PDA

View Full Version : Pentagon's Cyber Command: Civilian Infrastructure is a "Legitimate" Target



Ed Jewett
04-19-2010, 01:17 AM
The Pentagon's Cyber Command:
Civilian Infrastructure is a "Legitimate" Target

by Tom Burghardt



http://www.globalresearch.ca/coverStoryPictures/18721.jpg

http://www.globalresearch.ca/index.php?context=va&aid=18721

When U.S. Secretary of Defense Robert M. Gates launched Cyber Command (CYBERCOM) last June, the memorandum (http://online.wsj.com/public/resources/documents/OSD05914.pdf) authorizing its stand-up specified it as a new "subordinate unified command" under U.S. Strategic Command (STRATCOM (http://www.stratcom.mil/)), one that "must be capable of synchronizing warfighting effects across the global security environment as well as providing support to civil authorities and international partners."

As Antifascist Calling (http://antifascist-calling.blogspot.com/2009/06/cyber-command-launched-us-strategic.html) reported at the time, Gates chose Lt. General Keith Alexander, the current Director of the National Security Agency (NSA), to lead the new DOD entity. The agency would be based in Ft. Meade, Maryland, where NSA headquarters are located and the general would direct both organizations.

In that piece I pointed out that STRATCOM is the successor organization to Strategic Air Command (SAC). One of ten Unified Combatant Commands, STRATCOM's brief includes space operations (military satellites), information warfare, missile defense, global command and control, intelligence, surveillance and reconnaissance (ISR), as well as global strike and strategic deterrence, America's first-strike nuclear arsenal.

Designating CYBERCOM a STRATCOM branch all but guarantees an aggressive posture. As an organization that will unify all military cyber operations from various service branches under one roof, CYBERCOM will coordinate for example, Air Force development of technologies to deliver what are called "D5 effects" (deceive, deny, disrupt, degrade and destroy).

Ostensibly launched to protect military networks against malicious attacks, the command's offensive nature is underlined by its role as STRATCOM's operational cyber wing. In addition to a defensive brief to "harden" the "dot-mil" domain, the Pentagon plan calls for an offensive capacity, one that will deploy cyber weapons against imperialism's adversaries.

As a leading growth sector in the already-massive Military-Industrial-Security-Complex, the cyberwar market is hitting the corporate "sweet spot" as the Pentagon shifts resources from Cold War "legacy" weapons' systems into what are perceived as "over-the-horizon" offensive capabilities.

In association with STRATCOM, the Armed Forces Communications and Electronics Association (AFCEA (http://www.afcea.org/)), will hold a Cyberspace Symposium (http://www.afcea.org/events/stratcom/introduction.asp), "Ensuring Commanders' Freedom of Action in Cyberspace," May 26-27 in Omaha, Nebraska.

Chock-a-block with heavy-hitters in the defense and security world such as Lockheed Martin, HP, Booz Allen Hamilton, CACI, Cisco, CSC, General Dynamics, QinetiQ, Raytheon and the spooky MITRE Corporation, the symposium seeks to foster "innovation and collaboration between the private sector and government to delve into tough cyber issues." The shin-dig promises to "feature defense contractors and government agencies showcasing their solutions to cyberspace and cyber warfare issues."

During pro forma hearings before the Senate Armed Services Committee (SASC) April 15, Alexander's testimony was short on specifics, as were his written responses to "Advance Questions" submitted to the general by the SASC (http://armed-services.senate.gov/statemnt/2010/04%20April/Alexander%2004-15-10.pdf).

During Thursday's testimony, Alexander told the Senate panel that the command "isn't about efforts to militarize cyberspace," but rather "is about safeguarding the integrity of our military's critical information systems."

"If confirmed" Alexander averred, "I will operate within applicable laws, policies and authorities. I will also identify any gaps in doctrine, policy and law that may prevent national objectives from being fully realized or executed."

What those "national objectives" are and how they might be "executed" are not publicly spelled out, but can be inferred from a wealth of documents and statements from leading cyberwar proponents.

As we will explore below, despite hyperbole to the contrary, CYBERCOM represents long-standing Pentagon plans to militarize cyberspace as part of its so-called "Revolution in Military Affairs" and transform the internet into an offensive weapon for waging aggressive war.

"Switching Cities Off"

While we do not know how Pentagon assets will be deployed, we can be certain their destructive potential is far-reaching. We can infer however, that CYBERCOM possesses the capacity for inflicting irreparable harm and catastrophic damage on civilian infrastructure, and that power grids, hospitals, water supply systems, financial institutions, transportation hubs and telecommunications networks are exquisitely vulnerable.

