Previously I mentioned that Hurricane Ivan disconnected the Cayman Islands from the Internet.
 Here’s an update showing the whole period of disconnect, two days off the net, and reconnect, with details about undersea cables and comparison to Jamaica.
|
-jsq
Commenting on the previous post, Adam wants to know:
“But…but…what is a cat bond? How does it work? When does it pay? Does it have coupons? Who gets what risk with them?”
Fair enough.
Cat bond is short for catastrophe bond. A cat bond is somewhat like a municipal bond, except if the catastrophe occurs, the principal goes away to deal with the catastrophe.
Why would anyone buy a bond that could vanish? The principal of almost any investment could disappear, as many of us who invested in stocks in the late 1990s can attest. Even a municipal bond can be downgraded and thus lose value. And while the precise time of occurence of a catastrophe such as an earthquake, hurricane, flood, or wildfire may not be predictable, the probability of its occurence during, e.g., a ten year period is usually fairly well known, and not as susceptible to politics or market fads as some other investments. At the least, the risk of loss of principal of a catastrophe bond is not strongly correlated with risk of loss of principal of other investments.
And catastrophe bonds typically pay a higher percentage than other bonds.
Who buys them? Usually not individuals, rather lreinsurers, insurers, commercial banks, hedge funds, and investment advisors.
Who issues them? Financial houses, insurance companies, and hedge funds.
Why? To increase the pool of available capital to cover large risks.
For example? Packages of credit card debts, mortgages, or automobile loans. Force majeure events such as earthquakes, floods, and hurricanes.
The application of cat bonds to Internet force majeure events seems straightforward. Except, of course, that probability matrices are needed to write them.
Is that what you wanted to know, Adam?
-jsq
Hurricane Ivan has prompted the Wall Street Journal to publish an article about catastrophe bonds:
“Cat bonds first began to appear in the 1990s after insurers and reinsurers suffered financially from storms such as Hurricane Andrew that struck Florida in 1992 and the Northridge Earthquake that hit California in 1994. From 1989 to 1995, total insured property losses in the U.S. were $75 billion, 50% more than the property losses from the prior 40 years, according to Standard & Poor’s.”
They omit from the history lesson that cat bonds weren’t actually issued for earthquakes at that point because Warren Buffett had one of his companies issue insurance policies. Cat bonds did catch on, though:
“Reinsurance giant Swiss Re, for example, is a major issuer of catastrophe bonds. A year ago, under its Arbor program, Swiss Re issued six catastrophe bonds with four-year maturities and total protection for Swiss Re of $205 million.”
September 13, 2004
“Investors Who Bet On Storms, Disasters Gauge Trade Winds,”
By CARRICK MOLLENKAMP and CHRISTOPHER OSTER
Staff Reporters of THE WALL STREET JOURNAL
Still, nobody is as yet issuing cat bonds for Internet outages, even though a single Internet worm could cost more than all three of Hurricanes Charley, Frances, and Ivan combined.
-jsq
On Sunday 12 Sept 2004, Hurricane Ivan damaged the undersea cable that connects the Cayman Islands to Florida, disconnecting Cable & Wireless’ Internet connection to the Caymans, as illustrated in the animation.
Despite early news saying that Jamaica was also cut off, the same animation shows Jamaica connected all day. This is because the Jamaican node shown is on a different ISP and apparently a different undersea connection.
Observing the Internet directly can provide more information about some things than asking ISPs one by one.
-jsq
Some of you may have noticed this book over in the reading list:
Peter L. Bernstein: Against the Gods: The Remarkable Story of Risk
It’s an enjoyable context book, telling how modern probabilities developed out of gambling, how Lloyds grew out of a coffehouse, etc. I recommend it.
-jsq
Previously I mentioned Government mandates in networking and security.
Here’s a Congressional subcommittee working on government recommendations in Internet security:
Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census,
chaired by Adam H. Putnam of Florida, part of Rep. Tom Davis’ Committee on Government Reform.
Back in June, Rep. Putnam remarked:
“Make no mistake. The threat is serious. The vulnerabilities are extensive. And the time for action is now.”
So far, Putnam’s subcommittee has been collecting information and testimony. However, he may go farther:
“Rep. Adam Putnam (R-Fla.) last fall drafted the Corporate Information Security Accountability Act of 2003, which would require companies to button down their information systems. The bill has not yet gone before the House of Representatives, but many of the proposals in Putnam’s draft as well as other recommendations are being batted about in a working group created by the subcommittee Putnam chairs, the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.In the name of protecting national infrastructure, you may be asked to conduct annual security audits, produce an inventory of key assets and their vulnerabilities, carry cybersecurity insurance and even have your security measures verified by independent third parties, if the core features of the proposed legislation make it to the floor of the House. ”
So far, this appears to stop short of mandating technology; instead sticking to best practices. We’ll see.
-jsq
Denial can cause damage.
In the summer of 1953 tornados had damaged several states, but everyone knew Massachusetts didn’t have tornados.
“The official forecast for Central Massachusetts called for a continuation of hot, humid weather with the likelihood of afternoon thunderstorms, some possibly severe. US Weather Bureau storm forecasters believed there was the potential for tornadoes in New York and New England that afternoon and evening. The Buffalo, New York office warned western New York residents of the possibility for a tornado, but the official forecast released from the Boston office did not mention the threat, based in part on the rarity of Massachusetts tornadoes, and perhaps partly on the potential psychological impact on those residing in the area.”
“Weather Almanac for June 2003: THE WORCESTER TORNADO OF 1953”
Keith C. Heidorn, PhD, THE WEATHER DOCTOR, June 1, 2003
Even after the funnel touched down in Worcester County on June 9 1953, forecasters at the Boston Weather Bureau office at Logan airport discounted telephone calls from the affected area, dismissing them as crank calls. After all, everyone knew Mass. didn’t have tornados.
