Modern field guide to security and privacy

Internet makes global economy vulnerable to Lehman-like crash, study says

The global economy is becoming so intertwined with the Internet, and the Internet has so many interlinked vulnerabilities, that one failure could cascade into a crash, a new study suggests.

|
Louis Lanzano/AP/File
The scene of employees leaving the Lehman Brothers headquarters in New York is the enduring image of the 2008 crash. Researches say the Internet could make the global economy vulnerable to a similar event.

The global economy is entering phase of heightened vulnerability to digital disruption – a threat likened to the US mortgage crisis, which was largely hidden until its dramatic collapse in 2008, a new report warns.

The report suggests larger dangers are lurking beyond headlines of cyber-espionage, crime, and cyber-weapons development. For one, the fast-rising dependence on outsourcing key operations to cloud Internet Service Providers could result in cascading problems that cause a far broader or longer-lasting crash.

“The internet is highly interconnected and tightly coupled with society, meaning that (as in other such systems) a small failure or series of them in one place can cascade, producing an outsized impact elsewhere,” according to the study by the Atlantic Council, a national security think tank, and Zurich Insurance Company. “While our society’s reliance on the internet grows exponentially, our control of it only grows linearly.”

What if, for example, a major Internet cloud service provider that provided billing, design, or ordering had “a ‘Lehman moment’ – with everyone’s data there on Friday, and gone on Monday,” the study asks. If that single failure “cascaded to a major logistics provider or company running critical infrastructure, it could magnify a catastrophic ripple running throughout the real economy in ways difficult to understand, model or predict beforehand.”

That’s especially true if such an incident coincided with another.

“The recent Heartbleed vulnerability demonstrates the main message of the report,” says Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative and author of the the report, referring to the recently discovered security gap in two-thirds of Internet websites.

“The Internet is so complex and tightly coupled to the real world, it turns out we were all gravely exposed to a cyber-risk in an obscure technology that few understand, and we didn’t see coming,” he adds. “This time it was just passwords, but what happens once the Internet is connected to the electrical grid or driverless cars?”

Other reports have raised similar concerns.

“When ‘everything is becoming digital,’ private, public, and civil institutions become more dependent on information systems and more vulnerable to attack…,” according to a World Economic Forum and McKinsey & Co. report in January. “As a result, all of our institutions will have to make increasingly thoughtful trade-offs between the value inherent in a hyperconnected world and the risk … that cyberattacks create.”

The problem is that Internet commerce is built on the expectation of a “stable system state,” said Daniel Geer, an Internet security specialist, at a February conference. “Yet the more technologic the society becomes, the greater the dynamic range of possible failures.”

Amid the rush to take advantage of new efficiencies, the nation’s critical infrastructure – whose control systems, like those of the power grid, are often “insecure by design” – is frequently being connected to Internet-tied corporate networks that are hackable, cyber-security experts say.

“This is typically where regulation is to step in ... where a business's economic interest conflicts with the interest of the general good,” writes Dale Peterson, CEO of Digital Bond, a cyber-security company in Sunrise, Fla., in an e-mail interview.

That tension is a natural product of “business logic,” according to Ralph Langer, the man who first identified Stuxnet as a cyber-weapon targeting Iran’s nuclear program.

“A fundamental reason for this failure is the reliance on the concept of risk management, which frames the whole problem in business logic,” he and a co-author wrote in a study last year. “Business logic ultimately gives the private sector every reason to argue the always hypothetical risk away, rather than solving the factual problem of insanely vulnerable cyber systems that control the nation’s most critical installations.”

When systems are based on a handful of software and hardware architectures, Dr. Geer said, the vulnerabilities only grow.

“When you live in a technologic society where everybody and everything is optimized in some way akin to just-in-time delivery,” he said in February, “the dynamic range of failures is incomprehensibly larger and largely incomprehensible.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Internet makes global economy vulnerable to Lehman-like crash, study says
Read this article in
https://www.csmonitor.com/World/Passcode/2014/0416/Internet-makes-global-economy-vulnerable-to-Lehman-like-crash-study-says
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe