‘Cyber Pandemic’ Cure Worse than the Disease

Commentary, Disruption, Lee Harding

The old adage “Never let a good crisis go to waste,” has found new life. Klaus Schwab, World Economic Forum Founder and Executive Chairman has said a “cyber-attack with COVID-like characteristics” could soon strike the world and “bring a complete halt to the power supply, transportation, hospital services, our society as a whole.” Too bad the cure seems worse than the disease.

Sure enough, cyberattacks have become more commonplace since Schwab made his comments in mid-2020. In May of 2021, Ireland health services, the Colonial Pipeline in the U.S., and the world’s largest meatpacker, JBS, all suffered ransomware attacks. On October 30, 2021, a cyberattack caused tens of thousands of medical appointments to be cancelled in Newfoundland and Labrador.

But have no fear, Schwab is here. The WEF partnered with the Carnegie Endowment and commissioned Tim Maurer and Arthur Nelson to pen the “International Strategy to Better Protect the Financial System Against Cyber Threats.” 

The authors say that with financial services companies and tech firms looking increasingly alike and central banks pursuing digital currencies, “Malicious actors” now have golden opportunities to compromise “financial data, such as records, algorithms, and transactions; few technical solutions are currently available.”

“This rapid evolution of the risk landscape is taxing the responsiveness of an otherwise mature and well-regulated system.”

If the old system was so great, why change it? Thank God there’s still cash around. Though counterfeiting is a problem, in the grander scheme of things, it barely devalues a currency—much less than lending institutions, fiat currencies, and deficit-spending governments. Nevertheless, the push for cyber money goes on, and to facilitate it, the authors have 32 recommendations and 44 supporting actions to be done by 2024.

“Given the scale of the threat and the system’s globally interdependent nature, individual governments, financial firms, and tech companies cannot effectively protect against cyber threats if they work alone,” the authors say.

“International and multistakeholder cooperation is not a ‘nice-to-have’ but a ‘need-to-have,’” the authors say, as they propose the development of “cyber diplomacy” between nations who would help each other with prosecutions. “This implies that the financial sector and financial authorities must regularly interact with law enforcement and other national security agencies in unprecedented ways, both domestically and internationally.”

This answer to a vulnerable, interconnected world is to impose interconnected controls in the name of security. The supposed banking maxim, “Let us control the money of a nation, and we care not who makes its laws” would give way bank hotlines police and spy agencies across national lines, plus—get this— a veto button for social media.

Supporting Action 1.7.1 says, “Major financial services firms, central banks, and other financial supervisory authorities should identify a single point of contact within each organization to engage with social media platforms for crisis management. Quick coordination with social media platforms is necessary to organize content takedowns. Social media platforms will be more responsive to a single collective point of contact than to ad hoc communication with many financial institutions.”

Wow. But not only would social media censor for central banks, they would also become its megaphone. Supporting Action 1.7.3 says, “In the event of a crisis, social media companies should swiftly amplify communications by central banks, such as corrective statements that debunk fake information and calm the markets.” The ban of all mentions of U.S. election fraud was cited as an example.

Hmm, so if a real cyberattack threatened to cause a bank run, would the banks just say, “Hey Facebook, this’ll be really bad for us, but it’s true, so don’t censor it”? That’s doubtful, but hold now because the web stretches even farther.

“[G]overnments and financial authorities should lead whole-of-society exercises, including industry…to identify weaknesses, such as divergence between decision-making timelines in financial markets vs the national security community…” Oh? So the New York Stock Exchange should time their decisions lockstep with the NSA, FBI, or CIA?

The authors even want the North Atlantic Treaty Organization, Shanghai Cooperation Organisation, and International Committee of the Red Cross to call for clarification on how international law would apply to cyber-attacks.

And once this template is complete, they want it duplicated in other spheres. “Focusing on the financial sector provides a starting point and could pave the way to better protect other sectors in the future.” Just imagine when the United Nations becomes United Government, Industry, Food, Commerce, Military, and Intelligence.

Ironically, to build the case for all of this, the authors wrote, “[T]hose who learn how to steal also learn about the financial system’s networks and operations, which allows them to launch more disruptive or destructive attacks in the future (or sell such knowledge and capabilities to others).” 

The problem is if everything is internationally standardized, anyone familiar with ‘the system’ becomes familiar with the one used everywhere. To prevent a few eggs being picked off, they’ll all be put in one big, highly fortified basket. By then, the compromise of a few gates (or gatekeepers) would be all that’s required to control or destroy the financial system worldwide.

Cash, anyone?

Lee Harding is a Research Associate with the Frontier Centre for Public Policy.