we are being told? The american people do not like seeing the system acting unfairly and that crosses all of the ideological spectrum.
As an aside, the only name that would have been worse would be to get it over with and call it SKYNET. (Somebody Knows You’re Not Exactly Trustworthy) by the powers that be…at least as they define it…..;)

Do it to Julia July 16, 2010 10:34 PM

Sounds pretty Nazi to me. The name alone is ominous and nonsensical. Where do I get my Perfect Citizen Badge or Bumper Sticker?
More psychological fear tactics.

So much for a Free Society.

And what a joke when you consider the US trashing of Soviet and Chinese strategies over the years–this is an idea stolen straight out of Cold War propaganda.

Are those guys really getting paid for that kind of silliness? I’m outta work, maybe the NSA should hire some of us to evaluate their crazy ideas. The Perfect Citizen project would be canned if that was the case. I usually respect the NSA, but this idea makes them sound desperate and dumb, and mean too.

Clive Robinson July 18, 2010 4:28 AM

@ Jacob,

“SKYNET. (Somebody Knows You’re Not Exactly Trustworthy)”

I have a feeling “SKYNET” is going to get quite common probably more so than IANAL or IIRC or possibly LOL (both meanings laugh/love)…

And you forgot the “(c) Copyleft” to keep to keep open ownership 😉

Clive Robinson July 18, 2010 5:59 AM

@ Alex Bond,

Sorry for the delay in the reply but my answer is going to be both long and somewhat off topic of the thread.

With regards to your comment,

“America will not change in the near future. With that in mind, how can you incentivise security?”

That as they say is the rub…

Security comes in a number of flavours so I’m going to be general not specific.

Firstly the view from a senior managers position,

A “tangable” infrestructure investment is an outright loss in the initial stages of the investment. At some point it reaches a break even point after which it shows a profit for the rest of it’s use.

However as a general rule of thumb newer technology becomes more “efficient” with time and older technology requires increasing maintanence so combined it’s running cost goes up.

Thus the two curves when combined give you a “bath tub” curve which defines the profit life of the investment.

It is however not clear if an “intangible” infrastructure investment (such as ICT security) follows the same curve or infact if it will ever present a return which presents a significant dilemma.

Which coincidently is effectivly the same as the R&D dilemma giving rise to intellectual property such as trade secrets and pattents. And can be expressed as,

“what is the probability of a return -v- sunk costs”.

This boils down to a time related gamble…

The longer the problem is left the higher the probability is it will go wrong. In the case of R&D somebody else gets their patent in first, in the case of security the probability that your ICT will be attacked in a particular way if you don’t mitigate against it.

However all spending initialy reduces profit or short term shareholder value. So in the short term all investment in security or R&d is a compleate loss.

Even in the longterm some investment is so risky that it’s like betting on a three legged horse and hoping the other horses get eliminated…

Thus with security and R&D there is little certainty the investment will pay of in the medium or even longterm.

Then there is also the issue that security spending is like defense spending you cannot show that you’ve spent to much only to little…

And then there is the difference between physical security and ICT security which boils down to a question of locality risk probability.

With tangable assets the risk goes up the more people there are local to it. Thus a gold brick in the middle of dense jungle is probably more secure than in a vault in a Bangladeshi bank (Bangladesh supposadly has the highest population density per SqKm).

Further with a tangable asset there is only one place a person can be at any one time and only so much unaided effort they are capable of. Which means they have to have physical force multipliers to do more than a very small minimum damage at any one time. Physical force multipliers tend to be expensive and thus act as a second constraint on tangible assets.

With intangable security there is no distance everything is local, and force multipliers are at near zero cost. Thus one attacker can effectivly attack in all places at the same time.

Which means there are few if any models to use to define the return on ICT security investment…

The only one being that risk goes up with time and thus you would be entering a “Red Queens Race”.

However the way a manager will see this is at zero time there must be zero risk, and thus minimal risk short term (which is just not true).

All of which says to a manager it’s “all sunk costs” within a short time frame, but importantly it comes out of his apparent performance not the companies bottom line…

Which is going to make it a virtual impossible sale to “short term” managment.

Therefore I would say you need to mitigate or get rid of the short term viewpoint, or as engineers would say “dampen the response”.

Short term profit is mainly made in a rapidly changing or chaotic market. Thus it’s in the interests of traders to keep the market rapidly changing,

But for most people that is not true they want moderate change that alows average growth over a reasonable time frame.

Which gives rise to the question,

“how do we achive this?”

There are easy but flawed answers such as “legislation” but sticks only work so far befor the beast turns around and bites or runs off somewhere it does not get beaten (which is one major reason for foreign outsourcing). Likewise carrots are just another reward system that pales after a few bites, and becomes exponentialy expensive for the reward giver.

