Advertisement

We Must Face a Connected World’s ‘Butterfly Effect’

Share via
R. James Woolsey, director of the CIA from 1993 to 1995, is a vice president at the consulting firm Booz Allen Hamilton, where he focuses on national and international security. Rachel K. Belton is a senior consultant at the same firm.

One fine morning three weeks ago, a bird landed on a wire overlooking Los Angeles. Unfortunately, the wire was a power line to Los Angeles International Airport, and the ensuing blackout delayed nearly 100 flights. Although power returned in 10 seconds, communications and air traffic control facilities were hard hit; some took hours to restore. More than an hour later, 40 delayed planes and hundreds of travelers were still circling overhead.

Such sensitivity to small events is an integral feature of all complex, interconnected systems. Scientists coined a term to describe how small events can reverberate through complex networks and systems to cause major, even catastrophic, effects -- the “butterfly effect,” which posits that the flapping of a butterfly’s wings in Brazil can create a Texas tornado.

Thanks to globalization, interdependent systems are everywhere. From food production to financial transfers, the electricity grid to the Internet, our critical infrastructures are connected to one another across the globe. And as passengers discovered that morning, this interdependence leaves us open to new threats, both unintentional and man made.

Advertisement

One type of threat results from the unintended consequences of interdependence -- let’s call these malignant threats. They range from the bird on the wire to far more dire and far-reaching problems. Europeans, for example, are not trying to cause a health crisis in Africa by choosing to have fewer children. Yet graying European populations have impelled hospitals to recruit substantial numbers of healthcare workers from Africa, reducing the ability of that continent to deal with AIDS. The American taste for gas-guzzling SUVs may affect the ozone, raising world temperatures. Higher temperatures are already melting ice caps and causing sea levels to rise. We have nothing against coastal resorts or low-lying countries like Bangladesh, but we may end up flooding them anyway.

And that’s only half of it. Interdependent networks are also increasingly vulnerable to planned attacks -- call these malevolent threats. The Sept. 11 attack killed thousands of people and destroyed the World Trade Center’s twin towers. But it also precipitated a network failure that cascaded across interdependent systems. By taking out a major subway and train hub, telephone towers and a significant portion of America’s financial services, the attackers used interdependence to multiply the effects of the catastrophe and made response more difficult.

We may be tempted to treat malignant threats as long-term problems and malevolent threats as pressing -- but the distinction is false. We don’t get to choose between dealing with one or the other. Both can cause catastrophic damage. And one can exacerbate the other, by design or coincidence.

Advertisement

A few trees falling on a power line in Ohio caused the blackout that engulfed the East Coast last summer -- a malignant threat coming to fruition. A malevolent computer hacker made it worse. On the day of the blackout, the Blaster worm infected and degraded equipment used to manage the power grid. The attack probably slowed utilities’ ability to contain the cascading damage. The hacker didn’t intend such harm.

Now imagine that terrorists had attacked during New York’s blackout, when lights were off, streetlights were down and hospitals were dependent on emergency generators. A number of Al Qaeda’s more senior members have engineering and other technical backgrounds. As they proved with 9/11, they understand well the malignant and malevolent vulnerabilities caused by our interdependent networks, and they know how to take advantage of them.

Analyzing both kinds of threats simultaneously can lead to better solutions than looking at them in isolation.

Advertisement

Take the electricity grid. Building resilience could help contain damage, whether caused by a bird, a tree or a terrorist. Encouraging “distributed energy production” -- lots of small generating plants linked to portions of our critical infrastructure, rather than a few large plants -- is one way to reduce spillover effects and keep terrorists from knocking out large sections of our grid. Getting utilities to stockpile spare parts, such as modular transformers that could replace, temporarily, those on huge (and vulnerable) power towers, would also build resilience. Keeping both kinds of threats in mind, we should disperse replacement equipment -- lest a warehouse of stored transformers become a tempting terrorist target.

For real security, the U.S. must build such resilience into a whole host of fundamental infrastructures. Because businesses own more than 85% of that infrastructure, this will require the creation of yet another network -- between the public sector and the private sector. Already, for example, public and private hospitals are working with pharmacies and national security agencies to make possible the early identification of naturally occurring diseases (such as SARS) and bioterrorism.

We won’t be able to prevent all attacks, but if business and government cooperate in analyzing the possibilities and devising protective measures, we may be able to make such threats considerably less catastrophic. And that would be a substantial gain over where we are now.

Advertisement