• Riskope International

    Risk and Crisis Management Decision Making Support Tolerability and acceptability definition Coaching and Skills development
  • Risk and Crisis Management Decision Making Support Tolerability and acceptability definition Coaching and Skills development
  • Archive

  • Categories

  • Meta

  • Flickr Photos

    Economic downturn crisis forecast November 2008

    Contact us to know details on economic downturn crisis forecast

    graphic results of economic downturn crisis forecast November 2008

    Economic Downturn Magnitude and Duration Quantitative Study by Riskope (http://www.riskope.com), November 2008

    More Photos

Information Security, Cyberwarfare, Security Guidelines.

This year has seen an unprecedented number of highly visible cybersecurity events, entire countries disappear from internet during riots and revolts (North Africa, Egypt, Libya), metropolitan underground e-mails and phones obscured (San Francisco) by the authorities to “protect us”.

Reportedly the hacker group Anonymous has now threatened to take down the New York Stock Exchange‘s computers in what we at Riskope would see as a “logical” development of the Men against Machines War we described in a recent posting in this blog.

A new report from the Georgia Tech Information Security Center warns that the trend will accelerate, and based on our own experience, they are not the only ones to believe so.
Several related studies we are performing are indeed pinpointing risks linked to search poisoning, Mobile Web-based attacks, more conventional hijacked computers (botnets) etc.
Although many believe common sense is the best defence, we are of the opinion that private, institutional and corporate clients should take things way more seriously. Thus, we happy yo see that some of our clairvoyant clients have asked us to perform holistic and full scope risk assessments on their informational systems, as they were feeling the pressure raising in this area.

Today we have decided to publish a short post on a specific aspect of our work, namely third-party review jobs on proposed (Information Security, Information Risk Management, etc. Guidelines).
But before going there, we’d like to point out that Information Security Guidelines and methodologies are the subject of numerous web-based resources, such as for example ANSSI (French), which leads to a qualitative, colour based obsolete risk assessment, or the US-CERT (American) “software”, which apparently only works on Windows based systems (sorry for all the other ones like Apple, Linux, Android) and guides its users to what we consider excessively “light, unfocused and very superficial” reporting.

Well, going back to our Third Party Review Report , which has of course been censored to protect client confidentiality and is based on our client’s new proposed Information Security Guidelines,
we raised the following general four major points:

  • It is essential that all employees clearly understand the value of the Company’s Information and their individual and collective responsibility to protect it. Awareness constitutes the first line of defence
  • Riskope encourages our clients to “break-up the information silos” as Information Security should cover all activities and tasks, including selection, hiring, etc. of personnel, subcontractors and suppliers.
  • Riskope encourages the compilation of several versions of Information Security/Risk Management Guidelines tailored towards the needs of various layers of users.
  • Guidelines should include formal and well structured reference to assessment and resulting protection from physical man-made or natural hazards, business continuity plans, resumption plans, backup capabilities etc.

In the third party review report you will find many more points, bearing on specific Information Security themes.

As you can hopefully “feel” from the reading, unbalanced or weak guidelines can give a wrong sense of security to their users, and actually totally miss their goal.

With our group of experts in Cyber Defence (CYD), Cybersecurity, Riskope can perform audits and penetration tests on your company’s systems, write well-balanced Security Guidelines, review and support your efforts.

The Cassas Landslide in North Western Italy

A fully developed natural hazard risk management and mitigation approach.

As we presented this case at an the WLF2 conference in Rome, we have decided to publish it on our blog. It constitutes a complete and fully developed case study which included the following phases:

  • probabilistic behaviour forecast,

  • behaviour monitoring (which luckily allowed to actually “see happen” what we had predicted a few years earlier),

  • Risk Based Decision Making (RBDM), and finally

  • implementation of mitigative and crisis management plan.

Interestingly, in a curious turn of events, while doing some reconnaissance work on the landslide, two of us almost lost our lives in a helicopter crash. Risk managers are unfortunately not immune to risks…and somehow it was a good lesson for us to be in the “victim role” that day.

During WLF2 many people were discussing the L’Aquila quake (and related phenomena), and, of course, the trial  where seven public officers are currently tried over their alleged failure to properly communicate risk. They belong to the Italian National Institute of Geophysics and Volcanology (INGV) and one is a member of the Civil Protection Agency.

The defendants were members of a so-called “high risk committee”, a panel that had met just six days before the quake after numerous minor tremors had shaken the city.

Foreign press and media have erroneously reported that “Scientists went on trial Tuesday for failing to predict the earthquake that killed more than 300 people in 2009 in Central Italy” (an example of “lost in translation”?). The defendants are indeed accused of giving overly reassuring information to residents who could have taken adequate protective measures if they had been properly informed.

According to the indictment, the seven men are suspected “of having provided an approximative, generic and ineffective assessment of seismic activity risks as well as incomplete, imprecise and contradictory information.” People close to the victims hope this trial will change mindsets and will lead to greater attention given to communication of risks, focusing attention on a problem that we, at Riskope, have seen happening all over the world, from Japan to South America, and Europe…(we were defence expert-witnesses in trials against public officers in similar cases).

