I thought this piece in the Times (on the vulnerability of the nation’s vital infrastructure systems, such as the electric grid, telecommunication networks, air control system, or the banking systems (e.g. payments and settlements systems), against cyber attacks organized by anonymous hackers) would be a “pleasant” distraction from those of you who are busy following the epidemic.

As you might have noticed, there has been a rising concern on how vulnerable the nation is to such cyber-attacks given the increasing dependency on computerized infrastructures nearly in all domains of collective life and who should have jurisdiction over the intelligence gathering and security activities over these infrastructures. As another Times piece from December 2008 indicates, these efforts seem to be originating from a series of break-ins into the government computer systems. (You might be interested in checking a report written by Center for Strategic and International Studies, a Washington policy group, under the title of “Securing Cyberspace in the 44th Presidency“.) Finally, “thousands of daily attacks on federal and private computer systems in the United States — many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls,” including a recent attack on the air transportation network, apparently “have prompted the Obama administration to review American strategy” by bringing this report back to the forefront of national security discussions on the internet as a source of vulnerability for the vital systems of the nation.

The article treats the issue mostly as one that is pertinent to sovereign security and, consequently, draws national security discussions on whether such attacks can be deterred or not. And if they cannot be deterred to what extent a policy of pre-emption, much discussed during the Bush presidency as a national security alternative, is more appropriate. Interestingly enough, the article points out much of the discussion resembles the debates over how to program national security against nuclear war in the 1950s and the 60s–a theme that we have visited in the OEP episode. However, or rather to be more precise just because of the reason preparedness had slowly mutated into an autonomous logic of security in the 60s thanks to the irreducible uncertainty of knowing exactly to whom a nuclear missile had belong (with the introduction of submarines) or merely an accidental launch, it seems to be the case that intelligence and national security community does not have much faith in deterrence. As it turns out, as an event a cyber-attack is pretty much an threat without enemy in the VSS language, since the origin of an attack is often impossible to know. And furthermore as far as pre-emption through destruction of the rival’s computer systems before an expected attack is concerned the asymmetrical dependence of the US to digital systems, according to experts, seems to assure the certain defeat of the US in such a cyber-war.

Therefore, the recent efforts of the Obama administration to reform the cyber security policy seems to be an acknowledgement that the problem one faces does not fit so well neither into the domain of sovereign security (as neither a matter of deterrence nor pre-emption) nor to the mode of prevention as a broader approach to security. A senior military officer who has been deeply engaged in the debate for several years, according to the Times, warns of the limitations of a cyber-security approach based on the logic of prevention: “The fortress model [based on building firewalls, better virus detectors, and further restrictions to access to government computers] simply will not work for cyber. Someone will always get in.” Despite these limitations, as the above mentioned report implies (it argues that this issue cannot be left to DHS’s jurisdiction for critical infrastructure security), in what mode security will conducted seems to be a still open issue. Hence, it would be interesting to speculate on how preparedness and VSS might look like in the case of the internet and digital systems…

The irony of the situation in my mind is the fact that internet as a vital communication infrastructure today was invented by the MIT based electrical engineers who were developing a theory of survivable telecommunications and electric networks in the 1960s in the first place as a response to the vulnerabilities a potential nuclear war had posed. Just as a caveat, those experts were the same ones who were at OEP in 1967 designing the plans of a natural gas pipeline through tools of network modeling that was also conceived as a “survivable network” in the face of a nuclear attack or internal and unexpected network failures. Thus, I think what we are seeing is a typical example of the historical process in which vital system security emerges first as a response to specific set of primary problems of the social, such as possible network failures, and then a secondary set of problems and vulnerabilities emerge as different systems become interdependent upon each other.

Before finishing, I also thought it was an interesting piece of data in the light of our conversation on the financial crisis as to what extent the financial system has more and more come to be seen as a vital system not only for the well-being and resilience of the “real” economy, but also a system worthy of national security: Mike McConnell, the former director of national intelligence, apparently had briefed Bush as early as May 2007 on the threat that  if a single large American bank were successfully attacked “it would have an order-of-magnitude greater impact on the global economy” than the Sept. 11, 2001 as “the ability to threaten the U.S. money supply is the equivalent of today’s nuclear weapon.” According to McConnell, the events that took place in the face of the near-collapse of Bear Stearns (and we can add Lehman) invite hackers to sabotage payments and settlements system of the Fed and computer systems of individual banks. In a study began last summer right before the Bear Stearns epsiode in which markets froze on their own accord, they have seemed to simulate a scenario in which the system that clears the market trades freezes.

Given the new set of financial system reforms will create payments and settlements systems for exotic instruments such as derivatives, such a study on the possible secondary vulnerabilities of such systems that are offered as solutions to systemic crisis and risk management gains further importance. Obviously McConnell and his intelligence community is not the only ones doing this work; a group of economists in the Fed, systems analysts circulating between different central banks and a group of scientists calling their discipline complexity science at the National Infrastructure Simulation and Analysis Lab of DHS are also engaged in similar simulations of the financial system with the help of network analysis.