Resiliblog
  • Recent Posts

  • Resilitweets

  • To submit a post for publication, please contact our blog editor.
  • A A A

    The SSL debacle

    By Jas Mahrra, on 14 April 2014

    ================================================

    ISRS Fellow, Vinay Gupta comments on the recently discovered “Heartbleed” exploit

    The new OpenSSL exploit, “heartbleed” illustrates some little-considered modes of failure of our modern critical infrastructure environment.

    The error itself is trivial: a single line of code contains the equivalent of a minor clerical error. The bug is a little like a reverse buffer overflow: rather than letting assailants write to memory, it allows them to read from memory – including memory containing valuable information like passwords or crypto keys.

    https://xkcd.com/1354/

    If this bug had affected one site, it would have been unimportant. However, the severely under-resourced team maintaining the OpenSSL library were actually servicing some 20% of the internet. Because the software worked and was available without cost, it was everywhere.

    OpenSSL was widely regarded as a basket case from the beginning: security researchers considered the software (originally written for at most casual use) to have been built on top of far beyond its fundamental integrity. Heartbleed is not the last bug of this size that this codebase might conceal.

    There are allegations that the NSA knew of heartbleed for several years and exploited it as part of on-going internet monitoring operations. The NSA strenuously denies this. There is no doubt, however, that trade on the internet has been valuable for several years because of this undetected bug, and if any agency (on any side) detected it, they would have had a substantial intelligence gathering advantage.

    These issues do not start and end with e-commerce and secure email. There is every possibility that SCADA and smart cities projects are also effected, and potentially systems like aircraft avionics software development environments.

    Bugs are contagious. A breached password is used to load malware, the malware is used to compromise source code, the source code opens up a back door in a factory or on a plane. Contagion was very real in the financial markets, and it is equally real in the sociotechnical systems which develop and support our high-tech economy. We must be wary.

     

    Back to the future with Scottish currency

    By Mandeep Bhandal, on 18 February 2014

    ==========================================================

    ISRS Senior Research Fellow, Chris Cook discusses his framework for an independent Scotland to use the pound, a plan A Plus.

    The article was posted on the Financial Times, Alphaville on February 17, 2014.

    The rejection by all the Westminster parties collectively of the SNP’s Plan A for a post-independence UK currency union has elicited a string of possible Plan B solutions, several of them already considered and rejected as inferior to Plan A by the SNP’s expert group of ‘wise men’.

    But the current debate is ill-founded, since the UK can have no more control over who uses the £ symbol as a unit of account, than they can have control over the use of metres and kilogrammes. As for currency, which is not necessarily the same thing as a unit of account, any number of countries ‘peg’ their currencies to a stronger currency as a unit of account.

    The Republic of Ireland pegged their currency to the £ sterling for decades, and Hong Kong firstly pegged their currency to the £, and then after a brief and unhappy flotation, pegged their Hong Kong $ to the US dollar. Other countries go further, such as Ecuador and Panama, and actually use another country’s currency, which increases the dependence of these nations on that country’s monetary and fiscal policy.

    All of the current Plan A and B proposals involve the creation of currency by a central bank – whether the Bank of England or the European Central Bank – and the creation of credit by private banks. But my proposal – let’s call it Plan A Plus – is complementary to the existing proposed Plan A, since it envisages a different monetary and fiscal architecture.

    One of the subjects of my research as a Senior Fellow at the Institute of Security & Resilience Studies, University College London has been whether there may be possibilities for the future arising out of practice in the past. Because clearly UK sovereigns did fund their expenditure for many centuries before the Bank of England came along in 1694; while trade and enterprise also flourished long before the Joint Stock Company came along perhaps 400 years ago.

    Sure enough, it is here – Back to the Future – where the basis of a Plan A + may be found.

    Treasury to Taxpayer (T2T)

    The credit of sovereigns was and is based upon their capacity to levy and collect taxes, and for centuries sovereigns raised funding to fight wars and carry out public works on the basis of their credit. The king’s treasury would propose to tax-payers – most taxes were land-based in those days – to prepay taxation at an agreed discount, let us say a £2 discount for a £10 tax pre-payment, usually made in kind, such as in goods or services provided to the sovereign.

    The taxpayer would receive a record of prepayment, which was the half of a split ‘tally stick’ known – interestingly – as the ‘stock’, with the ‘counter-stock’ being retained by the Exchequer. When the tax was due, the tax-payer would take the £10 stock instrument to the Exchequer; it would be matched; the obligation to pay £10 tax would be met; and the taxpayer would realise a profit of £2 or 25% on his prepayment.

    The accuracy of this explanation of national accounting remains indelibly in our language today, firstly in the origins of the phrases Tax Return, which was the accounting event of a physical return of a token, and secondly, in the phrase Rate of Return, which was actually the rate over time at which the (say) 25 per cent profit from the discount could be realised: the more tax you paid, the faster was the rate of return of the stock.