The potential for catastrophic violence against cities and social life in general, has increased proportionally to our reliance on complex infrastructure. Indeed, most of the networks relied upon for sustaining social life, particularly in countries viewed as adversaries by the United States would be susceptible to such attacks.

In densely populated cities across Africa, Asia, Latin American and the Middle East, even a small number of directed attacks on critical infrastructural hubs could cause the entire network to collapse. The evidence also suggests that the Pentagon fully intends to field weapons that will do just that.

As the National Journal (http://www.nationaljournal.com/njmagazine/cs_20091114_3145.php) reported in November, in May 2007, "President Bush authorized the National Security Agency, based at Fort Meade, Md., to launch a sophisticated attack on an enemy thousands of miles away without firing a bullet or dropping a bomb."

According to investigative journalist Shane Harris, during the Iraq "surge" Director of National Intelligence Mike McConnell, requested and received an order from President Bush for an "NSA cyberattack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings."

While corporate media, the Pentagon and the security grifters who stand to make billions of dollars hyping the "cyberwar threat" to gullible congressional leaders and the public, the DOD, according to Harris, "have already marshaled their forces."

Bob Gourley, who was the chief technology officer for the Defense Intelligence Agency told Harris: "We have U.S. warriors in cyberspace that are deployed overseas and are in direct contact with adversaries overseas," and that these experts already "live in adversary networks."

While the specter of a temporary "interruption of service" may haunt modern cities with blackout or gridlock, a directed attack focused on bringing down the entire system by inducing technical malfunction across the board, would transform "the vast edifices of infrastructure" according to geographer and social critic Stephen Graham, into "so much useless junk."

In his newly-published book, Cities Under Siege (http://www.versobooks.com/books/ghij/g-titles/graham_s_cities_under_siege.shtml), Graham discusses the effects of post-Cold War U.S./NATO air bombing campaigns in Iraq, Afghanistan and the former Yugoslavia as a monstrous instrumentality designed to inflict maximum damage and thereby coerce civilian populations into abandoning resistance to the imperialist hyperpower: the United States.

Much the same can be said of America's "stationary aircraft carrier" in the Middle East, Israel, during its murderous bombing campaign and ground invasion of Gaza during 2008-2009, which similarly targeted civilian infrastructure, reducing it to rubble.

"The effects of urban de-electrification" Graham writes, "are both more ghastly and more prosaic: the mass death of the young, the weak, the ill, and the old, over protracted periods of time and extended geographies, as water systems and sanitation collapse and water-borne diseases run rampant. No wonder such a strategy has been called a 'war on public health,' an assault which amounts to 'bomb now, die later'."

Although critics such as James Der Derian (see: Virtuous War (http://routledgestrategicstudies.com/books/Virtuous-War-isbn9780415772396)) argue that "new forms of control and governance" are made possible by the modern surveillance state and that "the speed of interconnectivity that the computer enables has, more than any other innovation in warfare from the stirrup to gunpowder to radar to nukes, shifted the battlefield away from the geopolitical to the electromagnetic," exactly the opposite is the case.

Searching for "clean," "sanitized" modes of waging high-tech, low casualty war (for the aggressors), U.S. Cyber Command has been stood-up precisely to deliver the means that enable America's corporate and political masters to "switch cities off" at will, as a tool of economic-political domination.

In this respect, the "electromagnetic" is fully the servant of the "geopolitical," or as Guy Debord reminds us in The Society of the Spectacle (http://www.bopsecrets.org/SI/debord/): "The current destruction of the city is thus merely one more reflection of humanity's failure, thus far, to subordinate the economy to historical consciousness; of society's failure to unify itself by reappropriating the powers that have been alienated from it."

Part of that "alienation" resides in the chimerical nature of imperialism's quest for high-tech "silver bullets" to assure its continued domination of the planet, despite evidence to contrary in the form of the slow-motion meltdown and collapse of the capitalist economy. The fact is, despite the decidedly "low-tech," though highly-effective, resistance of the people of Iraq, Palestine and Afghanistan, our masters will continue to pour billions of dollars into such weapons systems to stave off their "rendezvous with history."

While Pentagon Press Secretary Geoff Morrell went to great lengths last year to downplay (http://www.defense.gov/news/newsarticle.aspx?id=54890) the offensive role envisaged for Cyber Command, others within the defense bureaucracy are far more enthusiastic.

