Below is a paper that Nate Lee wrote in 2021 and finalized and presented at a conference in 2022. It outlines scenarios that could result from using the United States’ control of the global financial system, including payments and settlement, in uncircumspect ways. It will serve as a background for some of our coverage to follow on the collapse of dollar hegemony as the U.S. overplays its hand. It has been presented entirely unedited in order give the reader an accurate sense of its predictive value.
The State of Play
The U.S. State Department is raising the stakes of secondary sanctions on entities who would do business with Iran, signaling the seriousness of threats to those who refuse to comply with efforts to contain Iranian nuclear energy and missile technology development (1). However, there are justifiable questions on the table about the effectiveness and enforceability of sanctions, due to both a volume of literature incommensurate with the importance of sanctions and recent events. A recently broken story based on financial investigative files by U.S. authorities shows that the North Korean regime moved money through transfers via prominent New York banks, including JPMorgan Chase and BNY Mellon, using Chinese shell companies (2). If rogue states can circumvent the U.S. banking system with statesupported third-party actors acting to keep the transactions’ true illicit nature barely above the liminal threshold, then the impact of sanctions via the United States’ financial apparatus is expectedly marginal. This essay will explore a more drastic alternative that is motivated by this state of play: un-banking an entity in the international financial system using SWIFT, which will be herein called the “SWIFT disconnect.” Such actions raise the force escalation threshold of sanctions to the extreme and do not come without attendant risks that must be managed and warrant calibration and even review of the policy.
This paper seeks to answer the following question: what are the logical practical and strategic consequences of employing the SWIFT disconnect as a sanction instrument? We survey the literature on sanctions and limited existing socio-technical and network-theoretic literature on SWIFT as a technical system and attempts to reconcile the latter within the context of the former. The novel contribution made by this work is a policy argument about the viability of SWIFT as a tool for sanctions using informal network theory concepts that show network breakdown as potentially a simultaneous top-down and bottom-up manifold of processes. Herein, it is proffered that network opacity and heterogeneity as well as the economic competition that makes network diffusion persistently desirable imply that SWIFT disconnections cannot reliably be used as a tool for sanctions in the current financial technology innovation environment. The paper anticipates a broader argument about financial technology innovation being fundamentally an international security problem in an environment of technical globalization because of the boundary management problem.
The Available Literature on Sanctions
The canonical early work on sanctions is Economic Sanctions Reconsidered: History and Current Policy. Armed with a copious volume of case studies, the authors investigated the conditions in which sanctions were effective at achieving foreign policy goals and the related costs and estimating the effectiveness of sanctions at about a third of cases (3). They defined sanctions as, essentially, the intentional cutting of trade or financial ties in pursuit of a sender state’s foreign policy objectives in lieu (though often in advance) of war and as distinct from other economic policy tools. We will preserve this definition herein. We will also retain the notion that standard sanctions are best situated in the middle of the force escalation spectrum between diplomacy and covert action, in order to define the SWIFT disconnect precisely as the extreme end of the sanction's interval on that spectrum. Another critical notion is that one of the failure states for sanctions is when target nations respond by establishing effective commercial or financial alternatives.
Other authors followed from this foundation. Much of the subsequent literature has been about the effectiveness of sanctions. Pape asserts that sanctions have a dismal success rate and have limited independent effect on foreign policy goals (4). Though Pape set a high bar for sanctions’ success and questionably insisted on the value of an economic measure, GNP loss, as the primary metric for the effectiveness of sanctions, which we have already defined as a foreign, not economic, policy tool. Drezner, taking a more nuanced game-theoretic approach, argues that sanctions perceived low success rate is due to selection effects (5). Drezner establishes that sanctions are most efficacious when used as a threat signal rather than when effectuated. Lektzian and Souza find that sanctions against nondemocratic regimes risk enabling rent-seeking by the narrow winning coalition, and by implication must be targeted for good effect (6). Finally, Crozet and Hinz investigate the unintended consequences of sanctions for sanctioning, rather than targeted, countries. They find that there exists a “friendly fire” effect that results in greater losses from surprising places that were not the target of countersanctions (though the total of this friendly fire effect may not be directly caused by sanctions) (7). This theme of unintended consequences will emerge again in short order.
