Digital Transactions Authoritative, insightful and timely information for payments professionals
Christopher Wray, the director of the FBI, recently testified in Congress that China has cyber-penetrated the United States and that its embedded cyber weapons can be unleashed on the day hostilities break out.
This is a sobering thought. Our entire life is cyber-managed: the way we distribute power, water, gas; the way we run our trains and our fleets of trucks; the way goods are pushed to consumers. It’s all cyber, and it is all in the crosshairs of the enemies of the United States.
Money and payments are included in this web, and with it an extra twist. Most of the critical systems mentioned above are centralized, and managed in a top-down way. Payments are inherently free-flowing, highly distributed, and absolutely necessary to keep goods and services available as a life-supporting element.
Both classic money and crypto money are cryptographically bound. Modern cryptography is vulnerable to advanced mathematics as well as to faster computers. The integrity of wired money, as well as that of crypto exchange, is based on the assumption that the attacker will not be smarter than expected. This math advantage, for example, is the basis of the ongoing superiority of the National Security Agency. Alas, one super-smart mathematician on the other side can void this advantage.
It’s time to pivot to a new concept, where ciphers are designed to hold off attackers who are smarter than the people who build the ciphers This new cryptography is costly and less convenient. But it will serve as the building blocks for any recovery plan. These well-planned recovery procedures are not yet a high priority. It is different in China.
A hostile cyber action can inflict either full-force paralysis, or, alternatively, a limited action with a propagating effect. In a limited fashion, errors are introduced into certain bank wires, or placed as a small number of compromised crypto payments. The whole system is intact, but confusion spreads. A lot of attention is diverted to figure out what is happening. And most likely, as I have witnessed it myself, it takes time to realize that one is under a malicious attack, and not under a spell of bad luck. Such attrition-aimed attacks may be quite durable.
What is common to all the vulnerabilities mentioned by Mr. Wray is the need to realize that the borderline between confidence and overconfidence is unmarked, and we most likely crossed it both in classic payments and in crypto exchange. In both frameworks, we need to seriously think about recovery. Catastrophic scenarios need to be specified, and what to do about them needs to be planned in advance because panic is a bad counsel.
I for one advocate for both payment frameworks to think bottom-up. I am part of the thinking that global networks should be constructed from main components, which in turn are constructed from sub-components, down to the individual payor and payee. Such a Neighborhood Based Network (NBN) has built-in resilience to recover from big blows because it has a built-in disengagement capability. A cascaded network is based on the idea of a quarantine—isolating the infected parts. By contrast, a non-structured, flat, infected network does not have a similar capability to keep the clean parts isolated and functional.
The world is experiencing high-intensity, durable wars in various locations. A counter-West alliance is building itself with a hostile mindset. Our cyber dependence is our weak point, with payments in America a prime target. And yet we all like to think that a few cheats and some isolated fraudsters are our only challenge. We had better wake up!
—Gideon Samid gideon@bitmint.com
