On August 22, 2013, the NASDAQ was shut down for half a day. Investors have never been given a credible explanation as to what happened. If there were a benign or technical explanation, NASDAQ (NDAQ) would have told us about it by now. They could have said there was a bad piece of code or an engineer blundered while updating software or an installation didn’t go well. NASDAQ has never provided information of any substance except a few vague references to an “interface problem.”

Why not? NASDAQ itself must know. One likely answer is that the cause of the shutdown was nefarious, and it was probably caused by criminal hackers or, worse yet, Chinese or Russian military cyberbrigades. Investors should have no doubt about the ability of a number of foreign cyberwarfare units to close or disrupt major stock exchanges in the United States and elsewhere.

In 2014, Bloomberg Businessweek broke a story with a cover article titled The NASDAQ Hack. The incident referred to in the title goes back to 2010. Yet it was only in late July 2014 that the media were able to report on what happened: with help from the FBI, NSA, and Department of Homeland Security, the NASDAQ actually found a computer virus in its operating systems, traced it back to its source, and determined it was an attack virus. It wasn’t put there by a criminal gang; it was planted by the Russian state.

Stories of this type are often served up to reporters from official sources with an agenda. Why did this particular story come out four years after the incident? The reporting is timely, but why did the source wait four years? One surmise is that an administration official wanted to reveal the extent of the Russian invasion of U.S. financial exchanges as a way to alert investors to the possibility of worse to come. It was a warning.

A common response from analysts is that our hackers must be as good as theirs; we could close down the Moscow Exchange if Russian hackers were to close down the New York Stock Exchange. Yes, of course we could. The United States is actually better at cyberwar than any other world power. But consider how that would play out.

If Russia shuts down the New York Stock Exchange and we shut down the Moscow Exchange, who loses? We lose, because our markets are more important and much larger. There’s far more wealth involved on our side and greater spillover effects. Russia, financially, is in the position of not having as much to lose. One reason to avoid retaliation and escalation in
cyberwarfare is because it ends badly for the United States. Russian president Vladimir Putin knows that too, and that’s one of the reasons he invaded Crimea with confidence in 2014. He knew perfectly well the United States could not escalate in the financial battle because, in the end, we had more to lose than Russia.

For those unfamiliar with the Cold War, an escalation dynamic existed then also. The United States had enough missiles to completely destroy Russia (then called the Soviet Union). Russia had enough missiles to completely destroy the United States. This is a highly unstable situation because there was a great temptation to launch first. If you strike first and wipe out the other guy, you win. The response to this instability was to build more missiles. With enough missiles you could withstand the first strike and still have enough left over to launch a second strike. The second strike would devastate the party that started the war in the first place. It was that second- strike capability that prevented the other player from launching his missiles first.

This same dynamic as applied to financial warfare is not fully appreciated today. The weapons may be symmetric but the losses are not. The United States has by far the most to lose.

Another danger is the accidental launching of a cyberfinancial war. If you ask your hackers to devise an ability to shut down the New York Stock Exchange, they have to practice that.

They have to launch probes. For example, a situation could arise where Russian hackers who don’t intend to start a financial panic are probing and accidentally start a financial panic or an exchange systems shutdown. That is the much more worrisome scenario, because it doesn’t require irrationality. It only requires an accident, and of course, accidents happen all the time.

The United States has excellent deterrent capabilities in cyberwarfare through the military’s Cyber Command and the National Security Agency (NSA). However, insufficient effort has been devoted to strategic doctrine. Only a few experts such as Juan Zarate at the Center on Sanctions and Illicit Finance, and Jim Lewis at the Center for Strategic and International Studies are performing roles comparable to those that Herman Kahn and Henry Kissinger performed in the 1960s when strategic nuclear war fighting doctrine evolved. This strategic deficiency increases the risk of cyberfinancial war. That threat is one more reason to own gold because it is not digital and cannot be hacked or erased.