Hacking Shock Latest US ‘Global Risk Manager’ Failure…

‘In broader terms, the FAA response (to the Boeing 737 scandal) underlines yet again that the US now risks losing its post WW2 leadership role as the global default ‘risk manager’ in everything from aviation to disease control (the CDC) and ultimately even trade and finance (via SWIFT) because of a steady erosion of credibility and capacity under a dysfunctional administration, as highlighted in the latest book by Michael Lewis, ‘The Fifth Risk: Undoing Democracy’. That lack of competence/capacity will raise the stakes when an inevitable international crisis occurs…’ Weekly Insight, 19th March 2019

‘CrowdStrike’s strength is in the high-growth endpoint security market but also offers services like threat intelligence and cyber-attack response services. Identity management specialist Okta is another cloud-based security software player also now worth over $15bn after a spectacular run (up 5x since early 2018). The shift to cloud-based architecture in the cybersecurity space means that even SMEs will be able to benefit from pre-emptive machine learning led threat intelligence and quarantine. Aside from this cloud shift now underway, blockchain technology could potentially help enhance cyber-defence as the architecture helps prevent malicious activities via consensus mechanisms and to detect data tampering. Blockchains resolve the ‘lack of trust’ problem between counterparties and owing to their distributed nature, blockchains provide no ‘hackable’ entrance or a central point of failure and thus inherently provide more security when compared with legacy database-driven transactional structures. ‘- Weekly Insight, July 22nd 2019

The point made back in that note in March last year about a dangerous lack of US ‘competence/capacity’ has sadly proved valid this year – the disastrous ‘regulatory capture’ failures at the FAA (and China was the first country to ground the 737 MAX) have been repeated across multiple other key Washington agencies (including most disastrously the CDC) which were once the global standard. We end the year with the US accidentally discovering that it has suffered the most audacious hacking attack ever (which seems to have begun at least a year ago – FireEye’s blog covers what we know at this stage well). Investigations into the hack are ongoing, but the failure of national security agencies, like the CDC’s costly failure to roll out effective Covid tests earlier this year, highlights chronic underinvestment in technocratic capacity and a huge degree of complacency.

Yet again, the US has shown stunning ineptitude in exercising its historic role as global reinsurer/risk manager, the topic of Michael Lewis’ timely book. This goes far deeper than the dysfunction of the Trump White House and can’t be readily fixed by the appointment of a more competent and mainstream cabinet. The ‘anti-government’ (ex-sacrosanct military) ideology which has defined Washington politics since the 1990s has hollowed out most key institutions with chronic underinvestment, and has seen government R&D spend on basic science fall to record lows versus GDP. A generation of retiring public servants with decades of expertise have simply not been replaced with people of the same calibre, given Congressionally mandated headcount and budget constraints leading to an accelerating ‘brain drain’ to the private sector among technical specialists in particular. There are certainly now many areas which can for the first time be outsourced to the private sector such as NASA/Pentagon satellite launches, but the capacity to prepare contingency plans to manage tail risks and effectively regulate the destabilising perverse incentives of capitalism remain core government functions.

US market oversight has been eroded to such an extent that the US Treasury market came close to imploding at the depths of the pandemic deleveraging panic – indeed pricing dysfunction and moral hazard have been a key aspect of this year’s events. Liquidity disappeared in bond markets in March as highly leveraged hedge fund basis swap trades collapsed and ‘one click’ bond ETF liquidity exacerbated the fallout. We saw similar chaos in the US oil futures market a month later, after Saudi and Russia briefly abandoned OPEC+ and a small group of UK traders helped crash the expiring physical delivery WTI contract into negative levels.

China’s long-term strategic goal is to become a leading force in setting global standards (as it has successfully in 5G and Asian trade, with a huge EU investment deal pending despite US efforts to derail it) and to make its capital markets competitive with the US in terms of depth of liquidity, breadth of asset classes/products and regulatory credibility, a key precursor to RMB internationalisation. One of the ironies of this year is that US markets have become characterized by a narrative driven retail frenzy, just as mainland ones have become less so on relentless domestic and foreign institution inflows (indeed, ex-China EM portfolio flows have been negative this year).

While there clearly remains a long way to go, Beijing has continued the liberalization of its markets this year and is now leading in pre-emptive policies to ensure long-term stability (the crackdown on Ant Financial should be seen in that context, specifically consumer credit growth as other platforms copied its model). It’s also leading in payments innovations like the digital RMB (likely launching within 12-18mths) and the blockchain infrastructure to manage it. Indeed China is the first country to pose a threat to the US in software (already consumer, with for instance TikTok clearly superior as an engagement engine to US social media peers), because it culturally has no problem accepting the iterative, launch to market and patch errors model it entails in a way perfectionist Japan and Germany never could. That comes at a time when US regulators are behind the curve and allowing dangerous levels of speculation to develop via single stock options etc.

Pandemic tail risk was regularly highlighted by epidemiologists and healthcare policy makers but not remotely reflected in government preparedness ex Asia. We’ve covered cybersecurity tail risk over recent years as an attractive investment theme via stocks such as CrowdStrike, and we are clearly getting closer to a nation state level cyber conflict after a series of escalations in recent years. After this event, issues like cyber security and data privacy can no longer be left largely to the private sector – we will need new oversight and governance structures for the tech giants built around national security priorities as much as consumer data privacy rights. 

US officials are still working to understand the full consequences of the hack, which is a hugely successful attempt to spy on internal communications and steal critical national security information (it hasn’t been a destructive attack that damaged or shut down computer systems, as some major cyberattacks have done in the past, but clearly makes that potential future escalation far easier). This doesn’t look great news for the rollout of the ‘Internet of Things’ model in the US (accelerating via 5G in firewalled China, with Beijing pushing Alibaba/Tencent to develop relevant enterprise software), which inherently means a massive increase in the number of potential hacking entry endpoints via industrial and logistics infrastructure etc.

Indeed, the implications of this event may prove net bearish for the software sector ex security next year – US networks have become dangerously open and interconnected and as with healthcare post Covid, rebuilding resilience will become a long-term policy priority. The full ramifications will become clearer in Q1, but after the shambolic pandemic response, it should be sobering amid the current hubris in markets that the US has found itself so astonishingly vulnerable to brilliantly engineered malware. Threats which could disrupt our entire digital infrastructure at any moment will have to be taken as seriously as viral ones. Perhaps the Russians should reverse their cyber intelligence division into one of the exploding list of Wall Street SPACs, but I suspect the Chinese will make them an offer they can’t refuse first.

2 thoughts on “Hacking Shock Latest US ‘Global Risk Manager’ Failure…

  1. Pingback: 2020xii31, Thursday: Some things don’t add up. – #RemoteAccessBar

  2. Pingback: 2020xii31, Thursday: Some things don’t add up. – #RemoteAccessBar

Comments are closed.