Emergent Endogenous Risk in System-Based Industries
August 28, 2012 Leave a comment
The type of catastrophe that emerged within the global finance system will emerge there again, in different ways, and will also emerge within other critical systems like food, energy, communications, and information technology.
The subprime mortgage crisis of 2008 showcases a new category of system-wide risks that emerge from the collective behavior of individual institutions. This new category of threats should be included within national infrastructure assurance plans.
A key response to the subprime contagion within the banking sector is in the form of macroprudential policy: policy seeking to improve resilience of the entire system, not just the institutions within that system. The need for macroprudential policy is not confined to banking and finance however; it applies to all system-based infrastructure sectors including communications, energy, food and agriculture, and information technology. This paper demonstrates the existence of systemic risks to information technology to justify extension of macroprudential policy approaches to this sector.
This policy/risk mismatch summarized here arises from an aggregate decline in backup power capacity across U.S. data centers, yielding increased vulnerability year-on-year to sustained power outages. A service failure within the energy/electricity sector may exceed in duration the threshold of tolerance of numerous data centers simultaneously as a result of the annual decline in backup power capacity. This simultaneous trend across numerous individual actors creates an emergent endogenous risk to the system overall. This risk category that ‘emerges from within’ stands in stark contrast with the prevailing cybersecurity focus upon deterring exogenous risk.
Doing nothing has the lowest explicit cost in the short-term but will eventually result in a massive negative economic impact in the long term. Innovative tactical regulatory approaches, such as policy for green data centers, can reduce exposure to this specific systemic risk while delivering other public benefits (e.g. lower carbon footprint), but fail to address the broader issue of other emergent endogenous risks. The most effective approach is to nurture enterprise adaptive capacity, also known as enterprise resilience, through macroprudential policy approaches. Borrowing innovation discovered through urban and environmental policy such as those epitomized within the Stockholm Resilience Centre, would be a good place to start.