What Will Be the Next Big Disaster?

Interview with Charles Perrow, author of "The Next Catastrophe"
What Will Be the Next Big Disaster?
What form will the next disaster take, and how will financial institutions be struck?

Charles Perrow, Ph.D., Professor Emeritus of Sociology at Yale University is famous worldwide for his ideas about "normal accidents" -- the idea that multiple and unexpected failures are built into our society's complex system. He writes of this notion in his book "Normal Accidents: Living with High-Risk Technologies."

In his most recent book, "The Next Catastrophe," published by Princeton University Press (2007), Perrow assesses the very real dangers our country now faces. We recently caught up with Perrow to discuss the next big disaster - and how it may impact financial institutions.

Q: What's the "worst" that could happen to our critical infrastructures, and what's the most "likely" form that it will occur in? Or has it already happened, and we'll be watching history repeat itself?

Perrow: We're going to see history repeat itself when the next hurricane hits. One that hits a large city like Miami or Galveston can be predicted to have a fair degree of consequence.

The disaster with the most impact is linked to our critical infrastructure, and that would be a nuclear power disaster. That's waiting to happen as a result of all the extensive deregulation in the power industry and the head-in-the-sand approach of the Nuclear Regulatory Commission (NRC) and its inactivity in policing these nuclear plants. NRC is really captured by the industry and is not doing nearly enough to protect us from that kind of radioactive disaster. An official at a government agency predicted before Three Mile Island that something like it would occur and predicted a worst-case scenario would affect an area half the size of Pennsylvania.

But most likely we'll face hurricanes, and the most likely critical infrastructure disaster will be another massive blackout like the one the Northeast experienced in August 2003, probably in California or again in the Northeast.

The least likely is a large terrorist attack that would kill thousands -- that worries me the least. That's the one that gets the most headlines, and the public is most afraid of, and the politicians ride upon that fear. We've spent billions of dollars on protective measures against an unpredictable attack that we really can't protect against. We've neglected spending on protections against natural disasters such as hurricanes or industrial disasters like a power grid blackout.

Q: In your opinion, is one way to get things shaped up more legislation and compliance requirements? What's working in other areas of the world in terms of disaster response?

Perrow: I think what we need is more oversight by government of the critical infrastructure. Eighty to 85% of critical infrastructure is held by the private side, and many U.S. industries are averse to legislation and regulation. Government has been cutting and reducing regulations steadily since the 1960s, and industries are pushing for more deregulation. Industries that need more regulation include the electrical and chemical industries, and the food supply faces real threats, and errors and mistakes are happening there.

Europe is much more heavily regulated in these critical areas. In the European Union, while they tax heavily, they protect their populations much better than we do. We need to move toward more protections for our population and follow the European model.

Q: With all the "lessons" that the government says it learned from Katrina and 9-11 and other catastrophic events, how well prepared is the US government to handle a regional or multi-regional disaster? Do you recommend that financial institutions look to the government, or plan to respond by themselves to a disaster?

Perrow: We are barely better prepared, just a little bit more prepared than before 9-11. In some areas we are worse than before 9-11. In terms of natural disasters, we are still taking away more initiatives from the cities, counties and states and putting it into federal hands, where they don't really belong. The federal agencies are not in the line of fire and aren't equipped to respond to events very well. We need to decentralize our disaster response more than we have. This has probably made us less safe. In other areas, such as airport security, we're a little bit better, but not much.

As for financial institutions' response, they will have to take the lead. Financial institutions wisely have deconcentrated their back-up and data preservation facilities - they were not even severely inconvenienced by 9-11. But they have not demanded more secure Internet facilities. Financial institutions are facing massive fraud losses that are not publicized -- if they were, it would cause a public scare. They are paying the cost of these losses. They could do much here to call for better security and controls from Internet Service Providers. They have a strong vested interest in making the Internet safer.

Q: Some of the recent examples of regional problems that cascaded into larger areas (2003 blackout) make us wonder how fragile some of our critical infrastructure really is. What can you tell us about the grid, and is it safe to depend on the electric companies being able to meet the needs in widespread regions during a catastrophe, or are we going to be left sitting in the dark?

Perrow: I expect more darkness. With deregulation, profits could be made by "wheeling" electricity over very long distances to capitalize on tiny price differences. The industry has profited greatly, but has not invested in transmission modernization - it is more a question of a third-world grid technology than more lines in our backyards. The 2003 Northeast blackout shows how fragile our power infrastructure really is. The US Supreme Court has blocked attempts to establish liability for poor maintenance, overloading lines and sloppy practices. If liability were possible, the power industry would quickly shape up and, remarkably, make more money. Each year outages cost the public about $12 to $15 billion, the power companies almost nothing.

Q: There's been a lot of talk and speculation about the avian flu pandemic. What's your take on the possibility, and is there a real threat that it could happen?

Perrow: It's a real threat. It's a much more remote threat than a hurricane or blackout or chemical spill in an urban area, but the threat is real. I worry much more about a serious biological event, such as mad cow or botulism outbreaks. With pandemic avian flu, there is little we can do. Even actions such as stockpiling anti-virals for first responders are not going to work. The pandemic flu virus could mutate and change and the anti-virals would have little effect in stopping it. However, pandemics are self-limiting and will hopefully die out quickly. It's a very mixed picture, and very hard to predict.

Q: What are some of the things that may be overlooked by financial institutions when planning to respond to a pandemic? Are there things you just can't plan for?

Perrow: This is a tough question. Someone would have to trace out the linkages and nodes in our social system much more carefully than I have to see where the financial institutions interact with medical resources, how they would handle the costs that government programs such as Medicare do not handle (I assume Blue Cross/Shield etc. would be devastated with uncollectible bills), and the precipitous drop in output and employment, affecting all investments and loans. History is not much help here since the interdependencies in our economy are now so much greater. There are fewer buffers in an electronically wired system, so failures will cascade. For example, Y2K taught me two things: first, preparation is vital. In the two years before the turnover, there was massive upgrading and new investment in electronics, which paid off handsomely in the long run, though it contributed to the dot com bust in 2000-2001 once the investments leveled off. Second, we were not as tightly coupled as I had feared, so the failures I feared would happen, and those that did occur, did not cascade. But a pandemic brings much, much more into play and will reveal how tightly coupled our society has become.

One other thing to watch for: We have not done a good job in mapping out the linkages between our critical infrastructures. I think more substantive work needs to be done in this area. The Naval Post Graduate School in California has done some work in this area. But we need more work such as this to show the linkages between how they all interact and where the critical nodes are to better protect them through redundancy.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.