We would of course also wonder why higher governmental levels are not indicted for not enforcing strict anti-seismic building upgrades, but that’s an entirely different ball-game.

Reportedly. Prof. Domenico Giardini, the current president of the INGV told the media that the process was not about science but about the way it had been submitted to the public and the trial will cover the numerous “failures” in the chain of communication. ”We all have to work on new protocols and clearer about sharing information,” he said.

Apparently, contrary to what several groups have stated (for example the American Association for the Advancement of Science (AAAS) or The American Geophysical Union (AGU), no one is doubting the quality of the scientists , or trying to say that they should have foreseen “day and hour of the quake”, a prediction that, despite the efforts developed all over the world, still eludes scientific models.

Skynet ‘s Terminator is happening now

 Every morning, day after day, we see rough market data, large volatility, brutal drops, sudden heaves.

Some companies are seeing the market capitalization play yo-yo several times a week, if not daily.

For example:

  • Dendreon Corp.’s shares fell 69% in less than two minutes in April 2009 followed by an after hour rally.

  • Diebold Inc., June 2nd , share price plummeted more than 30% in six seconds, before shooting back up

Dendreon & Diebold shares most likely have been “victims” of computer programs that search out financial information, analyze it and “high-speed trade” it without any human involvement. Similar wider scale events occurred on May 6th when a massive sell-off erased 862US$ billion market capitalization in less than 20 minutes.

Algorithmic trading is the use of computer programmes for entering trading orders, with the algorithm deciding the timing, location, price and/or quantity of the order.

Algorithms are at war for profits against each other,  Crisis preditction 2008 economic downturn recessionRiskope’s Crisis prediction 2008

and Humans are just a casualty of war, small useless bystanders.

Of course one can still believe that markets’ sways occur because of manual trading, consumer confidence etc., but the truth is that we are no match to machines in an industry that executes transactions by the millisecond. At Riskope we have stopped using stop losses for our own investments: they are way too hazardous when executed at “investor’s speed”. By the time our stop-loss might be activated the stock may be down to the center of the Earth! We have come to the conclusion that we can tolerate the volatility, when we believe in the long term good sense of a stock position. We will not be enslaved by machines.

Reportedly the SEC recently proposed a $4 billion system to track unusual market events and suspicious trades in real time….please read …in milliseconds…..

As the matter of fact, the use of software to analyze and trade within milliseconds on news from press releases, headlines and news stories has taken off only recently. Software are reportedly based on algorithms processing historical data, events or keywords that have pushed stock prices up or down in the past. Temporary price fluctuations have led some firms to install software that looks to profit by buying at the low point of a swing, which explains the sharp turbulences of intra-day pricing.

SEC reportedly plans to implement countermeasures such as halting trading when a stock rises or falls more than 10% in less than 5 minutes. Do you now how many milliseconds there are in five minutes? Just imagine what a machine can do in five minutes, and you will see why we, Humans, have to find different strategies for survival in our war against machines.

The London Stock Exchange has recently said its new Linux-based system is delivering world record networking speed, with 126 microsecond (that’s roughly 1/10th of millisecond) trading times. The LSE had indeed long been criticised on low speed and poor reliability, grappling with trading speeds of several hundred microseconds (gee, that slow, hey?).

The 126 microsecond speed is “twice as fast” as its main international competitors, BATS Europe and Chi-X, two dedicated electronic rivals to the LSE, which are reported to have an average latency of 250 and 175 microseconds respectively. But many of the LSE’s older and more traditional rivals offer speeds of around 300 to 400 microseconds.

Beware, Humans, the new LSE Linux system will go online, on November 1st . Is that the day the “Collective” (remember Terminator’s Collective?) will launch its offensive?

This all looks quite like a science fiction movie, but it is not.

After predicting that the crisis would be long-lasting and deep, consequences would hit public services, public officers, generate high jobless rates, and finally lead to riots, we are now seeing “indignados” on the Brooklyn Bridge, Zuccotti Park, protesting at Wall Street (October 1st) and other financial districts even in the Almighty USA.

Jobless people against light-speed machines making decisions for a few “human owners”, or for themselves? Well these machines do not shoot flames and bullets like the ones in Terminator, but they will kill people for sure: depression, hunger, hopeless lives….and the machines and their masters (meanwhile there are some) will get richer and more powerful.

As you can see in the picture above, our 2008 crisis depth and duration prediction showed:

  • the most probable scenario was a crisis lasting until now and 20% chances (1 in 5) it would go on for quite another bit.
  • 55% chances the crisis would lead to “critical evolution of disservice” described in our 2008 paper to be exactly what we see now in the media…

If we were to scientifically update our predictions now, based on factual data and new evidence, we would most likely find out a significant increase of the probability the crisis will last even longer.

Follow

Get every new post delivered to your Inbox.

Join 1,487 other followers

%d bloggers like this: