Communications of the ACM

Follow us on Twitter at http://twitter.com/blogCACM The Communications Web site, http://cacm.acm.org, features more than a dozen bloggers in the BLOG@CACM community. In each issue of Communications, we’ll publish selected posts or excerpts.

giving way to Agent 111 (“007” in binary), who oftimes might just be a smart bot.

The latest exploit of some Chinese Agent (or agents) 111, made public this month, has to do with sensitive data about American submarine operations. Access apparently was gained by hacking a private contractor doing work in this area for the U.S. Department of Defense. By infiltrating in this indirect manner, cyber-spies were able to vacuum up over 600GB of data that, when the pieces are put together, may provide a valuable picture of how the U.S. Navy intends to operate in contested waters like the East China Sea.

This serious breach, a coup for Chi-
nese intelligence, came in the wake of a
string of damaging hacks aimed at stra-
tegic targets in the U.S. One of the worst
was revealed on March 15 (talk about
“Beware the Ides!”) in a report issued by
the FBI and the Department of Home-
land Security that asserted a well-crafted
Russian-sponsored intrusion effort had
gotten in to our power and water infra-
structures. Given these systems are high-
ly reliant upon automated controls, the
idea some latter-day virtual James Bond
might be able to “cybotage” them is most
troubling. For those who worry about
how such hacks might hurt our military,
give Pete Singer and August Cole’s Ghost
Fleet ( http://bit.ly/2y4v2xC) a close read.

Back in 2015, one of the things U.S. President Barack Obama and China’s President Xi Jinping discussed when they met was the matter of curbing hostile cyber activities aimed at the theft of commercial intellectual property. This Infor-mation-Age form of industrial espionage was costing the U.S. hundreds of billions of dollars each year. Both leaders agreed to declare a moratorium on this aspect of cyber-spying, though the Trump Administration has recently charged the Chinese with serial violations to it. Yet it is important to note, of the Obama-Xi agreement, that conducting cyber espionage in the military and security realms was not addressed. This omission signaled to intelligence agencies in both countries—and to their counterparts around the world— that a new “cool war” was under way, and it was not to be curtailed.

There are two problems with tacit acceptance of cyberspace-based spying on militaries and other actors. The first is that intrusions, though they may be for intelligence-gathering purposes, are observationally equivalent to attack preparations. How is one to know whether the mapping of one’s systems is prelude to an imminent attack, or to an attack at some undetermined time in the future? Either way, this form of cyber espionage is unsettling, because of the threat of actual attack that may undergird it.

John Arquilla
From 007 to ‘Agent 111’
http://bit.ly/2DO1wmc
June 18, 2018

The information revolution has changed just about every aspect of society and security in our time, so it’s no surprise that the spy business has been transformed as well. Yes, there are still human “moles” who scurry about inside organizations, gathering up vital information for their foreign masters, and no doubt those “sleepers” deported from the U.S. back to Russia in a 2010 prisoner swap were not the last of their kind; a real-life version of the television series “The Americans” likely continues, in many countries.

Yet adventurous James Bond-like spies have been eclipsed by a new generation of operatives who don’t travel the world (not physically, anyway) or drink martinis, shaken or stirred. Indeed, most of their time is spent tapping away at keyboards in cool, windowless rooms, their favored beverage some brand of highly caffeinated energy drink. Bond is

Securing Agent 111,
and the Job
of Software Architect

John Arquilla describes the new state of cyberspying, while Yegor Bugayenko considers the importance of a software architect to development projects.