In a 2008 piece published by Armed Forces Journal (http://www.armedforcesjournal.com/2008/05/3375884), Col. Charles W. Williamson wrote that "America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack."

Alexander's equivocal written responses were hardly comforting, nor did they blunt criticism that the Pentagon fully intends to stand-up an electromagnetic equivalent of Strategic Air Command. While promising that CYBERCOM would be "sensitive to the ripple effects from this kind of warfare," as The New York Times (http://www.nytimes.com/2010/04/15/world/15military.html) delicately put it, Alexander sought to blunt criticism by averring that the Pentagon "would honor the laws of war that govern traditional combat in seeking to limit the impact on civilians."

In written responses to Senate, Alexander went to great lengths to assure the SASC that military actions would comply with international laws that require conformity with principles of military necessity and proportionality.

However, as the Times pointed out, Alexander agreed with a question submitted by the Senate that "the target list would include civilian institutions and municipal infrastructure that are essential to state sovereignty and stability, including power grids, banks and financial networks, transportation and telecommunications."

During questioning by SASC Chairman Carl Levin (D-MI) Thursday, how CYBERCOM would respond to an attack "through computers that are located in a neutral country," Alexander was far more ambiguous. He responded that would "complicate" matters, particularly when it came to the critical question of "attribution."

Despite matters being "complicated" by the fog of war, Alexander didn't rule out an attack on a presumably "neutral" country, even one that unwittingly serves as a "path through."

"Offensive cyber weapons" Alexander wrote, "would only be authorized under specific lawful orders by the [Defense Secretary] and the president and would normally come with supplemental rules of engagement."

While true as far as it goes (which isn't very far!) Alexander's boss, General Kevin Chilton, STRATCOM's commander suggested last year that "the White House retains the option to respond with physical force--potentially even using nuclear weapons--if a foreign entity conducts a disabling cyber attack against U.S. computer networks." (emphasis added)

According to Global Security Newswire (http://gsn.nti.org/gsn/nw_20090512_4977.php), during a Defense Writers Group breakfast last May Chilton told journalists, "I think you don't take any response options off the table from an attack on the United States of America. Why would we constrain ourselves on how we respond?"

Chilton went on to say that "I think that's been our policy on any attack on the United States of America. And I don't see any reason to treat cyber any differently. I mean, why would we tie the president's hands? I can't. It's up to the president to decide."

Hardly comforting words.

In response to an SASC query, Alexander wrote that as Commander his duties include "executing the specified cyberspace missions" to "secure our freedom of action in cyber space."

Among other things, those duties entail "integrating cyberspace operations and synchronizing warfighting effects across the global security environment." According to it's charter, the command will "direct global information grid operations and defense" and execute "full-spectrum military cyberspace operations."

The command will serve "as the focal point for deconfliction of DOD offensive cyberspace operations;" in other words, it will coordinate and act as the final arbiter amongst the various armed branches which possess their own offensive cyber capabilities.

In the Pipeline

Contemporary military doctrine in the United States, but also in Israel, has emphasized the use of overwhelming force as a means to eradicate civilian infrastructure and break a population's resistance, what Graham has called "the systematic demodernization and immobilization of entire societies classified as adversaries."

Whether such force is applied through "traditional" means, aerial bombing preceded or followed by crippling economic sanctions as in Iraq and Palestine, or by the deployment of more "modern" means, cyberwar, state terror has as its primary target the civilian population and crafts its tactics so as to ensure maximal levels of psychological coercion.

This is fully consonant with the Pentagon's goal to transform cyberspace into an offensive military domain. In a planning document, since removed from the Air Force web site, theorists averred:


Cyberspace favors offensive operations. These operations will deny, degrade, disrupt, destroy, or deceive an adversary. Cyberspace offensive operations ensure friendly freedom of action in cyberspace while denying that same freedom to our adversaries. We will enhance our capabilities to conduct electronic systems attack, electromagnetic systems interdiction and attack, network attack, and infrastructure attack operations. Targets include the adversary's terrestrial, airborne, and space networks, electronic attack and network attack systems, and the adversary itself. As an adversary becomes more dependent on cyberspace, cyberspace offensive operations have the potential to produce greater effects. (Air Force Cyber Command, "Strategic Vision," no date, emphasis added)
U.S. campaigns in Afghanistan, Iraq and Yugoslavia and Israeli aggressive wars against Gaza, the West Bank and Lebanon, demonstrate forcefully that contemporary military doctrine now strives to develop the capacity to systematically degrade, as a means of controlling through threats or actual attacks, the infrastructural "glue" that bind entire nations together. There can be no doubt that the Air Force's "Strategic Vision" is now fully integrated into CYBERCOM.

