Fiscal contingency planning for banking crises

There is constant demand for an estimate of the likely fiscal costs of future banking crises, but little precision can be expected in such an estimate. The author shows how information that is typically available to authorities could be used to get a general sense of the order of magnitude of the direct fiscal liability. What is required for such an estimate? 1) Information about the size and composition of the bank's balance sheets. 2) Expert assessments of the accuracy of the accounting data and of specific short-term risks to which the components are known to be subject. The author's method distinguishes between losses that have already crystallized and the changing risks for the immediate future. By including contingency planning for banking collapse in their fiscal calculations, authorities may risk destabilizing expectations or worsening the moral hazard in the system. But the risks of contingency planning generally outweigh the risks of sending confused signals. Insisting on ignorance is a poor way to protect against announcement errors that trigger panic.Insurance&Risk Mitigation,Banks&Banking Reform,Financial Intermediation,Payment Systems&Infrastructure,Financial Crisis Management&Restructuring,Banks&Banking Reform,Financial Intermediation,Financial Crisis Management&Restructuring,Insurance&Risk Mitigation,National Governance

Remedying Security Concerns at an Internet Scale

The state of security across the Internet is poor, and it has been so since the advent of the modern Internet. While the research community has made tremendous progress over the years in learning how to design and build secure computer systems, network protocols, and algorithms, we are far from a world where we can truly trust the security of deployed Internet systems. In reality, we may never reach such a world. Security concerns continue to be identified at scale through-out the software ecosystem, with thousands of vulnerabilities discovered each year. Meanwhile, attacks have become ever more frequent and consequential.As Internet systems will continue to be inevitably affected by newly found security concerns, the research community must develop more effective ways to remedy these issues. To that end, in this dissertation, we conduct extensive empirical measurements to understand how remediation occurs in practice for Internet systems, and explore methods for spurring improved remediation behavior. This dissertation provides a treatment of the complete remediation life cycle, investigating the creation, dissemination, and deployment of remedies. We start by focusing on security patches that address vulnerabilities, and analyze at scale their creation process, characteristics of the resulting fixes, and how these impact vulnerability remediation. We then investigate and systematize how administrators of Internet systems deploy software updates which patch vulnerabilities across the many machines they manage on behalf of organizations. Finally, we conduct the first systematic exploration of Internet-scale outreach efforts to disseminate information about security concerns and their remedies to system administrators, with an aim of driving their remediation decisions. Our results show that such outreach campaigns can effectively galvanize positive reactions.Improving remediation, particularly at scale, is challenging, as the problem space exhibits many dimensions beyond traditional computer technical considerations, including human, social, organizational, economic, and policy facets. To make meaningful progress, this work uses a diversity of empirical methods, from software data mining to user studies to Internet-wide network measurements, to systematically collect and evaluate large-scale datasets. Ultimately, this dissertation establishes broad empirical grounding on security remediation in practice today, as well as new approaches for improved remediation at an Internet scale

POISED: Spotting Twitter Spam Off the Beaten Paths

Cybercriminals have found in online social networks a propitious medium to spread spam and malicious content. Existing techniques for detecting spam include predicting the trustworthiness of accounts and analyzing the content of these messages. However, advanced attackers can still successfully evade these defenses. Online social networks bring people who have personal connections or share common interests to form communities. In this paper, we first show that users within a networked community share some topics of interest. Moreover, content shared on these social network tend to propagate according to the interests of people. Dissemination paths may emerge where some communities post similar messages, based on the interests of those communities. Spam and other malicious content, on the other hand, follow different spreading patterns. In this paper, we follow this insight and present POISED, a system that leverages the differences in propagation between benign and malicious messages on social networks to identify spam and other unwanted content. We test our system on a dataset of 1.3M tweets collected from 64K users, and we show that our approach is effective in detecting malicious messages, reaching 91% precision and 93% recall. We also show that POISED's detection is more comprehensive than previous systems, by comparing it to three state-of-the-art spam detection systems that have been proposed by the research community in the past. POISED significantly outperforms each of these systems. Moreover, through simulations, we show how POISED is effective in the early detection of spam messages and how it is resilient against two well-known adversarial machine learning attacks

Towards an Operational Framework for Financial Stability: "Fuzzy" Measurement and its Consequences

Over the last decade or so, addressing financial instability has become a policy priority. Despite the efforts made, policymakers are still a long way from developing a satisfactory operational framework. A major challenge complicating this task is the “fuzziness” with which financial (in)stability can be measured. We review the available measurement methodologies and point out several weaknesses. In particular, we caution against heavy reliance on the current generation of macro stress tests, arguing that they can lull policymakers into a false sense of security. Nonetheless, we argue that the “fuzziness” in measurement does not prevent further progress towards an operational framework, as long as it is appropriately accounted for. Crucial features of that framework include: strengthening the macroprudential orientation of financial regulation and supervision; addressing more systematically the procyclicality of the financial system; relying as far as possible on automatic stabilizers rather than discretion, thereby lessening the burden on the real-time measurement of financial stability risks; and setting up institutional arrangements that leverage the comparative expertise of the various authorities involved in safeguarding financial stability, not least financial supervisors and central banks.