All the talk about Russian tampering with the 2016 presidential election, which is vastly overstated by the way, diverts attention from the more fundamental problem: The vulnerability of America’s critical infrastructure to cyberattack by hostile actors.
When I say critical infrastructure, I mean the power grid, hydroelectric systems, nuclear power plants, energy pipelines, railroads, air traffic control systems, internet and stock exchanges.
These are large, complex systems that affect the entire country. And they are computerized and automated like never before. The scale and degree of interconnectedness are increasing, which creates great vulnerabilities.
If any of them fail, it could lead to massive disruptions, panic and social unrest.
Look at the chaos that followed Hurricane Katrina in 2005, for example. That was an interesting case study in what I call the veneer of civilization and how quickly it can break down under emergency conditions.
Imagine what would happen, for example, if a virus implanted in the control system of a hydroelectric dam opened floodgates to inundate downstream targets, killing thousands by drowning and destroying bridges, roads and agriculture.
Meanwhile, hackers have targeted nuclear power plants. Last year alone, government sources say a dozen U.S. nuclear power plants were targeted, possibly by Russian hackers.
Now, the operations of most nuclear power plants use older analog systems, so they aren’t vulnerable to cyberattacks. They aren’t connected to the net. It’s one case where older and less sophisticated is better.
But hackers are extremely creative, and increasing digitization of these plants could allow hackers backdoor entry points into critical operating systems. I don’t need to spell out the possibilities.
Or think of what would happen if the power grid went down for an extended stretch. Imagine what it would mean for air travel if air traffic control systems were down for a long period.
That’s just for starters.
Without electricity, how do you pump gas? Pumps have electric power so gas stations wouldn’t work. How would trucks get the fuel to transport food to supermarkets throughout the country? Stores would run out of food in no time. Traffic lights wouldn’t work, so huge traffic jams would paralyze cities.
Credit card readers wouldn’t work, ATMs wouldn’t either, the banks couldn’t open, etc. Most businesses wouldn’t be able to function, leading to significant economic losses.
You get the picture.
We got a small taste of widespread power outages in August 2003, when a massive outage in the northeast affected about 45 million people in eight U.S. states.
Official sources said that a squirrel ate through a wire, which caused a power surge that led to cascading failures in the entire system. Next thing you know, tens of millions of people were without electricity.
Most people got their power back within two days or so. But what if the system was down for weeks or longer? And what if it happened throughout America?
I’m not sure I believe the official story about a squirrel causing the incident, but the larger point is that isolated events like that can have widespread consequences for the entire system.
The electric grid is a “system of systems,” connected through communications networks of increasing complexity. Over the next 20 years, data flowing through the system will far exceed the amount of electricity flowing through it. And that makes it more vulnerable to disruption.
It might sound like I’m trying to frighten people here, but I’m not. I’m just trying to get them to prepare.
A lot of people think the experts have things under control, that they can contain any damage and that any problems will be very temporary.
None of those assumptions is true.
First off, these systems can and do fail. They fail with greater frequency than most people understand. They are highly interconnected and they crash into each other in unexpected ways. And they can get out of control very fast.
In fact, it’s the experts, the people who I interact with, who are saying, “No, you don’t understand. This is going to go down. We are highly vulnerable. We don’t know exactly when. We don’t know exactly the extent. That’s very hard to predict, but we are certain that these systems are going to fail, and anyone who’s not prepared for that is being extremely shortsighted.”
So the experts are very worried, while everyday Americans are complacent.
It comes back to complexity theory.
At some point, systems flip from being complicated, which is a challenge to manage, to being complex. Complexity is more than a challenge because it opens the door to all kinds of unexpected crashes and what are technically called emergent properties. Their behavior cannot be reduced to their component parts. It’s as if they take on a life of their own.
Traditional approaches rely on static models that bear little relationship to reality. They tell you where you’ve been but don’t necessarily tell you where you’re going.
Complexity theory lends you greater insight into where you’re going.
I’ve studied complexity theory intensively for decades now. It’s had success explaining phenomena in fields such as climatology, seismology and many other dynamic systems.
I’ve also taken the insights of complexity theory and applied them to financial markets, which are perfect models of complex systems. That’s how I analyze risk in financial markets, and it’s very powerful. Applying complexity theory to markets sets my analysis apart from the mainstream.
Jim Rickards: Protect Your Money As China, Iran, N. Korea & Russia Preparing For Financial Warfare
Jim says bad actors are using Cyber Brigades to hack their way into critical US infrastructure, and he says to prepare for asymmetrical war. Here’s how…
by Jim Rickards via Daily Reckoning
There are many bad actors out there who are preparing to inflict as much damage as possible to the power grid and other critical infrastructure, including the stock market.
I would put Russia, China, Iran, North Korea and a few others at the top of the list. Russia and China at the top of the list but Iran certainly has good cyber-warfare capability.
They’re employing what they call Cyber Brigades that spend all their time basically hacking into the critical infrastructure systems I described above. It’s a good bet that all of these systems have already been penetrated.
No one can beat the U.S. in a conventional war right now. China, especially, is catching up, but it’s not ready at this time. That’s why they’re focusing on attacking America’s critical infrastructure vulnerabilities.
This is called an asymmetric response. They want to fight in the area where they can win or at least inflict enormous damage.
Look at all the crisis spots around the world. North Korea, the Persian Gulf, South China Sea, Syria. If any of them start to escalate, you’re going to get an asymmetric response function.