As well, with increasing reliance by the state and its military on high-tech methods of waging war for economic-political-social domination, the self-same methods are appropriated and deployed within heimat societies themselves. Hence, escalating securitization schemes (warrantless wiretapping, watch listing and indexing of "suspect" citizens) are the handmaidens of a generalized militarization of daily life.

What then, are some of the features and future weapons systems being explored by CYBERCOM and their corporate partners? The SASC as part of its confirmation process of General Alexander, has provided a useful summary, Building Cyberwarfare Capabilities in Public Documents (http://armed-services.senate.gov/statemnt/2010/04%20April/Alexander%20PP%2004-15-10.pdf).

If anything, the examples cited below clearly demonstrate that CYBERCOM is quietly seeing to it that the "mismatch between our technical capabilities to conduct operations and the governing laws and policies," as Alexander wrote to the SASC, for waging aggressive cyberwar will soon be resolved.

Dominant Cyber Offensive Engagement and Supporting Technology
BAA-08-04-RIKA [BAA, Broad Agency Announcement]
Agency: Department of the Air Force
Office: Air Force Materiel Command
Location: AFRL [Air Force Research Laboratory]-Rome Research Site
Posted on fbo.gov: June 13, 2008

"Solutions to basic and applied research and engineering for the problems relating to Dominant Cyber Offensive Solutions to basic and applied research and engineering for the problems relating to Dominant Cyber Offensive Engagement and Supporting Technology are sought. This includes high risk, high payoff capabilities for gaining access to any remotely located open or closed computer information systems; these systems enabling full control of a network for the purposes of information gathering and effects based operations."

"Also, we are interested in technology to provide the capability to maintain an active presence within the adversaries information infrastructure completely undetected. Of interest are any and all techniques to enable stealth and persistence capabilities on an adversaries infrastructure. This could be a combination of hardware and/or software focused development efforts. Following this, it is desired to have the capability to stealthily exfiltrate information from any remotely-located open or closed computer information systems with the possibility to discover information with previously unknown existence. Any and all techniques to enable exfiltration techniques on both fixed and mobile computing platforms are of interest. Consideration should be given to maintaining a 'low and slow' gathering paradigm in these development efforts to enable stealthy operation. Finally, this BAA's objective includes the capability to provide a variety of techniques and technologies to be able to affect computer information systems through Deceive, Deny, Disrupt, Degrade, Destroy (D5) effects."

Air Force PE 0602788F: Dominant Information Technology

FY 2011 Base Plans: "Continue development of information system access methods and development of propagation techniques. Continue development of stealth and persistence technologies. Continue development of the capability to exfiltrate information from adversary information systems for generation of actionable CybINT. Continue technology development for preparation of the battlefield and increased situational awareness and understanding. Continue development of technology to deliver D5 effects. Continue development of autonomic technologies for operating within adversary information systems. Continue development of techniques for covert communication among agents operating within adversary information systems. Continue analysis of proprietary hardware and software systems to identify viable means of access and sustained operations within the same. Continue development of a publish/subscribe architecture for exchange and exfiltration of information while operating within development of a publish/subscribe architecture for exchange and exfiltration of information while operating within adversary information systems. Initiate development of techniques to deliver PsyOps via cyber channels. Develop deception techniques to allow misdirection and confusion of adversary attempts to probe and infiltrate AF systems."

As Washington Technology (http://washingtontechnology.com/articles/2010/02/03/lockheed-darpa-cybersecurity-initiative.aspx) reported in February, "Lockheed Martin Corp. will continue to work with the Defense Advanced Research Projects Agency to help develop a governmentwide cybersecurity initiative under a $30.8 million contract."

That initiative, the National Cyber Range will "provide a revolutionary, safe, fully automated and instrumented environment for U.S. cybersecurity research organizations to evaluate leap-ahead research, accelerate technology transition, and enable a place for experimentation of iterative and new research directions," according to DARPA.

Target, acquired...

Magda Hassan
04-19-2010, 01:34 AM
Well, actually it is a war crime to destroy civilian infrastructure. But then that has never stopped them. Just ask the Yugoslavs and the Iraqis and the Afghanis. TV stations, embassies, water purification works, bridges, roads, villages, apartment blocks, market places. All wiped off the face off the earth. Along with the people inside them.

Magda Hassan
04-19-2010, 01:34 AM
Oh, and hospitals in Gaza.

Ed Jewett
04-19-2010, 02:59 AM
'Full spectrum dominance' means 'we will whip you ass in any way we choose and you WILL like it', because we will get away with it, because no one can stop us. It is the psycho-pathological hubris of the violent, 'drunken' abuser. It is global paternalistic fundamentalism brought to a very very high peak.

Ed Jewett
07-09-2010, 05:34 AM
NSA’s “Perfect Citizen” Program (http://cryptogon.com/?p=16320)

July 8th, 2010 Maybe NSA could use the already operational intercept nodes (http://www.google.com/search?q=site%3Acryptogon.com+mark+klein&ie=UTF-8) to place the new “sensors.”
Via: Wall Street Journal (http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html):
The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.
The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.
Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.
An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.
Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.
“The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security,” said one internal Raytheon email, the text of which was seen by The Wall Street Journal. “Perfect Citizen is Big Brother.”
Raytheon declined to comment on this email.
A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It’s a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.
U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.
Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack.
The goal is to close the “big, glaring holes” in the U.S.’s understanding of the nature of the cyber threat against its infrastructure, said one industry specialist familiar with the program. “We don’t have a dedicated way to understand the problem.”
The information gathered by Perfect Citizen could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year.
The U.S. government has for more than a decade claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Initially, it established relationships with utility companies so it could, for instance, request that a power company seal a manhole that provides access to a key power line for a government agency.
With the growth in concern about cyber attacks, these relationships began to extend into the electronic arena, and the only U.S. agency equipped to manage electronic assessments of critical-infrastructure vulnerabilities is the NSA, government and industry officials said.
The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes.
That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country.
The classified program is now being expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country.
Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said.
Intelligence officials have met with utilities’ CEOs and those discussions convinced them of the gravity of the threat against U.S. infrastructure, an industry specialist said, but the CEOs concluded they needed better threat information and guidance on what to do in the event of a major cyber attack.
Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to an agreement about what data they will then share with the government, industry and government officials said.
While the government can’t force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.
Raytheon, which has built up a large cyber-security practice through acquisitions in recent years, is expected to subcontract out some of the work to smaller specialty companies, according to a person familiar with the project.
Posted in Dictatorship (http://cryptogon.com/?cat=22), Surveillance (http://cryptogon.com/?cat=4), Technology (http://cryptogon.com/?cat=12)

Ed Jewett
07-12-2010, 09:17 PM
Are You a “Perfect Citizen”? NSA Will Deploy Snooping Sensors on Private Networks

