Internet makes global economy vulnerable to Lehman-like crash, study says
Loading...
The global economy is entering phase of heightened vulnerability to digital disruption 鈥 a threat likened to the US mortgage crisis, which was largely hidden until its dramatic collapse in 2008, a new report warns.
The report suggests larger dangers are lurking beyond headlines of cyber-espionage, crime, and cyber-weapons development. For one, the fast-rising dependence on outsourcing key operations to cloud Internet Service Providers could result in cascading problems that cause a far broader or longer-lasting crash.
鈥淭he internet is highly interconnected and tightly coupled with society, meaning that (as in other such systems) a small failure or series of them in one place can cascade, producing an outsized impact elsewhere,鈥 according to the study by the Atlantic Council, a national security think tank, and Zurich Insurance Company. 鈥淲hile our society鈥檚 reliance on the internet grows exponentially, our control of it only grows linearly.鈥
What if, for example, a major Internet cloud service provider that provided billing, design, or ordering had 鈥渁 鈥楲ehman moment鈥 鈥 with everyone鈥檚 data there on Friday, and gone on Monday,鈥 the study asks. If that single failure 鈥渃ascaded to a major logistics provider or company running critical infrastructure, it could magnify a catastrophic ripple running throughout the real economy in ways difficult to understand, model or predict beforehand.鈥
That鈥檚 especially true if such an incident coincided with another.
鈥淭he recent Heartbleed vulnerability demonstrates the main message of the report,鈥 says Jason Healey, director of the Atlantic Council鈥檚 Cyber Statecraft Initiative and author of the the report, referring to the recently discovered security gap in two-thirds of Internet websites.
鈥淭he Internet is so complex and tightly coupled to the real world, it turns out we were all gravely exposed to a cyber-risk in an obscure technology that few understand, and we didn鈥檛 see coming,鈥 he adds. 鈥淭his time it was just passwords, but what happens once the Internet is connected to the electrical grid or driverless cars?鈥
Other reports have raised similar concerns.
鈥淲hen 鈥榚verything is becoming digital,鈥 private, public, and civil institutions become more dependent on information systems and more vulnerable to attack鈥,鈥 according to a World Economic Forum and McKinsey & Co. report in January. 鈥淎s a result, all of our institutions will have to make increasingly thoughtful trade-offs between the value inherent in a hyperconnected world and the risk 鈥 that cyberattacks create.鈥
The problem is that Internet commerce is built on the expectation of a 鈥渟table system state,鈥 said Daniel Geer, an Internet security specialist, at a February conference. 鈥淵et the more technologic the society becomes, the greater the dynamic range of possible failures.鈥
Amid the rush to take advantage of new efficiencies, the nation鈥檚 critical infrastructure 鈥 whose control systems, like those of the power grid, are often 鈥渋nsecure by design鈥 鈥 is frequently being connected to Internet-tied corporate networks that are hackable, cyber-security experts say.
鈥淭his is typically where regulation is to step in ... where a business's economic interest conflicts with the interest of the general good,鈥 writes Dale Peterson, CEO of Digital Bond, a cyber-security company in Sunrise, Fla., in an e-mail interview.
That tension is a natural product of 鈥渂usiness logic,鈥 according to Ralph Langer, the man who first identified Stuxnet as a cyber-weapon targeting Iran鈥檚 nuclear program.
鈥淎 fundamental reason for this failure is the reliance on the concept of risk management, which frames the whole problem in business logic,鈥 he and a co-author wrote in a study last year. 鈥淏usiness logic ultimately gives the private sector every reason to argue the always hypothetical risk away, rather than solving the factual problem of insanely vulnerable cyber systems that control the nation鈥檚 most critical installations.鈥
When systems are based on a handful of software and hardware architectures, Dr. Geer said, the vulnerabilities only grow.
鈥淲hen you live in a technologic society where everybody and everything is optimized in some way akin to just-in-time delivery,鈥 he said in February, 鈥渢he dynamic range of failures is incomprehensibly larger and largely incomprehensible.鈥