Asleep at the cyber wheel

From: Financial Review

Kenneth Rogoff

When the financial crisis of 2008 hit, many shocked critics asked why markets, regulators and financial experts failed to see it coming. Today, one might ask the same question about the global economy’s vulnerability to cyber attack. Indeed, the parallels between financial crises and the threat of cyber meltdowns are striking.

Although the greatest cyber threat comes from rogue states with the capacity to develop extremely sophisticated computer viruses, risks can also come from anarchistic hackers and terrorists, or even from computer glitches compounded by natural catastrophe.

A few security experts have voiced great alarm, including, most recently, Jonathan Evans, the head of the British security service, MI5. By and large, however, few leaders are willing to compromise growth in the tech sector or the internet in any significant way in the name of a threat that is so amorphous. Instead, they prefer to establish relatively innocuous working groups and taskforces.

It is difficult to overstate the dependence of modern economies on large-scale computer systems. Experts have long identified the electricity grid as the most acute vulnerability, since any modern economy would collapse without power. True, many sceptics argue that with reasonable low-cost prophylactic measures, large-scale cyber meltdowns are highly implausible, and that doom-mongers overstate the worst-case scenarios.

It is difficult to judge who is right, and there are important experts on both sides of the debate. But there do seem to be an uncomfortable number of similarities between the political economy of cyber-space regulation and of financial regulation.

First, both cyber security and financial stability are extremely complex topics with which government regulators can hardly keep up. Industry remuneration for experts is far in excess of any public-sector salary, and the best minds are continually bid away. As a result, some argue that the only solution is reliance on self-regulation by the software industry.

Second, like the financial sector, the tech industry is enormously influential politically through contributions and lobbying. In the United States, all presidential candidates must make pilgrimages to Silicon Valley and other tech centres to raise money. Excessive financial-sector influence was, of course, a root cause of the 2008 meltdown and remains deeply implicated in today’s continuing euro zone mess.

Third, with slowing growth in advanced economies, information technology seems to hold the moral high ground, just as finance did until five years ago. And crude attempts by governments to enforce regulation are likely to prove ineffective in protecting against catastrophe, while all too effective in strangling growth.

In both cases – financial stability and cyber security – the risk of contagion creates a situation in which a wedge can form between private incentives and social risks. Admittedly, progress in the technology sector overall often produces huge social-welfare gains, which arguably outstrip those produced by all other sectors in recent decades. But, just as with nuclear power plants, progress can go awry in the absence of good regulation.

Finally, the greatest risks come from arrogance and ignorance, two human characteristics at the heart of most financial crises. Recent revelations about the super-viruses Stuxnet and Flame are particularly disconcerting.

These viruses, apparently developed by the US and Israel to disrupt Iran’s nuclear program, embody a level of sophistication far beyond anything previously seen. Both are deeply encrypted and difficult to detect once inside a computer. The Flame virus can take over a computer’s peripherals, record Skype conversations, take pictures through a computer’s camera, and transmit information via Bluetooth to any nearby device.

If the world’s most sophisticated governments are developing computer viruses, what guarantee is there that something won’t go awry? We are told not to worry about large-scale cyber meltdowns, because none has occurred, and governments are being vigilant.

Unfortunately, another lesson of the financial crisis is that most politicians are congenitally incapable of making difficult choices until risks actually materialise. Let us hope that we are lucky for a while longer.

Kenneth Rogoff is professor of economics and public policy at Harvard University, and was formerly chief economist at the IMF.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *