The linchpin of cybersecurity is at risk

An 'existential' security crisis
In Medieval times, merchants and bankers kept meticulous records employing a variety of accounting books (the Venetian merchant Benedetto Cotrugli first explained this system in 1458). They had a scrap book for notes, a day book for initial recording and a master ledger that used double-entry bookkeeping for the ultimate business record. Transactions and names and numbers had to match across all the books. 

Today's accounting systems are focused on the same goal, but the methods have changed dramatically. And one of the biggest changes in the past 30 years is the fact that record-keeping has increasingly been done across computer networks linked across the internet, which has far too often given malefactors access to the books.

For a quarter century there's been a master ledger of vulnerabilities, a place where companies could report hacks and leaks and bugs and could also learn of other companies' hacks and leaks and bugs. It's called the Common Vulnerabilities and Exposures program, and it is the definitive source of online database problems. But the CVE itself may become a victim of the online world, our Carter Pape reports this morning.

This is pretty serious stuff. The word "existential" was used. Artificial intelligence-based threats, outdated infrastructure and even political funding battles are putting the validity of the CVE at risk. And if the CVE becomes incapacitated or even just less effective, it will have a material effect on every business sector.

For banks, this is a big deal. From Carter's story:

"For U.S. banking organizations, a collapse or fragmentation of the catalog would hamstring critical defense and compliance operations, adding extremely costly and potentially ruinous overhead to the time-sensitive task of patching known vulnerabilities.

"Patch management is critical enough to bank cybersecurity that the Federal Deposit Insurance Corp. requires regulated institutions to maintain effective software patch management programs.

"A breakdown of the program would severely impact how financial institutions coordinate with their third-party service providers and regulators."

If the CVE failed every bank would essentially be on its own. Record-keeping would be set back severely. Maybe not all the way to Cotrugli's three-book system, but far enough back. 

War and interest rates
I'd opined a few weeks ago that Iran was fighting this war on two fronts, one physical, the other economic. In the time since, it certainly appears that I was right. Iran wasted no time in seizing and controlling the Strait of Hormuz, putting a squeeze not just on oil but on fertilizer too, leaving both energy and food supplies at risk. 

Now, I can't say what is going to happen in the future. But I can say that central bankers tend to be a pretty conservative lot, at least philosophically if not politically. And in a situation where a war is threatening the world's energy and food supplies, central bankers are likely to move very, very slowly and cautiously. 

That was the message from two former regional Fed presidents, both of whom spoke to our Maria Volkova about the war, inflation and interest rates. The economic outlook was murky before the war started; it is more so now, and the longer the war lasts, the murkier the outlook gets. Patrick Harker, who ran the Philadelphia Fed, and Loretta Mester, who ran the Cleveland Fed, both expect that the Fed will keep interest rates where they are for the foreseeable future, given energy-based inflation and the concern that higher prices will become entrenched. 

All I know is I paid $3.99 a gallon for gas on Sunday, which is just about the national average. Another thing I said was that there is a number somewhere north of $4 a gallon where the economy will just grind to a halt, like it did in the summer of 2008. Let's hope we don't find out what that number is.