What does history teach us about systemic technology risks?
The financial crisis of 2007-2008 was a teachable moment about the obscure risks of highly interconnected and interdependent systems. Prior to the almost complete meltdown of the world’s financial systems, few people outside of bond traders and financial speculators had heard of Credit Default Swaps or Collateralized Debt Obligations.
In an article on diginomica, Kurt Marko writes that economists often use the term “too big to fail” when describing financial firms whose failure would have such catastrophic implications for the broader economy that it would be irresponsible to allow them to become insolvent.
The term came into common use during the financial crisis to justify huge bailouts for firms like AIG, Citibank, and Fannie Mae.
RAND researchers Jonathan Welburn and Aaron Strong used the financial crisis as a cautionary example when summarizing their research findings in a recent column that questions whether some technology firms have become “too interconnected to fail.”
There have been some lessons in systemic technology risks when highly interconnected systems like DNS, cloud infrastructure, or online marketplaces fail. For example, the 2016 bonnet DNS attack interfered with name resolutions for dozens of websites including Amazon, Netflix, Paypal, and Twitter.
While some of these technology giants restored service by switching to backup providers, the scope and ramifications of the attacks were ominous.
Just like CDOs, however, the cascading network effects present a much larger risk to the whole economy. A single disruption to AWS, perhaps due to a large-scale cyberattack, would instantly be a cross-sector problem, potentially shutting down swaths of the economy. And private enterprises would not be the only ones affected: GovCloud, a tailor-made version of AWS, provides cloud services for the Defense and Justice departments and the Internal Revenue Service.
Welburn and Strong
Unlike 2008, no one today is worried about Amazon, Apple or Google going out of business. Instead, the risk in the online, cloud-based economy is that sustained, wide-scale outages at one could quickly disturb businesses throughout the economy.
If the financial engineering before the 2007 crisis taught us anything, it is that any highly interconnected system designed to eliminate risks contains obscure, often unperceived threats that only manifest themselves after the damage is done.
Welburn and Strong concluded that firms in various sectors are systemically important and vulnerable to shocks, including technology (e.g., Alphabet, Amazon, Apple, Cisco), telecommunications (e.g., AT&T), and health care (e.g., UnitedHealth Group, CVS Health).
The highly networked nature of the economy has the potential to amplify known sources of systemic risks and add new ones. After the Covid-19 pandemic, which is accelerating the transition to a virtual economy, policy makers need to broaden their definition of systemic risk.
Welburn and Strong
The conclusion? Online marketplaces, app stores, cloud services, and application services could be this decade’s version of CDOs and CDSs, but with ramifications across a broader swath of the economy.