The SWIFT Technical System
The Society for Worldwide Interbank Financial Telecommunications (SWIFT) is the suite of technologies and standards that replaced the legacy telex system for messaging in support of interbank transactions, clearing, and settlement, and is of phenomenal scale (8). Fundamentally, financial messaging technology emerged in the 19th Century to reduce arbitrage opportunities by dampening securities price differentials in distal markets, but a mature SWIFT system was not developed until 1973 as the standardized messaging infrastructure for exchanging financial information. This was done in response to, inter alia, the specific problems of multinational corporations’ payment systems being serviced by transnational banks in need of methods for reducing errors and ensuring reliability in a high-volume, farflung network (9). One might even argue that SWIFT is the substrate of financial globalization by providing reliable connectivity in support of cross-border transactions. SWIFT is the Registration Authority for ISO standard Business Identifier Codes (BIC), often called “SWIFT codes”). This data element identifies individual parties in the international financial system. SWIFT also supports compliance for financial crime identification and reporting (10). Thus, it has some native role in international financial security.
Perhaps the canonical academic work about SWIFT is Scott and Zachariadis (11). In this monograph the authors trace the history of SWIFT as a cooperative enterprise in standardization by the banking industry. They show that the most important characteristics of SWIFT are its security, reliability, and resilience. What underlies all of this is trust and risk management. SWIFT may be best characterized as more than a database with service over a distributed network via an application gateway enabling standardized communication, but as a risk management technique for interbank transactions-related information sharing. Notably, they discuss the most controversial related topic, namely network membership and diffusion. The development of SWIFT was initially motivated in no small part because European and other international banks did not want to be dominated by the standards, networks, and technology of US transnational banks. The network diffusion of SWIFT did ultimately enable non-bank corporations to have access via Closed User Groups, but denied access to certain types of financial firms, such as investment fund managers, that are favored in America. This occurred even as American bankers took prominent positions on the board. Now, it has become to some extent dominated by the geopolitical concerns of the US state. The associated political and regulatory risks are probably the greatest threat to the continued diffusion of the SWIFT network. This continued diffusion is necessary for the system to continue to be economically competitive, and accelerates the value of innovations over the network, which must take place lest SWIFT become a deprecated architecture.
The Network Topology of SWIFT
Analysis of the node-degree distribution of the SWIFT network shows that, for much of the network, it is log-normally distributed but for a part of the network it is power-law distributed (12). It possesses at least some of the characteristics of a scale-free network, which should imply it is resilient to breakdowns in random nodes, though it is likely vulnerable to disconnections of important hubs. Lebacher et alia (13) use inferential network theory methods to reconstruct the opaque binary network topology of the SWIFT structure. They find that minimum entropy models from physics and density corrected gravity models perform well at blind reconstruction because they adequately cover both large sparse and small dense network structures. A responsible inference one might draw from this is that the SWIFT network is composed of both sparse connections over broad expanses as well as high-density clusters near regional hubs and over high-traffic bilateral connections, with the highest volume connects of this type being between the US and China and the US and Hong Kong. This is consistent with earlier research on the MT 103 messaging network analyzed by Lebacher et al. (14). The SWIFT network also exhibits regionalism between the dense clusters and sparse periphery, indicative of the potential for a nested structure.
By far, the highest impact paper on the subject is Farrell & Newman (15). They discuss the state of play as one of “weaponized interdependence,” the titular concept of their essay. This paper is fundamentally about conflict and economic interaction and interdependence, with complex private networks in play that powerful states have some access control over. Much of the world’s sensitive financial transactions data goes through the SWIFT system. If powerful actors leverage the interdependencies that are asymmetrically to their advantage, then they can undermine the mutual dependence that enables the system to work. The Iranian SWIFT disconnect exemplifies the phenomenon of a privileged state utilizing global private networks to sanction a target state. In this way, a network of private actors becomes weaponized as an instrument of privileged state power. The informal strategic logic of weaponization of network interdependencies goes something along the lines of the privileged state wants to deny the target state access to a network and must shut off access to crucial hubs on the network but must risk the unintended consequences of breaking down financial or economic linchpins or network bridges that may compromise the local or general integrity of the system. This is the danger of discounting the hidden importance of insufficiently appreciated nodes that seem marginal. Furthermore, states that leverage network asymmetries in a unilateral way may cause broader breakdowns in the architecture of trust that buttresses the network. Using this technique in a way calibrated to be effective without actuating deleterious unintended consequences of disrupting critical information flows requires deep institutional knowledge, which is unlikely to be available in a broader prevailing imperfect information operating environment.
SWIFT in the News: NYT Exposes USIC Use of SWIFT Info in Terror Financing Threat Monitoring
The SWIFT system and its relevance to international affairs were perhaps first brought onto the radar screens of many observers of public affairs in 2006. The NYT broke the story that the Bush administration, via a joint CIA-Treasury program, had been using the SWIFT system to investigate terrorist financing, and that the Brussels consortium behind SWIFT had considered pulling out of the agreement until the intervention of no less a personage than Alan Greenspan and Robert Mueller (though the consortium was ultimately protected from liability litigation by U.S. litigants due to state secret privileges) (16). While SWIFT makes clear that it is a messaging system for money transfer protocols and does not contain accounts, the bank accounts and other personally identifying information of individuals subject to such transfers are ultimately retrievable, given the information available in the exchange messages, for the many financial institutions that are a part of it (in 2006, this was only about 70% of the now more than 11,000 financial institutions that are now part of the SWIFT system). Furthermore, as the SWIFT consortium is not a bank or other depositary institution (though many large banks are among its shareholders), it is not subject to the same regulations that protect the financial data of bank and other financial account holders. To be sure, the efforts did bear fruit and lead to actionable intelligence on those involved in international terrorism, and this was used by both the U.S. and Israelis. However, at the time the scope of the data collection on individual records was perhaps unprecedented and was reflective of the new broad authorities the Executive Branch had obtained after 9/11 (17). This came to known as the “SWIFT affair” and reflected the zeitgeist in which the U.S. Terrorist Finance Tracking Program was looking for preventive anti-terrorism “tools” and it seemed altogether reasonable to “follow the money” (18). This was perhaps a seminal moment for the discipline of financial intelligence (FININT) analysis. The workings of the terrorist financing investigations were a public-private partnership in which U.S.-based SWIFT data centers provided Treasury with a “black box” of bulk data extracts, pursuant to administrative subpoenas, that could be then searched via entity name where a known “terrorism nexus” had been established (Ibid.). Unsurprisingly, this use of secondary data of a European institution and containing reference to European citizens did not sit well with EU authorities.
The Weaponization of SWIFT
The opening salvo in the weaponized use of SWIFT came in March 2012. In a global first, SWIFT company announced it had been instructed by the European Council to disconnect Iranian banks from the system (19). This measure included the Iranian central bank, was done under pressure from the U.S. and Israel over Iran’s uranium enrichment program and was clearly aimed at preventing Iran from remuneratively repatriating dollars earned from its own oil trade (20). This amounted to a de facto asset freeze of the highest order. Iran had preemptively bought gold to reduce its exposure risk to these asset seizures (21). Yet, these measures proved insufficient in face of the high yield of the SWIFT bomb. Iran began importing Turkish gold and engaging in gold swaps with bullion-hungry Russia, India, and China, as well as initiating the pattern of using Chinese and Russian banks and shell companies to move money around the international financial system that persists to this day (22). These measures attenuated the impact of the SWIFT disconnect as a sanctions tool, but no doubt forced Iran into costly maneuvers that were painful for the nation’s people, government, and the Shia Islamic regime. For their parts, Russia and China are building alternative messaging networks for financial transactions, the SPFS and CIPS, respectively (23, 24)
The Possibility of Resistance Emergence
While the SWIFT disconnect no doubt hurt Iran and was part of a sanctions regime that functioned, as well as anything in the force escalation spectrum short of direct military action, as a credible deterrent. However, as a policy tool the SWIFT disconnect should be regarded as a nuclear option that, unlike other sanctions regimes, threatens to provoke more retaliatory deterrence than circumvention. There are a few foreseeable pathways for this blowback, and perhaps even more concerning unforeseeable dangers. Stare actors with more robust economies than Iran, particularly Revisionist Powers, can use their gold reserves to undermine the exchange value of the USD in retaliation, rather than as a mere asset seizure risk hedge. The eminent late Andrew Marshall was briefed on this via investment managers and SEC officials, to his deep concern (Ibid).
Cryptocurrency networks can also be used for transfers of value to a greater scale, though not without volatility risk greater than standard currency pairs. FinTech has managed to pick apart the allsource financial functionality of the traditional bank. This can be coupled with also the counterintuitive
model of those suffering from such pecuniary indigence that they are unbanked by common circumstance, to show how the unbanked can still operate in a transactional world economy. For instance, Yodlee is a disruptive banking API focused on personal financial management (25). Other FinTech startups such as Venmo and Zelle have managed to break into the payment processor space.
Uses of FinTech for payments by the economically disadvantaged in the developing world is exploding (26). This not only threatens to deracinate traditional financial institutions, but also threatens the locus of control they offer for sanctions systems. Excessive use of un-banking or cutting off payment processing of both international rogue regimes and intricate criminal syndicates along with domestic political dissidents and criminal networks threatens to accelerate the migrations to alternatives which will undermine the use of the policy when it is most needed. Why this is so will become clear in the next section. We must not toss out the jade to attract a brick, to invert an ancient Chinese stratagem.
A String Quartet: Analysis of the SWIFT Disconnect as a Networked Policy
From the academic literature on sanctions, we have a set of useful concepts: tendency towards inefficacy, threat signaling, careful targeting, and unintended consequences. From the professional literature on international messaging, settlement, and clearance technical systems, we know some essential properties of these systems: reliability, resilience, trust, heterogeneity, bimodal network structure with sparsity and density, the need for continued diffusion in order to remain economically competitive. From the reportage on current events, we have the path history of the SWIFT disconnect. In applying these concepts to the SWIFT system and its network in light of this history, we are now armed to better analyze the practical and strategic consequences of the weaponization of SWIFT. We just need one final piece of the puzzle from network theory. This quartet of sanctions research, technical knowledge, policy history, and network theory is the core of this work. We will assume some basic knowledge of network theory definitions. Precise formalizations are an at present unnecessary refinement for the notional model at the heart of the following argument.
If we think of the network connections over the SWIFT network between the US, Iran, and the European authorities as a triadic closure, and the connections between the US and the European network managers and the Iranians and the Europeans as generally positive and the relationship between the Iranians and the US as generally negative, then we are left with a structurally unbalanced triangle. This unnatural state of affairs is unlikely to persist and will likely result in either a repair of the relationship between the US and Iran or a breakdown in the relationship between Iran and the pair (27). Indeed, this breakdown of this latter disjunct did become the case. If this pattern were to persist due to a privileged node such as the US leveraging its asymmetric power over network management, then network disconnections could lead to a host of effects, depending on the extent.
At first, local bridges might span structural holes in the network, reducing efficiency. In looking at the components of such a disconnected network, nodes between them can become pivotal and develop outsized power, which could be an undesirable unintended consequence. This could have a deleterious effect on the reliability of the network, as some nodes develop importance above their level of trust or capacity for traffic management. Even more so, as information leaks about US behavior and influence over the network trickle out, the incentive to create top-down alternatives increases. Furthermore, the background environment of financial innovation leads to the construction of bottomup alternatives and alternate connections. As the general global financial telecommunications network becomes more disconnected, it could start to partition. The policy of using the SWIFT disconnect as a sanctions tool cuts spanning links in a process of divisive partitioning. On its own, this might reduce value, efficiency, and reliability. However, it is coupled with a second process of agglomerative partitioning through the pursuit of alternatives by strategically motivated large actors and by smaller actors engaged in financial innovations such as blockchain-based cryptocurrency network building. The combination of the two threatens network stability, including the resilience and availability that makes it viable as a technology because as the process of disconnection metastasizes over the network, it threatens to sever critical hubs. It also limits the possibility space of diffusion, which weakens the economic case for the system and threatens its very integrity.
All of the structural deficiencies aside, this alone does not imply that the SWIFT disconnect will not work over the long run. It merely implies that special care must be taken to analyze and assess the situation before targeting and deploying the tool. But is this possible? Network surveillance is possible in this environment. Powerful institutions can see the associations a node can form. However, those institutions may not be able to observe the content, salience, and priority of transactions across those associations without conducting the kind of spying that has already been leaked and is already eroding trust. As has been observed by another analyst in the preceding discussion, the SWIFT network is power law distributed over part of its domain, and this substantial imbalance can increase unpredictability and amplify network effects, including cascades and clustering (on partitions). This imperfect information context creates conditions of uncertainty in which unintended consequences occur and the scale of them cannot be predicted in advance with any reliability, rendering cost-benefit analysis for deploying the tool moot. In the absence of some sense of net effectiveness, the tool becomes irrationalized.
Conclusions and Future Directions
SWIFT disconnections to effectuate an un-banking to reify or supplement a sanctions regime must be treated as a financial weapon of self-destruction that may best function as a signaling mechanism. Overuse risks losing or at least degrading many of the most critical desiderata of the network from the perspective of the network architect and manager, as well as weaking the most valuable function of this financial weapon to privileged nations. Even more so, it harms the network itself. Whatever SWIFT does, it does this via providing connectivity. Cut the cords of these connections and the system does not function as intended. In this situation, SWIFT does not manage a client’s risks— it creates them! Thus, it is a suspect policy tool at best, a foolishly self-defeating one at worst. Its use is best avoided.
From a broader perspective, this scenario illustrates how financial innovation itself is threat to the centralized control of the financial system, which has been useful to authorities in combating genuine security risks such as resource flows to multinational terror networks. This makes financial innovation a security problem. Dealing with it requires policing the boundaries of a network that spans structural holes and emergent partitions (where bridged). Deciding who gets what access is a problem for network managers and influential geopolitical decision-makers alike. Deciding what innovative alternatives can be ramified is a problem for financial regulatory authorities. The set of both problems is the boundary management problem for the vast network that is the neurological system of the global financial system.
The basic network theoretic reasoning above forms a tractable approximation to a more complex underlying reality and serves, thereby, as only a thinking tool for policy analysis. Even when relaxing some assumptions, this approximation may robustly persist. Testing this model empirically via simulation or other methods is a practical next step, which is beyond the reach of the present research project’s time and budgetary constraints.
Postscript
Revisiting Old Friends
In Weaponized Interdependence, Farrell and Newman cleverly anticipated several important conceptual breakthroughs necessary to understand the salience of the foregoing paper:
The structure and function of international commercial technology networks is a complex battlespace for the combined effects of the nexus of state and private action.
Power is an independent variable in this battlefield of the mind.
Complex interdependence is a critical feature of this networked gladiatorial arena.
The network topography creates asymmetries of power over this complexly interdependent network.
A degree of freedom that this author may add to this equation is that there are feedback mechanisms that, whilst they may mean asymmetries of power persist in the long run, do not imply that current power dynamics are stable equilibria over the long term. As the authors clearly intimate, control over the central nodes of networked power systems is contingent upon the behavior of domestic and international regulatory institutions. These institutions have varying performance and succeed and fail over time. Foreign adversaries, empowered by domestic events, could re-center and gain control over global financial flows. Farrell and Newman identify two key effects: the panopticon effect and the chokepoint effect. The panopticon effect is the more passive and potentially long-lived of the two, giving a tremendous persistent surveillance advantage. It can be unintentionally sacrificed for the latter effect, when rivals are choked off from access to the network and network breakdown results.
This paper previously explored, rather generally and abstractly, how such a network breakdown might occur organically over time. This postscript takes a different tack and seeks to interrogate a new question: how might threat sources intentionally reverse the chokepoint effect, leaving the dominant player—the United States—out in the cold in global financial information flows? First, we will develop a plausible threat model stack. Then, we will examine vulnerabilities specific to the structural features of the network that could be exploited. We will then explore a possible attack scenario at a high level, and then follow this on with a brief conclusion.
A New Threat Model Emerges
An important early threat model in the financial payments system domain was that of terrorist financing. This was more of a combination of both institutional and non-institutional threats and counterthreat efforts were centered around anti-money laundering. Sophisticated perspectives regarded combating terrorist financing as its own conflict domain, drew definitional distinctions between terrorist financing and cartel money laundering (esp. since the former often involved transfer from legitimate sources to illicit ones) and identified the core problem as one of the impossibilities of comprehensive monitoring at scale (28). It is undeniable that the global financial system is tremendously vulnerable to penetration by skilled threat sources engaged in terrorist financing. Still, in the post-9/11 terrorist environment money laundering remained a salient concern along with terrorist financial flows, particularly over alternative remittance systems (ARS) with networks that partially paralleled mainstream financial systems (29). ARSs, despite being labeled “alternative”, predate formal banking and financial systems by centuries. They were supplanted by large-scale technology-enabled financial networks but can exist simultaneously, are reinforced as a cultural endowment, and can allow an endrun around better monitored formal finance flow systems. The struggle of Western law enforcement and intelligence agencies, along with other state institutions, to build an effective regulatory regime to contend with ARS in the wake of the Global War on Terror illustrates the risk of alternative networks to the Anglo-European power matrix of control over global financial networks.
Even more so than networked transnational terrorist threat source, nation-state actors pose profound risks as a threat source in the weaponized interdependence context. When the EU sanctioned the Russian Federation for its involvement in the upheaval in the Ukraine, entire sectors faced restrictions, including the Russian public financial sector (30). Jones and Whitworth justifiably expressed deep concern that the demonstration effect of such an onerous sanction regime would lead national actors to seek alternatives to European-mediated financial payment systems and the technologies that underlie them as an unintended consequence. The post-Russia sanctions movement toward alternatives has only continued the trend of distrust in Anglo-European market institutions that developed after the Iranian SWIFT disconnect. Not merely a game theoretical concern, Russia did look for alternatives due solely to the demonstration effect and continued threat of a SWIFT disconnect of its own (31). It should also be noted that financial networks and banking systems, even central banking, do not exist in economic isolation, and their capacities for developing alternatives depend on developing real economic alternatives to the supply chain for critical goods and services as sanctions and counter-sanctions regimes heat up. Additionally, some more recent scholarship is far more sanguine about the effectiveness of contemporary sanctions regimes in lieu of military mobilization as a means of compellence, and seem far less concerned about the potential unintended consequences (32).
While it is uncontroversial that the EU’s control over financial messaging technology and the payment systems that depend on it coupled with the U.S. dollar’s hegemony as both as reserve and, arguably even more importantly, clearing currency for foreign exchange in trade give them asymmetric leverage over the international financial system, the possibilities of challenges to the system mean the logical and practical consequences of flexing this muscle may provide for a short run at the top. Caytas (33) brilliantly elucidates how this weaponized finance promises to be effective only if it can be kept within reasonable constraints which limit its use. Caytas is the originator of the metaphorical notion, employed in the above paper, that the SWIFT disconnect is akin to crossing the nuclear threshold. This may be a stronger statement than one might be willing to make, as there are some important disanalogies between the two weaponizations. However, it is harder to question that proposition that the SWIFT disconnect is dramatically escalatory. While Caytas deftly maneuvers about the curves of the legal framework, she is clear to introduce the subtlety that it is not merely the law but the technology itself that produces the risk of unintended consequences. Implicit in her reasoning is a threat model where major Revisionist powers develop technological alternatives that disrupt the status quo ante.
Yet, there is no fundamental reasoning or empirical observation which restricts the analysis to a threat model where Revisionist powers have an interest in merely building and migrating towards an alternative. A more robust threat model and one that is entirely plausible is that these nation-state threat sources would seek to actively undermine the existence of the current SWIFT-mediated global payments system in favor of their own. Such a threat model does not appear to have been previously considered. More than an acceleration of the organic top-down breakdown of the SWIFT manifold analyzed above, this threat model posits an intentional fatal assault on the system from a high level— attempted homicide, as it were. This threat model posits a Chinese rival who:
Has access to send and receive an arbitrary number of transfer payment messages, as well as other standard functionality necessary to restrict resources and degrade service.
Knows the network architecture and can observe the structure but not the density or size of edges or nodes to which it is not directly connected.
Seeks to compromise the availability of the network to support the migration of other parties to its own proprietary alternative payment system where it has asymmetric leverage.
We can also assume that the threat source can make reasonable inferences about network traffic, size, and density based on open source economic and financial data as well as its own private intelligence information. The system is peculiarly vulnerable to such a disruption, for reasons that will be stated in the next section.
The Deep Topology of the Network
As discussed above, Lebacher et alia analyzed the SWIFT credit transfer messages using a network reconstruction algorithm over a 182-month time period. It is worthwhile to note that they assumed that infrastructural institutions were so important to the payment transfer messaging network that they treated them as separate countries. These critical infrastructure components are incorporated into the standard network with no special isolation characteristics or firewalls. It is also important to note that they found transaction volume (high) and density (though relatively low for the scale) increased over time, and we would expect the messaging network to be potentially vulnerable to denial of service during surge capacity peaks as any computer network. We also might assume as Lebacher et alia did that the traffic volume is a function of the economic size of the participants, and thus high economic size dyads have the most persistent high traffic volume and thus may be most vulnerable to denial of service. The largest dyad in the network is the United States and China, which is a considerable vulnerability in our threat model. The overall character of the network is large and sparse, with densities that are somewhat difficult to estimate reliably. The cumulative in-degree and out-degree centrality grow linearly and are near-uniformly distributed, so the network is not especially vulnerable to contagion effects due to high in-degree centrality or the impact of prominent nodes, or due to the high exchange and dispersion characteristics of high out-degree centrality.
Cook and Soramaki (34) have perhaps the closest entry to a canonical paper on the SWIFT network topology. Like Lebacher et alia, they characterized the network based on the credit transfer payment messages, which is the most common message class. They used a shorter time window, but a larger sample set of participants than Lebacher et al. This is in part due to new banking regulatory regimes which reduced the size of the network by the time the latter study was conducted. Some sources suggest the remaining relationships were deeper, but no meaningful evidence was adduced to support this proposition. They find that transformed GDP and a few of political interconnection do predict message volume per connection. This supports the assumption that threats can infer basic information about network properties from historical data. Further, network reciprocity is a broadly veridical aspect of the system, and this makes it difficult for individual nations to effect unilateral disconnects from the system given the importance of reciprocal connections.
Slain by the Dragon: An Attack in C Major
While Russia may play a disruptive role, Farrell and Newman explicitly identified China as the only non-Occidental power capable of achieving dominance in the weaponized interdependence conflict surface. Therefore, this paper will only posit that China develops a mature rival financial messaging system with the potential for network effects and economies of scale and scope. In this formulation, it is China who seeks to turn the tables on the network inequality condition. Russia could be a player engaged in stackable disruptions that are force multipliers for Chinese efforts, though this Sino-Russian compound can be treated as a single complex entity with respect to the vulnerabilities it exploits. This paper will develop and game out by scenario but not test such a model, as it is beyond the scope of this effort given time constraints.