by Tom Burghardt / July 12th, 2010

Rather than addressing an impending social catastrophe, Western governments, which serve the interests of the economic elites, have installed a “Big Brother” police state with a mandate to confront and repress all forms of opposition and social dissent.
– Michel Chossudovsky and Andrew Gavin Marshall, Preface, The Global Economic Crisis: The Great Depression of the XXI Century (http://globalresearch.ca/index.php?context=va&aid=18851), Montreal: Global Research, 2010, p. xx.
In a sign that illegal surveillance programs launched by the Bush administration are accelerating under President Obama, The Wall Street Journal (http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html) revealed last week that a National Security Agency (NSA) program, PERFECT CITIZEN, is under development.
With a cover story that this is merely a “research” effort meant to “detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants,” it is also clear that the next phase in pervasive government spying is underway.
With “cybersecurity” morphing into a new “public-private” iteration of the “War On Terror,” WSJ reporter Siobhan Gorman disclosed that giant defense contractor Raytheon (http://www.raytheon.com/) “recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million.”
This wouldn’t be the first time that Raytheon had positioned itself, and profited from, a media-driven panic. As investigative journalist Tim Shorrock documented for CorpWatch (http://www.crocodyl.org/spies_for_hire/raytheon_intelligence_and_information_systems), “as the primary spying unit of defense industry giant Raytheon,” the firm’s Intelligence and Information Services division (Raytheon IIS (http://www.raytheon.com/businesses/riis/)) is the premier provider of command and control systems “capable of transforming data into actionable intelligence.”
According to Shorrock, the unit’s “most important clients … are the NSA, NGA, and NRO, for which it provides signals and imaging processing, as well as information security software and tools;” in other words, agencies that are at the heart of America’s electronic warfare complex.
The program, Gorman writes, “would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack.” While Journal sources claim the program “wouldn’t persistently monitor the whole system,” a leaked Raytheon email paints a different picture, in line with other NSA intrusions into domestic affairs.
“The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security,” the whistleblower writes. “Perfect Citizen is Big Brother.”
These revelations have triggered concerns that projects like PERFECT CITIZEN, and others that remain classified, signal a new round of secret state surveillance and privacy-killing programs under the catch-all euphemism “cybersecurity.”
The Journal reports that information captured by PERFECT CITIZEN “could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year.”
In other words, the program will have major implications “beyond the critical infrastructure sector” and could adversely affect the privacy rights of all Americans. In fact, it wouldn’t be much of a stretch to hypothesize that PERFECT CITIZEN may very well be related to other “intrusion detection programs” such as Einstein 3’s deep-packet inspection capabilities that can read, and catalogue, the content of email messages flowing across private telecommunications networks.
One unnamed military source told the Journal, “you’ve got to instrument the network to know what’s going on, so you have situational awareness to take action.”
However, as the UK publication The Register (http://www.theregister.co.uk/2010/07/08/perfect_citizen/) noted, “many of the networks that the NSA would wish to place Perfect Citizen equipment on are privately owned, however, and some could also potentially carry information offering scope for ‘mission creep’ outside an infrastructure-security context.”
The Register’s Lewis Page, a former Royal Navy Commander and frequent critic of the surveillance state, writes that “full access to power company systems might allow the NSA to work out whether anyone was at home at a given address. Transport and telecoms information would also make for a potential bonanza for intrusive monitoring.”
When queried whether the program would be yet another snooping tool deployed against the public, NSA spokesperson Judith Emmel told The Register (http://www.theregister.co.uk/2010/07/09/nsa_response_perfect_citizen/) Friday: “PERFECT CITIZEN is purely a vulnerabilities-assessment and capabilities-development contract.”
According to NSA, “This is a research and engineering effort. There is no monitoring activity involved, and no sensors are employed in this endeavor. Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems.”
When specifically asked by Page if NSA is “seeking to spy on US citizens by means of examining their power or phone usage, tracking them through transport systems etc, the NSA would simply never think of such a thing.”
“Any suggestions that there are illegal or invasive domestic activities associated with this contracted effort are simply not true. We strictly adhere to both the spirit and the letter of US laws and regulations,” insisted Emmel.
Which raises an inevitable question: what would lead a Raytheon insider to compare the project to “Big Brother”? This is strong language from an employee of one of America’s largest defense firms, a company in the No. 4 slot on Washington Technology’s 2010 Top 100 (http://washingtontechnology.com/toplists/top-100-lists/2010.aspx) list of prime federal contractors with some $6.7 billion in total revenue, 88% of which are derived from defense contracts.
At this point we don’t know, and Siobhan Gorman hasn’t told us since the Journal, as of this writing, hasn’t seen fit to enlighten the public with the full text, if one exists, as to why someone obviously familiar with the program would put their job at risk if PERFECT CITIZEN were simply a “vulnerabilities-assessment and capabilities-development contract” and not something far more sinister.