    The use of the word Stock in its original meaning of an undated credit instrument has also fallen into disuse. It has been replaced by the twin peaks of finance capital: Equity (permanent shares of ‘Common Stock’ or Joint Stock’ in a Company legal vehicle) and Debt (temporary interest-bearing Loan Stock) and of course the government gilt-edged stock or gilts, which misleadingly have been termed the National Debt.

    So the reality is there is no such thing as a National Debt: it is and always has been a National Credit, based upon the power of the Treasury to levy and collect tax directly from taxpayers.

    So this proposed Plan A + is based upon the simple concept of direct T2T issuance of credit instruments by a Scottish Treasury firstly to fund its expenditure and secondly to provide the circulating credit necessary for the facilitation of trade and the creation of productive assets, and productive in every sense – not just productive of profit.

    How it Works

    The Treasury will simply create and issue whatever credit is necessary. At the operational level, system management, accounting, credit creation and issuance would be managed by service providers who would cover agreed costs, and also have a stake in the outcome, through the use of a partnership structure. A Scottish Monetary Authority would supervise and set standards.

    In other words, we would see banks and credit unions transition from a role as middlemen, who come between lenders and depositors and take the credit risk, to pure service providers. This would be fine with the banks, because the only capital they then need is that necessary to cover operating costs.

    Surely such a utopian mutual architecture will never work? Well actually, it already does, in the shipping industry where those risks which Lloyd’s of London will not insure have been mutually insured by Protection and Indemnity (P&I) Clubs for some 140 years. These Clubs have been managed by the same service provider – Thomas Miller – for 135 years. What works for shipping risk will equally work for credit risk.

    But surely you need a Central Bank as a lender of last resort? In fact this has never been necessary, since the buck has always stopped with the Treasury. Central Banks today operate as the ‘fiscal agent’ of Treasuries, creating modern money as credit and spending it on the instructions of Treasuries.

    Great theory, but it’ll never work in practice? Well actually, Hong Kong has never had a Central Bank and the three HK clearing banks issue bank-notes and create credit supervised by the HK Monetary Authority.

    Show me the Money

    The current rather esoteric position is that the issuance by three Scottish banks of their own series of Scottish bank-notes is backed £ for £ by the Bank of England’s internal issuance of £1 million notes (‘Giants’) and £100m notes (‘Titans’) somewhere in the vaults of the Bank of England.

    There is no reason whatever why a Scottish Treasury could not – under the supervision of the Scottish Monetary Authority – create and issue its own Titan and Giant Treasury Notes in virtual or paper form and denominate them in pounds sterling purely as a unit of account. The three Scottish note-issuing banks -and any other prospective note issuers – could then continue to issue notes to fulfil the public requirement for cash, precisely as they do now.

    This brings us to the fundamental question of all currency: as the economist Hyman Minsky pointed out “Everyone can create money; the problem is to get it accepted”. In other words, what would be the basis of this Scottish currency, and why should people trust it?

    A Matter of Trust

    Treasury credit is underpinned by or based upon the tax base, and as we have seen, UK sovereign funding consisted for centuries of Treasury credits issued at a discount and returnable in payment for land taxes.

    In 1705 that remarkable Scot, John Law, made a proposal – “Money and trade considered: with a proposal for supplying the nation with money.” - in which he set out a plan for a centrally issued land-backed currency for Scotland. Clearly the world has moved on from the largely agricultural society of that time when most of the economic value arose from the use of land.

    However, I believe that Scotland now has – in creating a monetary and fiscal system fit for a 21st century knowledge economy – the opportunity to greatly simplify and make more equitable the future productive value of what has been called the Common Weal of Scotland. The fact that some 500 people (including many foreigners) own more than 50 per cent of Scotland is clearly one avenue to explore.

    So perhaps by decentralising the Treasury into Treasury Branches (as was done in Alberta in the 1930s) one could imagine local Danish style levies on land rental value. But instead of these being hoovered up by central government, they could simply be pooled and then re-distributed directly to local people as land levy credits denominated in £s and acceptable in payment for property occupation In this way, those with above average use of the Common Weal of land would make a net transfer to those with below average use.

    Similarly a levy on carbon fuel use could be collected and the resulting pool distributed as an ‘energy dividend’ of energy prepay credits, both to alleviate fuel poverty, and to enable direct investment in renewable energy, and above all, in Danish-style community heat infrastructure.

    But, one step at a time. Politics is arguably the art of the ‘adjacent possible’, and it is completely possible, straightforward, and above all in the interests of the banks themselves, to make a transition to a direct Treasury to Taxpayer (T2T) credit and currency system managed by a new breed of banking service providers. Meanwhile, Government funding would be raised using the undated prepay tax stock instrument.

    In this way Scotland may be the first country to create, and monetise, the National Credit.

     

     

     

     

    Eco Cities 2013 – a Free Ride?

    By Mandeep Bhandal, on 3 October 2013

    =========================================================

    ISRS Senior Research Fellow, Chris Cook provides an account of his experience at the ECOCITY, the World Summit on sustainable cities held in Nantes, France on 25 – 27 September.

    One of the subjects discussed on several panels during the 2013 Eco Cities conference was transport policy and the conflict between optimal policy from an ecological perspective, and from a conventional economic perspective was evident.

    Firstly, at a session on ‘Urban Services: what is the right price?”, Allan Alakula, Head of Tallinn’s Euopean Union Ofice in Brussels, outlined the policy in Tallinn, Estonia implemented earlier this year to make all public transport free.

    It was pointed out in discussion that ‘free’ does not mean ‘without cost’ and a lively discussion soon developed in relation to the basis of the local taxes which fund the service, which apparently fall upon local income.  It was pointed out that – leaving environmental issues to one side – this meant that local property owners, the value of whose property benefits greatly from good public transport links, were literally getting a free ride at the expense of those who do not own property.

    Anders Roth, Environmental Manager of the City of Gothenburg’s Traffic and Public Transport Authority was one of my co-panellists the next day on the subject of ‘Local Environmental Taxation: Incentives and/or subsidies’.

    He outlined Gothenburg’s interesting new approach to congestion charging of ring roads, and their experience in relation to the results of a policy to tax employer-provided car parking.  It is not straightforward to encourage intermodal shifts without unforeseen consequences.

    In relation to free public transport, he said that Gothenburg had considered it, but had rejected it because it was seen as a regressive policy which benefited the better off relative to the less well-off.

    I outlined in discussion that a local levy be made on carbon road fuel, and that a ‘carbon dividend’ might then be paid equally to Gothenburg citizens in credits returnable in payment for public transport use.  The outcome would then be that those with above average carbon transport fuel use make a net transfer to those with below average use, and that greater funding for improved public transport services is also available.

     

     

    Eco Cities 2013 – Human Resilience and the Resolution Trade

    By Mandeep Bhandal, on 3 October 2013

    ========================================================

    ISRS Senior Research Fellow, Chris Cook provides an account of his experience at the ECOCITY, the World Summit on sustainable cities held in Nantes, France on 25 – 27 September.

    Representatives from Cities all over the world came together from 24th to 27th September 2013  in Nantes to discuss with representatives from other sectors – private sector, social enterprise and academia – a broad range of subjects with an ‘Eco’ theme.

    The first panel on which I contributed was titled Fostering the mutualisation of goods and services with economic and legal frameworks.

    The objective was to discuss the following questions.

    Mutualisation of housing has a twofold objective: the optimisation of the use of resources in the city and the reduction of its ecological footprint. To what extent can cooperatives and co-housing projects achieve this mutualisation goal? How to spread these economic and legal models to other functions of the cities? What are the social benefits of such organisational modes?

    Human Resilience

    One of the participants, Pierre Zimmermann, outlined interesting initiatives over the last decade by the City of Strasbourg in respect of ‘autopromotion’ self-build projects using municipal land.  But even with a sympathetic administration such initiatives faced slow going due to competition from the private sector; institutional inertia within the public sector; and the ever-present problems of sourcing development financing and long term funding.

    The second presentation was extremely relevant to the subject of human resilience. In 2003 thousands of the elderly died alone in France from the effects of the prolonged heat wave that summer.  This unprecedented mortality brought home the fact that a large number of the post-war generation, the majority being female, now lived alone, often in substantial properties, with no-one to visit or care for them.

    As a result, Aude Messéan founded Le Pari Solidaire, a charity which brings together students with a need for accommodation with elderly people with spare accommodation, and a need for company, and some light assistance.

    Protocols and Prepay

    Both of these presentations brought home the need for the unconventional frameworks for property occupation and tenure which I have been developing, and which are based upon legal framework agreements and financial instruments which pre-date modern finance capital.

    The two elements are firstly, the Capital Partnership revenue sharing protocol within which productive assets may be financed and funded, and secondly, the simple but radical rental pre-pay instrument which enables funders to invest directly at a discount in units returnable against future streams of rental income.

    As the panel discussed, such rental units would firstly enable self-builders in Strasbourg to be rewarded for their efforts with sweat equity paid in rental units. Secondly, it could enable the scaling up of La Pari Solidaire through generic exchange of care for rental units of property occupation. This could bring together a generation which is ‘long’ of property, and ‘short’ of care, for themselves and their home, with a generation which is long of care but short of a home.

    I think of this exchange as the ‘Resolution Trade’ through its capacity to resolve otherwise intractable issues, including the above inter-generational exchange , but extending to the resolution of unsustainable property debt.

    What Resilience Means To My Generation?

    By Mandeep Bhandal, on 21 August 2013

    ===================================================================

    Following a two week Internship Programme at ISRS, Iona Palmer-Baunack provides an assessment of what resilience means for her generation.

    What Resilience Means To My Generation?

    When I first came to the Institute for Security and Resilience Studies I must admit that I had no idea what resilience was or what the word even meant and I know for a fact that a lot of my peers would agree with me in saying that neither do they; unfortunately the people of my generation don’t understand this concept of resilience even though it is a concept that surrounds them in everyday life and will be an important component of their future.

    Many people of my age, including myself before I came to do my internship at ISRS, will hear about the war in Afghanistan, the on-going conflict in Egypt, or a flood in Wales yet they don’t think about the effects of any of these situations- it goes in one ear and out the other. However, what I have come to realise is that these issues that my generation don’t take any notice of effect or could have a direct effect on us, for example:  the current situation in Egypt may seem like a million miles away to any one of my friends but what happens when that conflict becomes bigger and develops into a civil war which leads to repercussions such as a rise in oil prices- what someone my age doesn’t think about is that rise in oil price for example could directly affect them if their parents could no longer afford the increase in petrol for their car or gas for the heating in their house then they will be directly affected.

    Furthermore, it is not just about the theoretical side of resilience and understanding that an everyday news bulletin could have an effect on us it is also realising that resilience is incredibly important for our generation, if not  more so than for our parents’ generation, as we will live in a world of increased population and increased demands for products. What my generation needs to begin to understand is that we will be the ones having to come up with solutions and new innovations to deal with a population of potentially 10 billion people who all want cars, computers, or mobile phones and therefore we will have to come up with new ways of being able to deal with this increased demand, i.e., finding new resources and inventing new ways to export and import products in order to reduce the danger of global warming. And it is not just about these luxuries that one must think about but also the simple things such as food, if the population reaches or even exceeds 10 billion people the demand for food will of course increase, but it is clear from various amounts of studies that have taken place that there is not enough suitable space on our planet to cater for that many people in terms of growing crops and farming animals- therefore yet again it will be my generation who either have to suffer and live with the consequences and maybe even face huge cases of famine or my generation who deal with the risk that we can foresee and come up with new innovation in terms of supporting this increase in population.

    Another very important aspect of resilience concerning my generation is cyber; as a generation we have grown up in a world filled with computers, mobile phones, iPads, and various forms of social media and if we were all honest we would not be able to survive without them but what we don’t see is the risks that are involved in the cyber world. For example: a popular iPhone app nowadays is SnapChat which is an app where you can send a picture to someone which is deleted within 10 seconds, however it is not deleted but it is kept on a data base so what you send ultimately could be traced. Another key example is in social media, teenagers seem to assume that Facebook is a safe forum however it is not – anyone can hack into your account and find the information they are looking for- so do not go telling everyone you’re on holiday for a month!!! A final example is that of internet banking- internet banking has become increasingly popular over the years and I believe that within a couple of years our generation will only be banking online but do we realise the dangers of this? What happens if a terrorist attack takes place online?  How would we access our money? And what would the repercussions be for us as a country?

    So in conclusion, I think that resilience is so incredibly important for my generation especially and that if we don’t, as a generation, begin to realise this and learn about resilience and what it really is then we are going to face major problems in our future and even ruin what generations before us have achieved for us.

     

     

     

    Generation Z Resilience Quite Simply Doesn’t Exist

    By Mandeep Bhandal, on 21 August 2013

    ======================================================================

    Following a two week Internship Programme at ISRS, Imani McKoy provides an assessment of what resilience means for her generation.

    Generation Z resilience quite simply doesn’t exist

    Well of course it does but to an extremely small degree.

    In school we’re taught Science, Maths, English and how to please an examiner. We’re not taught how to apply the things we learn in these extremely interesting subjects to our everyday and future lives – quite odd considering the emphasis they place on knowing what we want to do and where we want to go in life. For the older generation, awareness of resilience is surely helpful but not vital to the extent that it is for both mine and younger generations. Why? Well because issues like global warming and material scarcity, are less likely to affect them as they’ll no longer be here to face these problems at their peak. However, awareness and understanding of resilience and its importance is vital for the development and sustainability of theory and practice as the younger generations proceed.

    At 17 years old, I hold a pretty firm idea of what I wish to do and where I want to go in life, but that’s not because I was born within a court of law or with a passion for heavily bound books; it is because during my years, I have explored various fields and ideas – enabling me to form a calculated decision based on what I’ll enjoy. Having spent almost two weeks at the Institute for Security and Resilience Studies, I have been able to view things in a different light to how I would have previously. Looking at the wider picture has become an essential part of my time here at ISRS, not only broadening my mind to the kinds of issues present – but the kinds of problems that can arise as a result. Having mainly studied Science for all of my academic life, I can now see how linking ideas and concepts fit into a practical working environment; but that was not due to the curriculum – that was due to ISRS. More specifically, it was due to me taking my own time to pertain to an environment and way of thinking that I wasn’t used to and realising that everything is in fact networked.

    As part of the tedious Key Stage 3 curriculum in most secondary schools, we’re forced to study Citizenship; which means several hours per week of relatively useless discussions about Religion, Racism and Ethnic Minorities – which don’t get me wrong, are fundamental concepts to be covered, but again we have to look at the wider picture. The time spent teaching what 84% of the world’s religiously practicing population is learning, either at home or at the church, mosque, temple etc. should be used to highlight the issues arising in today’s world and how central we are as a force to deal with them.

    Resilience is a subject that should most certainly be drafted into the curriculum, perhaps not as a mainstream subject but at least as a discipline. During this internship I have realised that not enough of us acknowledge or are even aware of the importance that resilience has over our lives; particularly seeing as though it is essential to all work environments whether you want to be a doctor, barrister, diplomat or even teacher. Having at least a basic knowledge and understanding of resilience would benefit the younger generations as well as my own, in the sense that the decisions we make and actions we take will be based more upon tactical judgement, rather than relative assumption.

    Generation Z resilience exists – we just don’t know it yet.

     

     

     

     

    ISRS Intern Programme: Resilience Themes of Importance

    By Mandeep Bhandal, on 20 August 2013

    ======================================================================

    ISRS Intern Programme: Resilience Themes of Importance

    The Institute for Security and Resilience Studies (ISRS) has developed a two week intensive junior intern programme, to enable interns to gain knowledge and experience in the field of security and resilience. During the two week programme, our two interns, Imani McKoy and Iona Palmer-Baunack have been introduced to the concept of resilience and its associated themes. They have undertaken research tasks, delivered presentations, received lectures and attended visits relating to the ISRS Research and Innovation Challenges. The diverse programme has been designed so as to enrich the intern experience by exposing the interns to pertinent issues of huge importance in our networked world today – including energy security, financial stability, cyber security and geopolitics & statecraft.

    Imani and Iona have provided a brief assessment on a resilience theme of their choosing:

     

    Imani McKoy – Cyber Security & Resilience

     

    Where does it go? What happens to it? Who else can see it?

    Despite the numerous firewalls and other security measures put in place to protect our most covert information, it is still possible for it to fall into the wrong hands. With the ever growing industry that each generation is becoming increasingly susceptible to, we never truly take the time to consider the possibility of our secret Snapchat’s, private messages on the likes of Twitter and Facebook or undisclosed bank details reaching unknown and undesirable third parties. There are four aspects to consider when covering cyber security: cyber risks, cyber-attacks, attack vectors and a solution.

    Cyber Risks:

    The first of three to consider would be Cyber Crime, both that which could occur at the hands of one individual or an operational group. Those involved would use whatever means possible to disrupt the general running of a system; typically for the general purpose of obtaining an unsuspecting persons credit card data. Another cyber risk to consider is the possibility of Cyber War which can occur between members of one nation state to another. The perpetrators are usually what is referred to as APT’s (Advanced Persistent Threats); a term used to refer to a group (e.g. a government) with the capability and the intent to persistently target a specific entity. An APT may operate to gain access to sensitive information or even to pose even greater threats such as espionage. The third risk (not to say that it’s the last) that will be covered is Cyber Terror. As illustrated, any possible cyber risk has one basic objective – intrusion. The risk of cyber terror is one that details the actions of independent organisation of nation states that conduct terrorist activities via the internet. This would usually involve major disruption of computer networks, using a type of attack widely known as a virus.

    Cyber Attacks:

    There are various types of cyber-attacks that can occur – each being a product of an underlying aim. Trojans are used as an entry point on a computer where information can then be accessed, stolen and damaged on a system; they do so in the form of seemingly harmless programmes but are actually functioned to do things very different from what they appear to do. Viruses are developed to gain access to steal, modify or corrupt information stored on a specified system; viruses achieve their aims by the insertion of a small piece of self-replicating software that attaches itself to files – essentially spreading from one drive to another. Another attack mechanism used is Worms, which exploit the weaknesses of a system; again similar to viruses, are self-replicating software. Spyware is forever attempting to take control of computer systems, with the intent to collect personal information; once control is secured, the saboteur may download infected software. These are only some of many ways in which attacks occur via cyberspace due to the constant innovation of cybercrime – constant innovation being essential to successful resilience.

    Attack Vectors:

    There are numerous ways for attackers to achieve their almost common goals. A common example would be social engineering which exploits the weaknesses of individuals – examples of this type of vector include phishing and pharming.  Typical types of phishing/pharming include the use of spoof emails and fake websites, which demand the personal information of unsuspecting individuals, eventually compromising their information once obtained. Another vector used by some includes something called MITM where what is referred to as a middleman may impersonate an endpoint, enabling them to manipulate not one but two individuals; similar to the typical exploitation of weaknesses within a system.

    Solution:

    The fact that these very issues exist does not mean that our information is not relatively safe; it just means that we have to take extra care of how we distribute our information. There are many reforms set in place to ensure that information remains safeguarded from official legislations such as the Telecommunications Regulations Act of 1998 and typical firewall systems; all aiming to provide cover against both deliberate and opportunistic attacks. However, cyberspace is a highly unregulated medium, leaving cyber criminals with many entry points and one way to ensure that the effectiveness of these is greatly reduced is to carry out a risk assessment. This assessment should consider people, processes and technology. The competency of resources, professional skills and qualifications of staff and availability of staff training should come into focus – along with management systems and governance framework. As previously mentioned, cybercrime is constantly innovating but by ensuring that the correctly qualified people are in charge of security protocols and are prepared to respond and recover from either a potential threat or an act of cybercrime, the safety of our information is firmly in place – for now.

     

    Iona Palmer-Baunack: Cypriot Economic crisis: Quick Turn Around

     

    In 2013 the Cypriot economy faced a major crisis following the exposure of Cypriot banks to overleveraged local property companies, the inability to refund its state expenses from the international markets and the government’s reluctance to restructure the troubled Cypriot financial sectors which led to a 10 billion euro bailout from the EU.

    This economic crisis in Cyprus has had many effects on the state of Cyprus; being someone who visits the country every year I myself have seen the effects that the crisis has had on Cyprus. In previous years one would see a booming tourism industry, low tax rates on various products such as alcohol and cigarettes, and a thriving property industry. However, having visited the country this year one can see the damage that this crisis has had on the country – seeing barely any tourists in the high season, increased tax rates, expensive food and resources and half-finished buildings.

    It can be argued that due to a lack of resilience Cyprus has fallen into this state, for example it did not see the risk nor was it prepared for the risk when buying into bonds in Greece. However, I believe that Cyprus is in fact a truly resilient country.

    Firstly, the country of Cyprus has reinvented it’s economy on various occasions: after gaining its independence from Great Britain in 1960, a coup by the Greek junta and a military invasion by Turkey in 1974, the Lebanese civil war in the 80s and the Gulf war in 1991 and it still each time continues to develop its economy and reinvent itself.

    Secondly, Internationally in the business world Cyprus has reinvented itself since the financial crisis due to the fact that it has close to 50 double tax treaties, a fully EU-harmonised tax and legal framework and one of the lowest and most competitive corporate tax rates in Europe – it therefore provides an attractive base for international businesses. This will ultimately begin to boost the economy to a stronger position than it held before.

    Furthermore, since the bailout the government has increased its work in innovation in order to make sure a crisis like the one experienced earlier this year does not come about again. The Cypriot government has been fully focused on implementing strict austerity measures to restructure the economy and has announced new incentives to attract more investment.

    Finally, what has been a great prospect for Cyprus has been the discovery of hydrocarbon reserves in its exclusive economic zone – leading to an interest from other countries.

    So my argument is that although Cyprus faced a crisis and did not prevent it from happening through various measures it took and mistakes it made, it is actually using the way ISRS define resilience in order to “bounce forward” as it is renewing and recovering its economy through a flow of events that has happened such as the discovery of hydrocarbons. And as well as bouncing forward and reinventing itself as a country it is also trying to implement measures so that a crisis like the one experienced in 2013 will not come about again. Therefore in my opinion the Cypriot Economic Crisis was actually for the better as the country seems to be coming out of it into a better position than it was before.

     

     

     

     

    The Next Shoe

    By Mandeep Bhandal, on 19 July 2013

    ===============================================================

    ISRS Senior Research Fellow, Chris Cook in this article addresses the susceptibility of financial markets to a price discontinuity, and why the current regulatory policy might almost have been designed to make a bad situation worse.

    The Next Shoe

    In the summer of 2005 I was invited to speak – in relation to energy markets – at a conference in Lausanne convened by the Geneva Centre for Security Policy on the subject of ‘Economic Terrorism’.  Essentially this conference concerned the resilience of financial rather than physical infrastructure to attack by terrorists using economic rather than physical means.

    My message was that the existing market architecture concentrated risk in centralised organisations such as banks and clearing houses to an extent that was not appreciated. I made the wry observation that the only difference between a hedge fund and an economic terrorist was their motive.

    In October 2008 the first shoe dropped.  Following the collapse of Lehman Brothers, which I regard as a milestone in the evolution of markets, we saw the financial system freeze up almost entirely. In fact, in the UK we came two hours away from the ATMs being switched off, and a day or so from what has been described as ‘shopping with violence’.

    In the aftermath of this seminal event we saw dollar interest rates crash to zero, and the Federal Reserve Bank embarking on the massive money creation and injection into the financial system known as Quantitative Easing (QE). The reaction of investors to these events was to pour their dollars into the new breed of Exchange Traded Funds (ETFs) which invested in non-income producing assets such as gold, metals and commodities as a ‘hedge against inflation’, to use the marketing phrase adopted by the investment banks who manufactured these funds

    In a cosmic irony, this inflation hedging passive investment had the effect of financialising the markets in which it became dominant; creating correlated bubbles; and causing the very inflation these risk averse (the complete opposite of risk taking speculators) and passive investors sought to avoid.

    Regulatory Response

    As a response to the Lehman meltdown the regulators acted to address the revealed systemic financial instability.

    They decided that the best response was to bring the opaque bilateral ‘over the counter’ market in the derivatives, whose leverage was a major factor in the problem, into a central clearing house.

    The good news is that this does indeed provide transparency to regulators: the bad news is that it concentrates market risk in a single point of failure which is susceptible to discontinuities in price following ‘Black Swan’ events.

    Market Discontinuities

    The best known example of a market discontinuity was the 1985 Tin Crisis which occurred when a  cartel of tin producers which had been supporting the tin price using London Metal Exchange forward/futures contracts ran out of money. The price literally collapsed overnight from $8,000 per tonne to $4,000 per tonne; the exchange imposed a settlement price at $6,000 per tonne, and litigation by those adversely affected rumbled on for many years.

    Such a discontinuity is quite possible today, particularly in the market in crude oil, which has been the subject for years of a macro manipulation by producers who obtain cheap finance from the ‘inflation hedger’ funds mentioned above.  Essentially the producers lend oil to passive investors – using derivatives or the prepay contracts rediscovered by Enron – while the passive investors lend dollars to producers.

    The prepay mechanism is now in routine use. For instance, Russia’s Rosneft is unwilling to sell ownership (equity) while banks are unwilling to lend to Rosneft (debt).  So we now see, as a third way between equity and debt, the major trading houses Glencore, Trafigura and Vitol entering into crude oil prepay contracts with Rosneft, where they buy crude oil at a discounted price for cash now and delivery later.

    These trading houses borrow the necessary dollars from banks and then offload their market price risk onto the relevant clearing houses.  In my view, the transparent and direct use of prepay instruments for financing (Peer to Peer credit) and funding (Peer to Asset credit) will lead to a resilient networked financial system.

    But the current opaque use of prepay instruments by intermediaries – notoriously pioneered by Enron – is an accident waiting to happen, exacerbated by the wave of demutualisation of exchanges and the fragmentation of clearing houses into proprietary siloes.

    This is because Risk is akin to Energy: it cannot be destroyed: it can merely be moved around and change state. The market risk formerly taken by banks has now been outsourced to Clearing Houses which are not in my view capitalised for the true risks they run.

    Many of those investors who were worried enough about inflation to hedge it using ETFs are now selling their units and buying into asset classes like stocks and property which offer at least some yield.

    As this fund money drains out, the financialisation comes to an end and commodity price bubbles will deflate: the only question is the rate at which this fall in price will occur, and I believe that there is a significant possibility that a market price discontinuity like that in the 1985 tin market could well be the next shoe to drop.

    Not only are the regulators failing to address this systemic risk: the centralising policies they have been developing might almost be designed to create it.

    Can we standardise resilience?

    By Jas Mahrra, on 25 June 2013

    =================================================================

    Dan Fox, ISRS Associate Fellow reports on the latest developments for a Resilience Standard

    Can We Standardise Resilience?

    At first glance, the title of this post might strike many as one of John Rentoul’s famous Questions To Which The Answer Is No (#QTWTAIN). Resilience, after all, is about flexibility and agility in the face of change. Any sort of ‘standardization’ would surely contradict such a process. But a surprisingly nuanced debate that has taken place within the International Organization for Standardisation over the last two years has established a way forward for guiding organisations in their quest for resilience.

    In fact, reflecting resilient attitudes amongst the national Principal Experts responsible, the original effort at a standard, ISO 22323, was abandoned at the end of 2012 and a new project started under ISO 22316.

    ‘Societal Security – Organisational Resilience – Principles and Guidelines’ has been a hotly contested and much misunderstood topic over which much debate has been expended. The problem has lain in trying to reconcile more traditional business continuity operations with a contemporary understanding of resilience. That is, a recognition that organisations must not prepare to simply survive and continue in the face of crises, but learn from them and use them to improve and evolve.

    As the team responsible moves towards a Working Draft of 22316 over the coming months, the focus should be on those elements of an organisation’s capabilities that help it to transform in this way. These can include, but are not limited to:

    • Refining established, relevant skills within the organisation

    • ‘Unlearning’ current skills or habits that are no longer relevant and may be counter-productive

    • Developing new skills

    • Ongoing interaction of an organisation’s competencies with new technologies

    • Learning together within the organisation, across teams, disciplines, departments.

    • Gathering and assessing relevant data

    In our complex, networked 21st century world, adaptive capacity will define an organisation’s success as much as its financial, human and cultural capital. ISO 22316 is set to be a good starting point for those seeking to grasp this opportunity.

    Dan Fox was founding co-ordinator of ISRS, is a current Associate Fellow of the Institute, and serves as the UK Principal Expert on organizational resilience to ISO.

    Bitcoin: Threat or Menace?

    By Mandeep Bhandal, on 4 April 2013

    =======================================================

    ISRS Associate Fellow, Vinay Gupta provides an assessment of bitcoin.

    Bitcoin: Threat or Menace?

    It’s easy to get carried away by the rhetoric around bitcoin. A “came from nowhere” new financial instrument with murky anonymous origins, associated with non-state anarchocapitalist libertarians, seems like something sprung to life out of science fiction.

    Really we should not be surprised. Bitcoin is the unexpected interaction of three trends.

    Firstly, there are ongoing efforts to make digital systems replicate the properties of real objects. Copyright holders have created generation after generation of digital rights management (DRM) systems to try and make files on a DVD as hard to illicitly copy as bulky, expensive 35mm cinema projector prints rather than infinitely replicable bits on a spinning disk. That other groups would try to produce hard-to-clone property rights in the digital medium should be a surprise to nobody.

    Secondly, bitcoin is decentralized. Many modern computer utilities are decentralized: Skype, Spotify, Bittorrent and more are all “peer to peer” below their smooth exteriors. When you are running Skype, your computer is helping other users make calls, and nobody really cares. As sophistication increases, and user’s own computers increasingly do the work that was done in expensive data centers, it gets easier and easier to build systems which take the last jump and simply have no center at all.

    Finally, dotcoms have recently been acquiring value faster than ever. Instagram went from zero to a billion dollars of value in two years, and was then sold to Facebook. Value sloshes around in these ecosystems at stampede rates with very little predictability. Was a photo sharing service with some cool image processing filters ever really worth a billion dollars? Only the market knows – a greater fool purchases your stock, and to you, in that moment, the value is completely real. Is it real for the greater fool? That depends on access to an even greater fool. But fools have never been in short supply.

    In bitcoin these three trends combined: technical creation of hard property rights meets decentralization and an extremely rapid acquisition of perceived value. It should also be noted that “crypto-currencies” of this type go back at least 20 years in practice, and further in theory.

    Really, the only surprise is that it is happening now, and in this particular rather strange form.

    The end game for cryptocurrencies has always been the collapse of the State through tax starvation. Theorists like Tim May (formerly of Intel) predicted the collapse of the state as an inevitable consequence of widespread digital networks, and viewed the fall of the USSR as a direct result of information and communication technologies. They predicted that once cryptocurrencies became established, mass migration away from national currencies would spell and end to the current status quo. When we consider small nations like Cyprus, it’s easy to imagine a speculative future in which mass migration to a new currency standard leaves the European Central Bank largely without influence.

    To assess the plausibility of those scenarios, we need only ask one simple question: “is the internet bigger than the State?” In most cases, the answer is “no.” A few very small, very fragile states might be actively at risk from digital currencies, but for the most part, State regulation of the internet is still possible, and a currency which was becoming a genuine threat to the national currency could be killed one way or another. Draconian measures might be required, but where there’s a will, there’s a way.

    However, if Google-Facebook-Amazon-Apple-Microsoft-eBay-PayPal got in to the currency game, this situation could change rapidly. An internet currency backed by a consortium of that size could seriously upend many of our expectations about how the world should work. They would be capturing the last remaining part of the value chain left behind by the credit card companies.

    If they got it right, they might wind up bigger than VISA.

    The narrow libertarian reading of the State roots its power in finance and the coercive power of taxation. A broader understanding of the State might root its power in national identity or even simplistic notions on the monopoly on legitimate violence. Within that wider context, it’s obvious that for cryptocurrencies to have substantial impact, they are going to have to grow very broad shoulders indeed. The table is very large, the players many, and the histories long.

    It’s going to take more than a digital analogue of the old Swiss anonymous banking system to cause a real upset. It may yet come, but not today.