The vulnerability of governmental and financial systems to cyberattacks has prompted calls to action, though experts say the most widely proposed solutions have their own problems.
On Dec. 9, 10 countries participated in a simulated cyberattack “war game” event in Israel, called “Collective Strength,” which was also attended by representatives from the World Bank, International Monetary Fund, and Bank of International Settlements.
In the simulation, cyberattacks wreaked havoc on global foreign exchange and bond markets, access to liquidity, data integrity, and transactions between importers and exporters. Sensitive data appeared on the Dark Web, and the simulation also used fake news reports to add to the financial chaos and cause a run on banks.
Government websites in Canada were hit by a rash of cyberattacks recently, with one prompting several federal and provincial government agencies to shut down their systems. The Canada Revenue Agency said in a statement on Dec. 10 that it took its systems offline due to a “critical vulnerability” found in a widely used logging software. All digital services were restored on Dec. 14.
Given the many cyberattacks on large companies in recent years, the idea behind the Israeli event was to increase global co-operation in an effort to strengthen cybersecurity and lessen potential damage to financial markets and banks.
Thomas Keenan, an adjunct professor of computer science at the University of Calgary and fellow at its Centre for Military, Security and Strategic Studies, says that the exercise was worth having and that Canada should host the next one.
“The world financial system could only stand a few seconds of complete downtime, and then things would collapse. And that would be driven by algorithmic trading and [things] like that. So I think they were very prudent to do this,” Keenan said in an interview.
“Our political systems and more and more systems are becoming critical. We need to spend more attention on security.”
Few details about the event were released, but Reuters reported that the participants “discussed multilateral policies to respond to the crisis, including a coordinated bank holiday, debt repayment grace periods, SWAP/REPO agreements, and coordinated delinking from major currencies.”
In 2020, the Carnegie Endowment for International Peace partnered with the World Economic Forum (WEF) to develop an international strategy to better protect the financial system against cyberattacks. The WEF held its own scenario event called Cyber Polygon in 2020 and 2021, with 200 teams from 48 countries participating.
In the 2020 Cyber Polygon event, WEF founder and executive chairman Klaus Schwab warned that “we all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyberattack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.” He compared such an attack to a “cyber pandemic” worse than COVID-19.
Steve Ambler, a retired Université du Québec à Montréal economics professor, said that such a scenario is “a strong argument for not abolishing cash” and that parallels with a literal pandemic are apparent.
“This strikes me at first blush as the financial sector equivalent of the supply chain problems in [the] goods markets we got with the pandemic. I think it shows that there’s a trade-off between sophistication and interrelatedness on the one hand and robustness on the other,” Ambler told The Epoch Times.
“So there may be an argument for slightly less sophisticated but slightly more robust national financial networks that would be less vulnerable to this sort of thing.”
Consolidated Approach Questioned
Whatever the risks are for “interrelatedness,” the strategy outlined by Carnegie and WEF calls for more of it. Here, “fragmentation” would give way to coordination between financial institutions and national security, and with G7 and G20 nations and beyond. The strategy also explores secure options for migrating information to the cloud in case of an attack.
The proposed international convergence in multiple spheres would even extend to social media, where a single point of coordination between these platforms and the banks would be established so that fake news would not worsen a financial collapse.
“Quick coordination with social media platforms is necessary to organize content takedowns,” says the Carnegie document.
The “coordinated delinking from major currencies” played out in the recent Collective Strength exercise in Israel raises questions as to what would replace the dollar, yen, and euro.
“The centralized global currency idea definitely sounds more Klaus Schwab-ish,” Ambler said, as he questioned a consolidated approach.
“A centralized, top-down system would be monolithic. Breaching ‘central control’ would mean taking over the entire system. The same security measures would be applied uniformly across the board. Hack into one subsystem and you might gain access to them all.”
Keenan says secure and independent custom computer systems were once the norm for major corporate and industrial operations, but no longer.
“In the past, if you had something that was made just for you, you couldn’t be hacked because hardly anybody else knew anything about it. For economic reasons, we have moved to using common off-the-shelf hardware and software, but it brought along insecurities that the people didn’t really think about.”
An impervious system is impossible, according to Keenan, who says the “human factor” leaves people open to bribery or to making mistakes, such as giving access to malware by opening bad email. Nevertheless, he says the collaboration that the WEF is calling for is well underway.
“The G7 is already co-operating on this. The banks are already co-operating. They compete like crazy to get your business, but I’ve been on Canadian Banking Association committees, and when it comes to security, bank fraud, things like that, they actually co-operate,” he said.
“Canada I think is more vulnerable than other countries just because we maybe don’t take it as seriously.”
The Carnegie document called for better national and financial emergency tech response teams, and Keenan is in full agreement.
“I always teased them when they set up an emergency response hotline within the Government of Canada. It was staffed from 9 a.m. to 5 p.m. Monday to Friday, and I made fun of them because I said, ‘Well, this is so the bad guys, when they attack, they should attack during working hours.’
“So I do think there’s always room for improvement.”