Imagine two scenarios.
An assassination in Sarajevo. The subsequent chain of events ultimately leads to a world war. An estimated 20 million people die.
A small US bank succumbs to a cyberattack. Amidst carefully placed misinformation campaigns, bank runs and riots, the repercussions start to drag down the financial system. The US blames Russia, calls on NATO under Article 5, where an attack on one is an attack on all, and step-by-step the world explodes into the Third World War.
What unifies these two scenarios is that we are living in an era reminiscent of pre-World War I: the seeds of conflict are sown, irrigated by mistrust, and one spark can start a wildfire.
Last month at their Geneva summit Joe Biden made clear to Vladimir Putin where the US red lines in cybersecurity lie. “Certain critical infrastructure should be off-limits to attack, period,” said the US President. One of the 16 sectors mentioned was financial services. It is a given that the message was also aimed at China, Iran and other hostile states with a track record of cyberattacks.
The US government has been in contact with American banks this year to chivy them into increasing their cyber defences, while Federal Reserve Chairman Jerome Powell stated that cyberattacks are the biggest risk to the system. They can trigger a liquidity run and lead to solvency issues.
One of the most worrying possibilities is a supply chain attack. In a little-publicised paper published by the New York Federal Reserve, Cyber Risk and the US Financial System: A Pre-Mortem Analysis, the authors note that an attack on a significant service provider which connects small and medium sized banks has the potential to cause a systemic event. The concentration of banks using the few existing cloud providers, like AWS or Microsoft’s Azure, for instance, is a clear risk.
The authors also note that in a five-day cyber attack, nearly half of US financial institutions would run out of reserves by day five.
The top concern is not so much a provocation, as a misjudgement, ultimately leading to WWIII. Take the recent Colonial Pipeline attack by DarkSide. They planned to attack the business side, not the operational side, which is responsible for transmitting roughly 45% of East Coast fuel. They knew the latter would be perceived as an attack on infrastructure, bringing the might of the US intelligence services down on them for straying into the political arena.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our other motives,” they swiftly posted on their Dark Web page, as they sought to excuse their error and distance themselves from suspicions of links to the Russian government.
There is no easy solution to the uncertainty of who is behind a cyber attack, nor to mishaps prevalent in a digital world.
But there is a clear need for key sectors to take a big step up in cybersecurity. Not least with China – which just celebrated the 100th anniversary of the Communist Party amid Taiwan fly-overs – on what looks ever more likely to be a collision course with the West.
Paradoxically, the quantum industry may be the answer to cybersecurity, while also being its biggest threat. The creation of quantum keys which are certifiably random – unlike the current RSA encryption and other standard ones – could provide hacker-free security. At least eleven global banks are exploring quantum safe protocols for security, ranging from JP Morgan to BNP Paribas and RBC of Canada, as reported here by The Quantum Daily (TQD). Around thirty-five quantum companies in countries ranging from Poland to Singapore are working on quantum cybersecurity products.
A handful of years down the line powerful quantum computers may be able to decrypt the data already being harvested by ransomware gangs and hostile nation states – yet another reason to experiment with current quantum cryptography.
Although information is hard to come by, China reportedly has quantum key distribution technology over fibre optic cable between Beijing and Shanghai. In essence, a quantum internet, providing hundreds of kilometres of totally secure communications.
The West is intent on catching up, with governments and companies spending large sums. Germany, for instance, announced in May a €2bn investment in quantum and related technologies, while a month later British start-up Arquit announced a link with defence company Northrop Grumman to explore its own end-to-end quantum encryption. Meanwhile, the US Department of Energy last year unveiled a blueprint for a quantum internet.
The Cold War arms race mostly involved creating weapons of destruction, the so-called Mutually Assured Destruction (MAD) doctrine which, arguably, kept the peace over many decades. In the 21st century, the most important advance in keeping world peace will be security and protection: Mutually Assured Defence – not as MAD.