Also we have tried legalistive sticks (SarbOx) and membership rules (PCI), and we already know they do not work.

All they do is set up a “faux audit market” place. Where the “security policy” from above is not “to be secure as best we can” but to “meet audit”.

Then there is the question of the “how of an audit”, the company being audited “selects and pays the auditor” thus an auditors income is based on what companies are going to select them by…

Which is the classic “conflicts of interest” issue that dogs “free markets” and economists by and large ignore.

Thus we have seen auditors turn blind eyes in finance for many years so much so that company audit reports are virtualy worthless to anybody seaking information on if they should invest or stear well clear (Enron for instance, or toxic mortgage contracts). And it was this that gave rise to SarbOx which was virtually a blank invitation for the audit industry to fill in as they wished that would be passed into law without question.

The fact that even the audit industry says it does not pass first base on it’s stated aims and objectives says a lot about where the audit industry sees it’s responsabilities at the senior levels.

One argument that has been sugested is to use the tax system to make short term systems unatractive to investors. In the UK we have “Capital Gains Tax” which basicaly assesses the tax owed on a sale based on the difference between the buy and sell price. However it is to simplistic in it’s approach due to other tax law alowing loop holes.

One nice thing about CGT was the “tapper” that was the tax due on a sale went down on a year by year basis and after a period of years there was no tax to pay.

Another more recent idea is to pay executives a small basic pay and then lock the majority of their renumeration in to the long term performance of the company.

I’m not suggesting that this is a solution because I can see many issues and problems with the ideas.

But I do know one thing we need to discuss options no matter how odd whilst there is still time to do so, otherwise we will end up in a position we most definatly not want to be in where only criminals thrive.

Alex Bond July 18, 2010 8:43 AM

@Clive Robinson

Thanks for the thoughtful reply! I agree, we certainly need to discuss options and keep in mind that there are no perfect solutions.

BF Skinner July 19, 2010 6:49 AM

@Alex Bond “not entirely comfortable with the NSA being in charge of it, but they obviously have the experience”

Problem with intelligence agencies in this role is that they are in conflict against the integrity of the system. In the intel world you exploit, deny, or deceive.
A commercial firm has one goal up-time. If the NSA or any other intel agency were in charge then they might allow an attack to proceed in order to better assess the nature and capabilities of the attacker. One of their ‘customers’ may have to die that others survive.

A Bank doesn’t want to know that there are attackers who can burn through their vault in Paris. They want their controls to deter all attackers.

“how can you incentivise security?”
Regulation and mandates is one way. We’ve only been doing it 10 years so I say it’s too early to judge it’s effectiveness.

I am reminded of Ford Motor Co and this guy they hired Named Robert Strange McNamara (may he burn). McNamara was wild about numbers and passionate about “Safety”. Executives at Ford kept telling him that Safety doesn’t sell. No one wants to buy safety. He was able to improve the safety of cars made by Ford.

So I’d say it starts with getting people passionate about security into board meetings and they have to have the financial tools to be able to represent their case in the organizations budget.

@EH “it’s the NSA, what reason to they have to publicize anything?”
They didn’t. Some reporter somewhere sticking their nose in forced NSA to explain themselves. Good on them.

@jacob’s point about oversight and accountability is well said. The NSA doesn’t answer to their ‘customers’ and have been shown that they can be bullied by well placed senior government officials.

Booger August 15, 2010 6:24 PM

Back to the internet. Do the kids that run these places, and who fired the old guys, realize there were ways to connect stuff together before there was an internet? It was called leased lines and dial out telephone systems. Oh well those that don’t remember history, or study it, yada yada…

M3mn0ch August 16, 2010 9:05 AM

Way down on the blog list and I see there is a lot to talk about. Passionate subject! I just don’t know which to get the most worked up about.

The name “Perfect Citizen” (whose definition!).

Utilities once again on internet (dual connected I’m sure).

The fact that the utilities are owned by foreign companies!

Gee, where’d that come from!

Fredric L. Rice August 16, 2010 11:44 AM

The name “Perfect Citizen” was created because of the letters PC and a agency computer search of a pre-created list of project names in a database yielded the name.

There’s often no hidden meaning, no secret meaning behind project names, it’s just a computer search of previously-approved project names that is weighted by some irrelevance — in this case PC being Personal Computers.

Probably someone was offered a list of five project names all of which began with the letters PC and someone selected the one he or she thought looked best.

JD Molay August 16, 2010 2:05 PM

PC ~ Personal Colonoscopy.

That’s where they’ll want to monitor next, and if they find insufficient fibre you’ll get a visit from Public Health for placing a potential undue burden on the health sector.

Seriously though, does anyone not wearing rose colored glasses not see where this is going?

Big Brother just got a new pair of binoculars and a nice new video camera to go with them.

Surveillance and control in the name of security can always be sold to the masses.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.