The released documents are the contract that the NSA drew up with Raytheon. A Raytheon spokesman referred all comments on the program to the NSA.
All along, the NSA has maintained that Perfect Citizen is "purely a vulnerabilities assessment and capabilities development contract" that "does not involve the monitoring of communications or the placement of sensors on utility company systems," according to an NSA statement released in 2010 – and now rereleased to the Monitor.
What the documents reveal is an apparently small but robust program authorized to hire 28 software engineers, program managers, and laboratory personnel. This includes a pair of "penetration testers" – essentially good-guy hackers who specialize in breaking into networks.
Their assignment as part of the team: discover vulnerabilities that lie in the electronic interface that connects the computer networks of utility companies. Then the team can come up with software and hardware plugs to patch those digital holes.
"Sensitive Control Systems (SCS) perform data collection and control of large-scale distributed utilities or provide automation of infrastructure processes," says the Perfect Citizen contract's "Statement of Work" document. "The protection of SCS is essential to mission operations and has become a significant point of interest in support of the Department of Defense and the Intelligence Community."
Further, the document says, "prevention of a loss due to a cyber or physical attack, or recovery of operational capability after such an event, is crucial to the continuity of the Department of Defense, the intelligence community, and the operation of [Signals Intelligence] systems."