The Sino-Russian advanced persistent threats (APT) model seeks to eliminate chokepoint effect risks for itself by creating an alternative payment system and then drawing most of the non-compromised users to its network. It will do this by attacking the availability of the SWIFT network with denial-of-service attacks. Though these will differ in specific technical procedure from those used over the standard internet and require specialized computers and software they do not differ in basic form or strategic logic (the details are not important for policy evaluation). The Sino-Russian APT seeks to conceal attribution of the attacks to its agents under threat of network disconnection, until such time as its own networks have reached a critical mass of participation from rivals. The strategic logic of this is that if the EU institutional controllers rush to attribution and are premature in a SWIFT disconnect, the demonstration effect could lead to migration to the Chinese rival payment system. So long as the APT can obscure its effort to a point of plausible denial, it can persist in the attacks. However, efforts to prevent attribution also reduce effectiveness. Due to the network being somewhat resistant to contagion and this creates more attribution risk than it is worth, the APT does not seek to recruit new participants in its own network to be saboteurs of SWIFT unless they also have critical network connections, which can be inferred with some probability. We can also assume that connections on the SWIFT networks survive even when third parties migrate to the rival alternative payment system set up by the Chinese. As Cook and Soramaki show, this tends to be the case with migrations from older versions of the Western financial networks to newer ones. Thus, continued competition exists, and the West can partially recover its network using diplomatic, public relations, and technical recovery procedures (but these bring further tradeoffs, as will be explained).
The Chinese and Russians are in the process of developing such alternative payment systems, as discussed in the original paper. We can assume they launch the attacks once the Chinese system is regarded as mature and secure. We can further assume that Iran and its regional allies are early adopters, as they have already suffered the SWIFT disconnect and have no reputational costs or risk from committing to the migration to the Chinese payment system. The APT begins by attacking the U.S.China and U.S.-Russian edges. Cook and Soramaki define both U.S. and China as core nodes, making this a devastating attack surface. The current SWIFT security scheme relies heavily on intrinsic network properties such as general sparsity and historical stability of core nodes and their edges for reliability, as well as controlled scaling of the messaging technologies by the SWIFT Institute and its developers. It has all the same vulnerabilities as a marginally secured public utility, which is essentially what it is. Network topology vulnerabilities are known to be a specific problem for availability and are known to increase in a linear fraction with the number of nodes in a broadly wheel model like the core SWIFT system (communication model for the computation of vulnerabilities using classic graphs has the formula as
{n+1}/{n+5}, given 203 (odd numbered) nodes as used in Lebacher et al.) (35). If continued connections tend to survive after migration, then the vulnerability does not decline as the Sino-Chinese APT threat succeeds. As the attack continues, the curators respond and attempt to adapt as though they are conducting rapid scaling of the network. If they succeed before a critical mass of migration is reached, the muted low-probability attributable attacks may fail to achieve the desired outcome by the attackers and poorer performance may not translate into a general state of persistent non-availability for functional purposes. If they fail, the attack severely damages the reputation and continued use of the
SWIFT system and drives adoption of the best alternative. If a robust rival emerges, then the
Anglosphere powers and the EU lose the ability to use SWIFT for either chokepoint effect disconnects or panopticon effect surveillance. Maintaining leverage for control against non-traditional threats such as terrorist financing transnational actors becomes more of a Sisyphean than Herculean task. A failure state for Western financial systems as well as law enforcement and intelligence agencies is reached. An exponential explosion in undesired financial behavior becomes possible.
A Second Run at a Conclusion
This postscript explored the idea that flaws in the security scheme of the SWIFT networks given a threat model focused on compromising availability are potentially onerous. There are existing disintermediation pressures on these networks (from, inter alia, crypto-based exchange systems), and there are also rival alternative systems in the works. These rivals have multifaceted interests in decentering and then recentralizing financial intermediation systems. Furthermore, the very network topology of the system enables vulnerabilities to network availability. The key feature of the network is reliability and if accessibility is consistently compromised, then an exodus to alternatives is a very real possibility. The contours of the possibility space of this great game are emerging in clearer form and the central tradeoff is laid bare: policymakers risk trading off the ephemeral effects of network access control in exchange for the longer-term informational advantages of profound surveillance. This tradeoff exists in highly specialized financial messaging technologies and the hub-and-spoke models that have emerged from them in ways it does not with the broader internet. In both cases, a persistent information rich environment exists for privileged observation by those capable of infiltrating or controlling the hubs. The opportunities diverge at the point of access control by the discretion of those favored in the power imbalance, where in the SWIFT space the Anglosphere powers have coercive influence. However, a two-front symmetric strategy may be advisable, and it may be far wiser to tend and curate these webs like a spider that carefully avoids alerting its unsuspecting victim to its presence—watching and waiting—rather than making a premature move and, in over-signaling its presence, sending the fly into another parlor.
Enumerated References
1. https://thehill.com/homenews/administration/517265-us-reimposes-un-sanctions-on-iranamid-increasing-tensions
2. https://www.msn.com/en-us/news/world/secret-documents-show-how-north-korea-laundersmoney-through-us-banks/ar-BB19exrg
3. Hufbauer et al. 1990. Economic Sanctions Reconsidered: History and current policy. Washington, DC: Institute for International Economics.