The Pentagon Rules. Any Questions?
The Journal reported that the project began as “a small-scale effort” under the code name APRIL STRAWBERRY. Over time, the classified program was “expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration,” Gorman wrote. Now, with billions of dollars available “the NSA is now seeking to map out intrusions into critical infrastructure across the country.”
As Antifascist Calling (http://antifascist-calling.blogspot.com/2010/03/obamas-national-cybersecurity.html) reported earlier this year (see: “Obama’s National Cybersecurity Initiative Puts NSA in the Driver’s Seat”), although the administration has released portions of the Bush regime’s National Security Presidential Directive 54 (NSPD-54) in a sanitized version called the Comprehensive National Cybersecurity Initiative (CNCI (http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative)), the full scope of the program remains shrouded in secrecy.
Indeed, most of NSPD-54 and CNCI have never been released to the public. This led the Senate Armed Services Committee (SASC) to write in a 2008 report (http://www.fas.org/sgp/congress/2008/sasc-cyber.html) that “virtually everything about the initiative is classified, and most of the information that is not classified is categorized as ‘For Official Use Only’.”
Due to the opacity of the highly-secretive program and stonewalling by the administration, the SASC joined their colleagues on the Senate Select Committee on Intelligence and called for the initiative to be scaled-back “because policy and legal reviews are not complete, and because the technology is not mature.”
Hardly beacons of transparency themselves when it comes to overseeing depredations wrought by the secret state, nevertheless SASC questioned the wisdom of a program that “preclude public education, awareness and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties. … The Committee strongly urges the Administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative.”
In fact, as the investigative journalism web site ProPublica (http://www.propublica.org/article/disappearance-of-privacy-board-from-whitehouse-website-raises-questions-714) reported last summer, the White House “has erased all mention of the Privacy and Civil Liberties Oversight Board from its Web site. The removal, which was done with no public notice, has underlined questions about the Obama administration’s commitment to the board.” As of this writing, it remains an empty shell.
Despite repeated efforts by civil liberties and privacy groups, the Obama administration has been no more forthcoming than the previous regime in answering these critical concerns, particularly when the “policy and legal issues” are cloaked in secrecy under a cover of “national security.”
Instead, CNCI’s “Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains,” offer little more than linguistic sedatives meant to lull the public as to how and through what means the administration plans to build “on the existing and ongoing partnership between the Federal Government and the public and private sector owners and operators of Critical Infrastructure and Key Resources (CIKR).”
While the administration claims that the “Department of Homeland Security and its private-sector partners have developed a plan of shared action with an aggressive series of milestones and activities,” as we now know the civilian, though securocratic-minded Homeland Security bureaucracy is being supplanted by the Pentagon’s National Security Agency and U.S. Cyber Command as the invisible hands guiding the nation’s “cybersecurity” policies.
As I reported (http://antifascist-calling.blogspot.com/2010/06/through-wormhole-secret-states-mad.html) last month (see: “Through the Wormhole: The Secret State’s Mad Scheme to Control the Internet”), corporate greed and venality aren’t the only motives behind hyped-up “cyber threats.” Armed with multibillion dollar budgets, most of which are concealed from public view under a black cone of top secret classifications, agencies such as NSA are positioning themselves as gatekeepers over America’s electronic communications infrastructure.
[B]The Media’s Role
With corporate media serving as “message force multipliers” for the flood of alarmist reports emanating from industry-sponsored think tanks such as the Bipartisan Policy Center (BPC (http://www.bipartisanpolicy.org/)) and the Center for Strategic and International Studies (CSIS (http://csis.org/)), or lobby shops like the Armed Forces Communications and Electronics Association (AFCEA (http://www.afcea.org/)) and the Intelligence and National Security Alliance (INSA (http://www.insaonline.org/)), it is becoming clear that consensus has been reached amongst Washington power brokers, one that will have a deleterious effect on the free speech and privacy rights of all Americans.
Floated perhaps as a means to test the waters for restricting internet access, The New York Times (http://www.nytimes.com/2010/07/04/weekinreview/04markoff.html) reported July 4 that “the Internet affords anonymity to its users–a boon to privacy and freedom of speech. But that very anonymity is also behind the explosion of cybercrime that has swept across the Web.”
Reporter John Markoff, a conduit for “cyberwar” scaremongering, informs us that “Howard Schmidt, the nation’s cyberczar, offered the Obama administration’s proposal to make the Web a safer place–a ‘voluntary trusted identity’ system that would be the high-tech equivalent of a physical key, a fingerprint and a photo ID card, all rolled into one.”
“The system” Markoff writes, “might use a smart identity card, or a digital credential linked to a specific computer, and would authenticate users at a range of online services.”
Schmidt has described the Obama administration’s approach (note the warm and fuzzy phrase hiding the steel fist) as a “voluntary ecosystem” in which “individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on.”
Markoff’s reporting would be humorous if we didn’t already know that secret state agencies themselves have already compromised the Secure Socket Layer certification process (SSL, the tiny lock that appears during supposedly “secure” online transactions), as computer security and privacy researchers Christopher Soghoian and Sid Stamm revealed in their paper, Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL (http://files.cloudprivacy.net/ssl-mitm.pdf).
In March, Soghoian and Stamm introduced the public to “a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications.” They provided “alarming evidence” that suggests “that this attack is in active use,” and that a niche security firm, Packet Forensics (http://www.packetforensics.com/), is already marketing “extremely small, covert surveillance devices for networks” to government agencies.
Not everyone is thrilled by Schmidt’s call to create this allegedly “voluntary” system. Lauren Weinstein, the editor of Privacy Journal (http://www.privacyjournal.net/index.htm), told the Times that “such a scheme is a pre-emptive push toward what would eventually be a mandated Internet ‘driver’s license’ mentality.”
The stampede for increased state controls are accelerating. Stewart Baker, the NSA’s chief counsel under Bush, told the Times that the “privacy standards the administration wants to adopt will make the system both unwieldy and less effective and not good for security.” Baker and his ilk argue that all internet users “should be forced to register and identify themselves, in the same way that drivers must be licensed to drive on public roads.”
Considering that police have increasingly turned to license plate readers that are fast becoming “a fixture in local police arsenals,” as the Center for Investigative Reporting (http://centerforinvestigativereporting.org/blogpost/20100604licenseplatereadersbecomingafixtureinlocal policearsenals) revealed last month, and that such devices have been deployed for political surveillance here in the heimat and abroad, as both The Guardian (http://www.guardian.co.uk/uk/2009/oct/25/police-domestic-extremists-database) and Seattle Weekly (http://www.seattleweekly.com/content/printVersion/997962) disclosed in reports documenting outrageous secret state spying, a licensing scheme for internet users is an ominous analogy indeed!
The Grim Road Ahead
A confidence game only works when “marks,” in this case American citizens, allow themselves to be defrauded by a person or group who have gained their trust.
And when trust cannot be won through reason, fear tends to take over as a powerful motivator. This is amply on display when it comes to Washington’s ginned-up “cybersecurity” panic.
According to this reading, fraudulent internet schemes, identity theft, even espionage by state- and non-state actors (say corporate spies who benefit from NSA’s ECHELON program) have been transformed into a “war,” one which Bush’s former Director of National Intelligence, Mike McConnell, currently an executive vice president with the spooky Booz Allen Hamilton firm, claims (http://www.washingtonpost.com/wp-dyn/content/article/2010/02/25/AR2010022502493.html) the U.S. is “losing.”
But as security technology expert Bruce Schneier wrote (http://www.schneier.com/blog/archives/2010/07/the_threat_of_c.html) last week, “There’s a power struggle going on in the U.S. government right now.
“It’s about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top.”
Schneier avers that “the entire national debate on cyberwar is plagued with exaggerations and hyperbole.” Googling “cyberwar,” as well as “‘cyber Pearl Harbor,’ ‘cyber Katrina,’ and even ‘cyber Armageddon’–gives some idea how pervasive these memes are. Prefix ‘cyber’ to something scary, and you end up with something really scary.”
Hackers, criminals and sociopaths have been around since the birth of the “information superhighway.” Schneier writes, “we surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There’s a power struggle going on for control of our nation’s cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military’s expansive cyberspace definition of ‘war,’ we feed our fears.”
This is precisely the intent of our political masters. And if the purpose of “cyberwar” hype is to breed fear, mistrust and helplessness in the face of relentless attacks by shadowy actors only a mouse click away then, as Schneier sagely warns: “We reinforce the notion that we’re helpless–what person or organization can defend itself in a war?–and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.”
Destroy trust, increase fear: create the “Perfect Citizen.”
Tom Burghardt is a researcher and activist based in the San Francisco Bay Area. In addition to publishing in Covert Action Quarterly and Global Research (http://globalresearch.ca/), an independent research and media group of writers, scholars, journalists and activists based in Montreal, his articles can be read on Dissident Voice (http://www.dissidentvoice.org/), The Intelligence Daily (http://www.inteldaily.com/) and Pacific Free Press (http://www.pacificfreepress.com/). He is the editor of Police State America: U.S. Military "Civil Disturbance" Planning, distributed by AK Press (http://www.akpress.org/2002/items/policestateamerica). Read other articles by Tom (http://dissidentvoice.org/author/TomBurghardt/), or visit Tom's website (http://antifascist-calling.blogspot.com/).
This article was posted on Monday, July 12th, 2010 at 8:00am and is filed under Civil Liberties (http://dissidentvoice.org/category/civil-liberties/), Democracy (http://dissidentvoice.org/category/democracy/), Espionage (http://dissidentvoice.org/category/espionage/), Media (http://dissidentvoice.org/category/media/), Military/Militarism (http://dissidentvoice.org/category/militarymilitarism/), Obama (http://dissidentvoice.org/category/obama/), Security (http://dissidentvoice.org/category/security/).

Original: http://antifascist-calling.blogspot.com/2010/07/are-you-perfect-citizen-nsa-will-deploy.html