Meanwhile, debris started falling 35 miles east of the funnel, some onto Harvard’s Blue Hill Meteorological Observatory. Not just small pieces, either: 6 foot planks and 10 foot square pieces of wall and roof, The Harvard observers managed to convince Logan to put out a new advisory. I don’t know if they waved a plank at the telephone.
But the damage had been done. It was too late to evacuate, tape windows, or take cover. “The damage was estimated at $52 million ($349 million in 2002 dollars) and included 4,000 buildings and hundreds of cars.” The picture on the left from the Worcester Telegram and Gazette is of freshman Senator John F. Kennedy touring the disaster area.
It was an F4 (some say F5) tornado, with winds up to 250 miles per hour. Yet denial was so great that trained meteorologists refused to believe the funnel existed while it was flinging cars into the air, demolishing houses, and throwing debris as far as 50 miles away; a mattress was found in Boston Harbor.
“”When people see damage, is when they start acting.”
–Darin Figurskey, meteorologist
quoted in “The Wrath of God” on The History Channel
Affected parties moved quickly to start a state-wide storm-spotting network to watch for future storms. They even did some historical research. It turns out Mass. actually has about 3 tornados per year, and the earliest one on record was reported in June 1643 by Governor Winthrop. It’s amazing what you can see when you stop denying that you can see it, and even more when you have multiple eyes watching.
Several people affected by the Worcester tornado went on to pioneer tornado chasing, tornado cataloguing, and Doppler radar. The Weather Doctor has more on them and the Worcester tornado.
It seems the best time to make risk management plans is before the disaster happens.
-jsq
James Seng points out Bruce Schneier’s essay, “How Long Can the Country Stay Scared?”, in which Bruce remarks,
“There are two basic ways to terrorize people. The first is to do something spectacularly horrible, like flying airplanes into skyscrapers and killing thousands of people. The second is to keep people living in fear.”
In a previous post I noted that the ancient Anasazi tried to deal with a terrible enemy by retreating to fortified residences on increasingly hard to reach cliffs.
Who was this enemy that attacked the Anasazi, killing them and eating them? Apparently there was no large external invading force; it would have left traces
that would have been found by now. The best theory as to who the attackers were appears to be: the Anasazi themselves. The Anasazi society apparently fragmented and warred with itself, producing a state of fear that continued for decades if not centuries.
That society with a chronic state of fear and fortification failed. It eventually abandoned the cliff dwellings.
The survivors mutated into a society of mesa-dwellers who protected themselves via superior observation and cooperation. They apparently kept watchers on the mesa tops who could real perils approaching and alert people on the same and neighboring mesas in time to do something specific, rather than keeping everyone in fear all the time.
Hm, sounds like a holistic and synoptic view of the surrounding territory.
-jsq
Phil Libin remarks, regarding a recent White House common ID mandate for federal employees and contractors:
“Just as with the development of the Internet, the federal government is once again the main initial catalyst for new technology that’s going to change the foundations of mainstream business transactions in the near future.”
Indeed, ARPA (now DARPA) funded the early ARPANET, which led to the Internet, and DCA (now DISA), among other agencies, promoted it by buying equipment from fledgling Internet vendors.
However, let’s not forget that the federal government also promulgated GOSIP, which was a requirement that computer systems sold to the federal government had to support the ISO-OSI protocol suite, which was similar to TCP/IP but different. Different in that while TCP/IP was the result of a process of multiple implementations interacting with standardization, ISO-OSI was a product of standards committees, and lacked not only many implementations, but even more many users. GOSIP was a waste of time and money. Fortunately, the U.S. government wasn’t as serious about ISO-OSI as were many European governments and the EU; in Europe OSI held back internetworking until the rapid deployment of the Internet in the U.S. and elsewhere eventually made it clear that OSI was going nowhere.
Where the U.S. government succeeded in networking was in promoting research, development, implementation, and deployment. Where it failed was when it tried to mandate a technical choice.
Hm, I see the White House directive gives the Dept. of Commerce six months to consult with other government agencies and come up with a standard. If there’s a requirement to consult with industry or academia, I don’t see it.
I hope this comes out better than, for example, key escrow, a previous government attempt to mandate authentication methods.
-jsq
Smithsonian Magazine published an interesting story (“Riddles of the Anasazi,” by David Roberts) about the ancient Anasazi of the Four Corners region of the U.S. southwest. For centuries they built buildings and roads and practiced agriculture and pottery. Then around the year 1200 they started suffering depradations by parties as yet unidentified who attacked them, killed them, and ate them; the evidence of cannibalism has become hard to refute.
At first the Anasazi reacted by building residences in increasingly hard-to-reach niches in cliffs. The example on the left is one of the last things they built on the cliffs; a wooden platform wedged into a rock face.
Eventually, at the end of the thirteenth century, the Anasazi abandoned their cliiff faces and moved to mesa tops to the southeast. At least three mesas, each of which could see at least one of the others.
“It was not difficulty of access that protected the settlements (none of the scrambles we performed here began to compare with the climbs we made in the Utah canyons), but an alliance based on visibility. If one village was under attack, it could send signals to its allies on the other mesas.”
The mesas did have perimeter defenses: they were 500 to 1000 feet tall, and they each had only one way in. But their individual perimeter defenses were not as extreme as back on the cliffs, and perimeters were only part of the new mesa defense system. Their descendants the Hopis still live on mesa tops.
Related to the question of Forts vs. Spimes, in this case ever more restricted fort perimeters did not work. What apparently did work was coordinated observations and cooperation. The analogy to the Internet probably does not need belaboring.
-jsq