Cybersecurity and Economic, Financial, and Market Warfare

By Rachel Ehrenfeld
Monday, April 15th, 2013 @ 2:40PM

Print Friendly, PDF & Email

ACD/EWI briefing on CyberThreats & the Economy, April 9, 2013.

The global financial markets are the virtual equivalent of the US power grid; each of these two networks – whether physical or virtual-may exhibit both the fragility and robustness that are the characteristics of a HOT (highly optimized tolerance) system and therefore be high-value targets in a new paradigm of warfare.

We know that the financial markets are one of the battlefields on which future wars will be fought. We have been told so: for example in a 1999 book titled, Unrestricted Warfare, (literally, “warfare without bounds”) written by two PLA officers Colonels Qiao Liang and Wang Xiangsui, and translated from Chinese.

“So, which [of many unconventional means], which seem totally unrelated to war, will ultimately become the favored minions of this new type of war – “the non-military war operation” – which is being waged with greater and greater frequency throughout the world? …Financial War is a form of non-military warfare, which is just as terribly destructive as a bloody war, but in which no blood is actually shed. Financial warfare has now officially come to war’s center stage,” the Chinese wrote.

In that same book, the authors posited a number of economic attacks, including an attack on the World Trade Center and an attack by Bin Laden. 9/11 was an instance of economic and financial warfare as well as a physical attack: in the days following 9/11, Bin Laden explicitly bragged about the loss of market capitalization the attacks had triggered.

The Intelligence Community is well aware of the links between economic warfare and geopolitical risk. As described in the O/DNI’s Vision 2015, “Each driver and trend independently produces unique changes and challenges; those points where factors intersect often reinforce and amplify the effects of change and create a series of unpredictable threats and risk that transcend geographical borders and organizational boundaries”.

To understand its vulnerability to cyberattacks, it is necessary to take a systems view of the global capital and commodities markets. The global markets are chaotic (strictly speaking, in a state of deterministic chaos), which is not to say that their behavior is random. Instead, like an amusement park “Tilt-a-Whirl” ride, they obey the laws of physics (or economics) even as they jerk and spin.

Specifically, they exhibit the characteristics of a complex,adaptive, and self-organizing system. The global markets are complex and adaptive, in that they change in response to either exogenous forces or to changes in their environment. They are self-organizing, in that market mechanisms and activities permit the spontaneous generation of order in a complex, adaptive system. For example, a market economy is self-organizing, whereas its’ opposite – a command economy – is not.

Such adaptation might result in a self-correcting process that attempts to maintain the current state. Or, conversely, it might instead require the system to jump to an entirely new state to find a new type of stability (i.e., exhibit emergent behavior). The danger lies in the fact that this new state might be considered catastrophic by some observers.

Some systems are more robust than others, and like the power grids, the financial system and be both robust and fragile because of their highly-optimized tolerance.

For example, because of market activities such as location arbitrage (e.g., buying one security in New York, selling its economic equivalent in London) the global markets are highly interconnected. Transactions are the “message packets” between markets venues, causing the markets to be in a continuous state of evolution. And transactions in high-frequency trading (HFT)-that is, trading using computer-based algorithms without human intervention-can occur in as little as 100 nanoseconds. So, such an evolution to a new and dramatically different state can be virtually instantaneous.

In the past, we’ve experienced relatively benign instances of contagion in the US markets. So-called “fat finger” trades may have been manually triggered when, say, a human trader entered an order to sell 10,000 futures contracts instead of 100 in a thin market in French Franc futures. The “Flash Crash” of May 6, 2010, was a more dramatic version of the consequences of a similar, benign trigger (attributed by some to an unusually large order in e-mini S&P 500 contracts by a mutual fund) in a market already nervous about the Greek credit crisis. On that date, the Dow Jones Industrial Average plunged about 1000 points (about 9%). Although it recovered from those losses within minutes, massive losses occurred. Similarly, on August 1, 2012, a “technology breakdown” at Knight Capital Group caused a major disruption in the trade of about 140 stocks and losses to Knight of over $400 million.

Net-centric warfare maybe both literally and figuratively accurate in the future. If such disruptions can occur at the hands of benign actors, they might be able to be deliberately engineered by adversaries of the US. The recent interest in storing “big data” and the development of the means to perform sensemaking on such data may give adversaries an enhanced ability to identify points of vulnerability and fine-tune attack mechanics in the financial network.

The nature of a cyber-attack on the markets would be different from, say, a denial of service attack in another sector. For example, although there is now “in-line” risk management for HFT (that is, the size of an order is checked against risk limits before being sent to the electronic exchange), a cyber-attack might attempt to disable such risk systems and allow a large, illicit order to trigger a cascade of large market movements-perhaps to such a degree that they interfere with the functioning of the markets themselves. Similarly, an adversary might use cyber espionage to determine highly confidential trading positions by major market participants, giving them the ability to profit from their knowledge as well as enhanced intelligence that might be utilized in a cyberattack on the markets. These are the types of scenarios that keep me up at night.

As a framework for risk mitigation, I propose that economic and financial warfare be joined by a more explicit classification: that is, market warfare.

The table below[1] shows a number of hypothetical attack scenarios, classified as economic, financial, or market warfare (some may be fit more than one classification). The market warfare scenarios are specifically designed to trigger a cascade in market prices.

The good news is that it’s possible to plan for systemic failures (for example, by building excess capacity into the system). And, a new field called “MARKINT” or market intelligence is a variation on SIGNINT or signals intelligence. In its broadest sense, MARKINT refers to the acquisition and aggregation of data from the global markets for purposes of sensemaking.

The global markets may contain indications and warnings of either system vulnerability and/or nefarious intent in their behavior, and we can use the same “big data” analytical methods (e.g., machine learning) to convert data to information to knowledge that might aid in national security.

[1] Source: Extreme Risk Management, Christina Ray, 2010, McGraw Hill/

* Christina I. Ray contributed to this note. She is Senior Managing Director for Market Intelligence, at Omnis, Inc., McLean, VA (, 

*Rachel Ehrenfeld is director of ACD and its EconomicWarfarte Institute.


Categories: ACD/EWI Blog, ACD/EWI Exclusive, Cyber, U.S. Policy

On The Campaign Trail

Check the dates and see when we're in your town!