A reported federal government plan calling for the National Security Agency to monitor critical infrastructure networks to detect possible cyberattacks is drawing qualified support from security analysts.
Under the plan, first reported by the Wall Street Journal yesterday, the spy agency would monitor those U.S. companies and government agencies that operate critical infrastructure, including electricity grids and nuclear power plants. The report said that as part of the so-called Perfect Citizen program, the NSA would insert sensors in computer networks that would be programmed to alert officials to activity that could portend a cyberattack.
Analysts said the need for such monitoring is long overdue given the escalating threats against government, military and private sector networks. However, they cautioned that the government must tread carefully in having the nation's chief eavesdropping agency oversee the monitoring.
"I think we don't have a choice," said James Lewis, director and senior fellow at the Center for Strategic and International Studies in Washington. "This is the way to go."
Lewis led a team that prepared a set of cybersecurity recommendations for President Obama in Dec. 2008.
Lewis added that "this notion that public/private partnerships, information sharing and market forces are going to save us" remains unproven in the cybersecurity arena, where there seems an increasing need for direct government action and regulations.
However, letting the secretive NSA oversee the monitoring of government and private networks could prove troubling to some, Lewis conceded. "They have to be careful in explaining how oversight and privacy protections will work for this to survive," he added.
He added that the use of the NSA to monitor networks presents perception problems for the government. "We had a collapse of oversight of the NSA during the Bush administration," Lewis said."People are still saying, 'how do I know I can trust you?' That's what they need to be thinking about," Lewis said.
Initially at least, Perfect Citizen will focus on vulnerabilities in older computer control systems that are used to run the electric grid, subway systems and air-traffic control systems. Many of these control systems are now connected to the Internet, despite their deployment years ago without Internet connectivity or security in mind.
The goal of Perfect Citizen will be to secure such control networks against cyber attacks, the Journal said.