Trust is the fuel that makes the global financial system work — yet thanks to sophisticated operations by foreign government hackers who are increasingly willing to target that system, the risk of deliberate systemic disruption has never been greater. Even worse, soaring sovereign debt accumulated by governments worldwide has created an especially weak link susceptible to attack.
A dramatic rise in borrowing, especially by governments, has set the stage for a cyberattack to cause disruption that could cascade throughout the global economy. According to reporting by Bloomberg, U.S. Government debt is near $22 trillion — 40 percent of GDP — up from $9 trillion in 2007. Global debt of all kinds now tops $247 trillion, a staggering 320 percent of global GDP. These greater levels of debt are linked to higher levels of systemic financial vulnerability, according to a study by Columbia University’s Project on Cyber Risk to Financial Stability.
On their own these debt levels are already concerning to many investors, but the real threat to financial stability is the use of Treasury bonds and other debt instruments to raise short-term capital for trades in equities.
Treasury securities facilitate trade through “repo” agreements when they are sold to a lender, with the understanding that they will be repurchased at a fixed time — usually overnight but sometimes several weeks or more. This form of overnight borrowing is normally extremely low risk and provides liquidity for equity and other markets. However, because repos are not collateral but actually sales, the purchaser of the government-backed bond can use it in their own repo or collateralized contract while waiting to return it. In a healthy economy brimming with trust, re-using the same bond in this way means more capital is available for investment.
But the Task Force on Tri-Party Repo Infrastructure noted: “at several points during the financial crisis of 2007-2009, the tri-party repo market took on particular importance in relation to the failures and near-failures of Countrywide Securities, Bear Stearns, and Lehman Brothers.” The report goes on to say that “the potential for the tri-party repo market to cease functioning, with impacts to securities firms, money market mutual funds, major banks involved in payment and settlements globally, and even to the liquidity of the U.S. Treasury and Agency securities, has been cited by policy makers as a key concern behind aggressive interventions to contain the financial crisis.”
It is easy to imagine a rival nation seeking to deliberately cause the repo market to stop functioning as a way of reducing liquidity in the U.S. and global markets and hence, inflicting severe economic damage.
A nation-state that credibly gained access to tamper with repo records, even overnight, could sow discord simply by preventing the timely settlement of repo and other government-debt affiliated trades. Trust, which undergirds so much of the U.S.-led economic order’s growth and prosperity, is a two-way street which a dedicated adversary could undermine via cyber means.
A 2017 note from the Federal Reserve highlighted that the failure of timely settlement would be systemic. Even the prospect of a temporary delay in payments due to a possible U.S. Government default threatened market liquidity in 2013. America’s allies and economic partners in emerging markets are even more vulnerable, with sometimes singular outlets for their bonds, fewer safety valves, and less resiliency to economic shocks. Saudi Arabia, whose economy has repeatedly been targeted by Iranian actors and which is seeking an infusion of cash by selling international bonds, is a leading but not the only target.
China probably would not have much incentive to cause disruptions to government-backed bonds given their own integration into the global economic system. Russia, North Korea, and Iran are, however, all to different degrees much more isolated from the global economy due to U.S. sanctions. North Korea’s ongoing large-scale cyberlarceny targeting SWIFT-connected banks worldwide and Iran’s “Operation Ababil” denial-of-service attacks on U.S. banks in 2007 show that nation-states targeted for U.S. sanction are willing and increasingly able to retaliate in cyberspace. Indeed, there is a strong argument that those sanctions opened the way for reciprocal cyber attacks from those nations by insulating their economies from further blowback once their operations were discovered and attributed.
Finally, Russian Prime Minister Dmitry Medvedev in August 2018 explicitly warned that U.S. sanctions targeting the function of Russian banks or currency would be perceived as “a declaration of economic war” to which Moscow could react with a variety of means. Given previous targeting of Nasdaq by Russian hackers, such means almost certainly include cyber operations.
Policymakers have for several administrations been inclined to view sanctions and indictments of foreign hackers as a nearly cost-free deterrence option, but hopefully they will consider that, especially with the piling-on of U.S. debt, the risks of doing so are mounting.
Christopher Porter is the Chief Intelligence Strategist of cyber security company FireEye and a Senior Fellow at the Atlantic Council.