For example, if President Trump sends the Seventh Fleet into the South China Sea, China might unleash an attack of the U.S. power grid, creating chaos in the United States. Or it could launch an attack on the stock market or conduct other forms of financial warfare.
Financial warfare is not the warfare of the future — it is already here. It’s going to become a bigger threat as time goes on, too.
Financial warfare is actual warfare conducted through banking and capital markets channels. It is not mere economic policy as in the case of so-called currency wars, trade wars or embargoes.
When nations engage in financial warfare, individual investors can be collateral damage. If China tries to attack the U.S. by closing the New York Stock Exchange, for example, it will be tens of millions of Americans who will suffer an immediate loss of wealth as prices plunge and accounts are locked-down or frozen.
Financial warfare attacks vary in their degree of sophistication and impact. At the low end of the spectrum is a distributed denial of service, DDoS, attack. This is done by flooding a target server with an overwhelming volume of message traffic so that either the server shuts down or legitimate users cannot gain access. In such attacks, the target is not actually penetrated, but it is disabled by the message traffic jam.
The next level of sophistication is a cyberhack in which the target, say a bank account record file or a stock exchange order system, is actually penetrated. Once inside, the attacking cyberbrigade can either steal information, shut down the system or plant sleeper attack viruses that can be activated at a later date.
You have probably noticed that unexplained stock market outages and flash crashes have happened with increasing frequency.
Some of these events may be self-inflicted damage by the exchanges themselves in the course of software upgrades, but others are highly suspicious and the exact causes have never been disclosed by exchange officials.
But in 2010, the FBI and Department of Homeland Security located such an attack virus planted by Russian security services inside the Nasdaq stock market system.
Here is a formerly classified map showing cyberattacks by the Chinese government against U.S. interests. Each dot represents an attack. Notice the concentration of attacks against technology targets in San Francisco, financial targets in New York and military and intelligence targets in the Washington-Virginia area.
The most dangerous attacks of all are those in which the enemy penetrates a bank or stock exchange not to disable it or steal information but to turn it into an enemy drone. Such a market drone can be used by attackers for maximum market disruption and the mass destruction of Americans’ wealth including your stocks and savings.
In this scenario, an attacker could penetrate the order entry system of a major stock exchange such as the New York Stock Exchange. Once inside the order entry system, the attacker would place large sell orders on highly liquid stocks such as Apple or Facebook.
Other system participants would then automatically match these orders in the mistaken belief that they were real trades. The sell orders would keep flooding the market and the selling pressure would feed on itself.
An attack of this type would be launched on a day when the market was already down 3% or more, about 550 points on the Dow Jones index.
The result could be a market decline of 20% or more in a single day, comparable to the stock market crash of October 1987 or the crash of 1929. You would not have to trade anything or be in the market during the attack; you would be wiped out based on the market decline even if you did nothing.
Another type of highly malicious attack is to penetrate the account records system of a major bank and then systematically erase account balances in customers’ deposit accounts and 401(k)s.
If the attack extended to backup databases, you or other customers might have no way of proving you ever owned the deleted accounts.
During a financial war game exercise at the Pentagon a few years back, I recommended that the SEC and New York Stock Exchange buy a warehouse in New York and equip it with copper wire hardline phones, hand-held battery powered calculators and other pre-Internet equipment. This facility would serve as a nondigital stock exchange with trading posts.
Orders would be phoned in on the hardwire analogue phone system. This is exactly how stocks were traded until recently. Computerized and algorithmic trading would be banned as nonessential.
In the event of a shutdown of the New York Stock Exchange by digital attack, the nondigital exchange would be activated. The U.S. would let China and Russia know this facility existed as a deterrent to a digital attack in the first place. If our rivals knew we had a robust nondigital Plan B, they might not bother to conduct a digital attack in the first place.
Some analysts respond to such scenarios by saying that the U.S. has cyberwarfare attack capabilities that are just as effective as our enemies’. If Iran, China or Russia ever launched a cyberfinancial attack on the U.S., we could retaliate.
The threat of retaliation, they claim, would act as a deterrent and prevent the enemy attack in the first place. This is similar to the doctrine of “mutually assured destruction” or MAD, that prevented nuclear conflict between the U.S. and Russia during the Cold War.
This analysis is highly flawed and gives false comfort. MAD worked during the Cold War because both sides wanted to avoid existential losses. In financial warfare, the losses may be existential for the U.S., but this is not true for Russia, China and Iran. Because they are far less developed than the U.S., their markets could be destroyed and it would have little impact on their overall economy or national security.
The technological warfare capabilities may be symmetric, but the potential damage is asymmetric, so the deterrent effect on China and Russia is low. There is essentially nothing stopping Russia, Iran or China from launching a “first strike” financial warfare attack if it serves some other national strategic purpose.
What can you do to preserve wealth when these cyberfinancial wars break out?
The key is to have some portion of your total assets invested in nondigital assets that cannot be hacked, wiped out or disrupted in financial warfare.
Such assets include gold, silver, land, fine art and private equity that is usually represented by a paper contract and does not rely on electronic exchange trading for liquidity.
For gold, I recommend you have a 10% allocation to physical gold if you don’t already.
As for alternative investments like fine art, there are many investments that will cost you less than $1,000 to get started.
As an investor, you have enough to be concerned about just taking into account factors like inflation, deflation, Fed policy and the overall state of the economy. These days you have another major threat looming — financial warfare, enabled by cyberattacks and force multipliers.
The time to take defensive action by acquiring nondigital assets is now. I also advise you to learn more about how complexity theory impacts markets. The more you understand markets, the better you’ll be. Click here for more information.