4. Pape, R. (1997) International Security, (22)2 pp. 90–136
5. Drezner, D. (2003). International Organization, 57, pp. 643-59.
6. Lektzian D. & M. Souza (2007). Journal of Conflict Resolution 51(6), pp. 848-71.
7. Crozet, M & J, Hinz (2020). “Friendly fire: the trade impact of the Russia sanctions and countersanctions" Economic Policy. 35(101) pp. 97–146.
8. https://www.swift.com/about-us/discover-swift/messaging-and-standards
9. Scott, S.V. & M. Zachariadis (2012). Origins and development of SWIFT, 1973–2009. Business History, 54 (3). pp. 462-482.
10. https://www.swift.com/about-us/discover-swift/products-and-services
11. Scott, S.V. & M. Zachariadis (2014). The Society for Worldwide Interbank Financial
Telecommunication (SWIFT): Cooperative governance for network innovation, standards, and community. NY: Routledge.
12. https://swiftinstitute.org/wp-content/uploads/2012/10/The-Statistics-of-Payments_v15Chapter-12-What-is-the-topology-of-your-payment-network.pdf
13. Lebacher M. et al. (2019). “In search of lost edges: a case study on reconstructing financial networks” arXiv:1909.01274.
14. Cook, Samantha and K. Soramaki.“The Global Network of Payment Flows” (September 23, 2014). SWIFT Institute Working Paper No. 2012-006, Available at SSRN: https://ssrn.com/abstract=2503774
15. Farrell, H. and A.L. Newman (2019). Weaponized Interdependence: How Global Economic Networks Shape State Coercion International Security, 44(1), pp. 42-79.
16. https://www.nytimes.com/2006/06/22/washington/22cnd-intel.html
17. https://www.nytimes.com/2006/06/23/washington/23intel.html
18. Amicelle, A., “The Great (Data) Bank Robbery: Terrorist Finance Tracking Program and the 'Swift Affair'” (May 1, 2011). Questions de recherche / Research Questions, Centre d'études et de recherches internationales (CERI-Sciences Po/CNRS).
19. https://www.swift.com/insights/press-releases/swift-instructed-to-disconnect-sanctionediranian-banks-following-eu-council-decision
20. https://www.nytimes.com/2012/03/16/world/middleeast/crucial-communication-networkexpelling-iranian-banks.html
21. https://www.google.com/amp/s/amp.ft.com/content/cc350008-5325-11e0-86e600144feab49a
22. Rickards, J. (2017). The Death of Money: The Coming Collapse of the International Monetary System. NY: Penguin Random House.
23. https://www.russia-briefing.com/news/russias-spfs-alternative-payment-network-entersinternational-markets.html/
24. https://www.chinabankingnews.com/2020/09/07/over-1000-financial-institutions-expected-tojoin-chinas-renminbi-cross-border-payments-system-by-end-of-2020/
25. https://developer.yodlee.com/
26. https://www.google.com/amp/s/mg.co.za/opinion/2020-09-20-e-payments-for-the-unbankedare-booming/%3famp
27. Easley, D. & J. Kleinberg (2010). Networks, Crowds, and Markets: Reasoning about a Highly Connected World. Cambridge: Cambridge University Press.
28. Stringer, K.D., “Tackling threat finance: a labor for Hercules of Sisyphus” (Spring 2011). Parameters, 41(1), U.S. Army War College.
29. Cooper, K.A. (2014). A critical examination of the anti-money laundering legislative framework for the prevention of terrorist finance with particular reference to the regulation of alternative remittance systems in the UK. Leeds: University of Leeds School of Law.
30. Jones, E. & Whitworth, A., “The unintended consequences of European sanctions on Russia” (2014). Survival , 56 (5), pp. 21–30.
31. ‘Russia Looks for Alternatives to SWIFT to Curtail Sanctions Risk’, Moscow Times, 21 August 2014, http://www.themoscowtimes.com/business/article/russia-looks-for-alternatives-to-swiftto-curtail-sanctions-risk/505617.html
32. Gould-Davies, N., “Russia, the West and Sanctions” (2020). Survival 62 (1): 7–28.
33. Caytas, J.D., “Weaponizing Finance: U.S. and European Options, Tools, and Policies,” Columbia Journal of International Law, 23(2) (Spring 2017), pp. 441–75.
34. Cook, S. & K. Soramaki (2014): “The global network of payment flows,” SWIFT Institute Working Paper.
35. Laszka, A. & A. Gueye. “Network Topology Vulnerability/Cost Tradeoff: Model, Application, and Computational Complexity”. Vanderbilt University.