Executive Summary:
1. Stuxnet is the most advanced instance of computer malware that is publicly known.
2. Stuxnet was designed to attack the Iranian nuclear program.
3. Stuxnet was developed by a nation state as opposed to an individual hacker, and the most likely nation state is Israel.
4. Stuxnet has likely had success in damaging the Iranian nuclear program, but the full extent of the damage is not yet known.
Introduction:
I have wanted to write about stuxnet for some time. It is hard to find any single article that fully describes the situation, since people who write on geopolitics usually are not experts on computer viruses, and experts on computer viruses are not usually experts on nuclear weapons programs. I am a computer professional conversant with geopolitics, but I don't know much about nuclear weapons programs. In this article, I will try to distinguish between what I know, what can be surmised, and what can only be guessed.
Timeline of Events:
1. On May 9, 1979, Habib Elghanian, a Jewish Iranian businessman, was executed by the new Islamic leadership in Iran for spying for Israel. The execution shocked the Iranian Jewish community and led to large scale Jewish emigration from Iran. The date may be significant, since stuxnet uses the code 19790509 on a Windows registry key to indicate its presence on a computer.
2. Stuxnet development probably began in 2007.
3. One instance of stuxnet executable code has a date of January 2009. Microsoft estimates that this may have been when it was first deployed, though other experts from Symantec estimate that the first deployment was in June 2009.
4. In May 2009, Iran has 4756 operating centrifuges enriching uranium at their Natanz nuclear facility. In August, the number of operating centrifuges drops to 4592, then drops further to 3936 in November. These drops take place despite Iran installing an increased number of centrifuges during this time period. Clearly, there was some systemic problem with the centrifuges.
5. In July 2009, wikileaks announces that there has been a serious nuclear incident at Natanz.
6. On June 16, 2010, stuxnet is detected by VirusBlokAda, a virus detection company. On the same day, two web sites in Malaysia and Denmark, www.mypremierfootball.com and www.todaysfutbol.com, shut down. The web sites were acting as mother ships to monitor the progress of stuxnet and to provide periodic updates to it.
7. On July 16 and July 22, 2010, Verisign Corporation revokes two public encryption keys that were stolen and used by stuxnet.
8. On August 22, 2010, well behind schedule, the Bushehr nuclear reactor is commissioned, though it does not go online.
9. On September 26, 2010, Iran's State News Agency announces that its Bushehr nuclear reactor had been infected by stuxnet, though they deny any damage was done. The Bushehr reactor is not yet online as of the date of this writing (December 20, 2010).
10. On November 16, 2010, Iran shut down all its centrifuges at the Natanz nuclear facility, according to the International Atomic Energy Agency. They were restarted several days later.
11. On November 30, 2010, Iranian President Mahmoud Ahmadenejad says that stuxnet had been detected and controlled in Iran.
12. On December 9, 2010, Eric Byres of Tofino Industrial Security says that his site is getting a tremendous number of inquiries from Iran, and indicates his belief that stuxnet is still not under control in Iran.
13. On December 14, 2010, Microsoft releases a fix for the last of the four zero-day security vulnerabilities exploited by stuxnet.
14. On June 24, 2012, stuxnet is designed to automatically shut itself down.
Part 1 - Overview of the Stuxnet Software:
A full understanding of the stuxnet software itself was not possible until November 2010, because stuxnet, as detected, consisted of a large (600 kb) portion of binary executable code. It is painstaking to reverse engineer executable code into source code - a process roughly akin to putting toothpaste back into a tube. For purposes of this discussion, I have chosen to distinguish between the carrier portion of stuxnet and the payload, or weapon, of stuxnet. Both are unprecedented in their scope and complexity.
The carrier portion of stuxnet exploits security vulnerabilities in the Microsoft Windows operating system to spread on Windows computers. In a typical scenario, stuxnet would reside on an infected USB device like a flash drive. When the flash drive is plugged into a computer with the Windows operating system, Stuxnet uses a previously unknown vulnerability to load itself onto the computer without the user's knowledge. It then uses two additional previously unknown vulnerabilities to give itself administrative privileges, allowing it to do anything on the computer that it wants. It installs a windows "rootkit" to hide itself from the user - if you looked for a stuxnet file you wouldn't see it. It then uses a fourth previously unknown vulnerability to copy itself to all other computers connected to the same network printer, if the computer is part of a network.
Before we go further, we should point out that the use of four previously unknown vulnerabilities is unprecedented. Unknown vulnerabilities, also called "zero day" vulnerabilities, are like nuggets of gold to a hacker, since each one can be used for a different virus. No previous computer virus uses four.
Back to stuxnet - if the computer is connected to the internet, stuxnet signals two mother ship web sites in Malaysia and Denmark and reports the computer name, the Windows version, the network group name (if the computer is part of a network), the IP addresses of all computers on the network, and whether industrial control systems software is installed or not. The mother ships can send updates to stuxnet, thereby allowing updated versions to replace older versions. Stuxnet also uses a peer to peer update capability. If two versions of stuxnet meet, they compare and copy such that the most recent version is stored in both places. Four different versions of stuxnet have been found.
Stuxnet also installs two drivers in the Windows operating system. One of the drivers masks the malware while the second drops encrypted blobs of code into memory. Because drivers can be dangerous, the Windows operating system requires that drivers be digitally signed with encryption keys that Windows can recognize. Stuxnet makes use of two stolen encryption keys to do this. One was stolen from JMicron and the other from RealTek, both of which are in the same office park in Taiwan. Encryption keys cannot be stolen by hacking; this requires the breaking and entering type of theft from a high security facility.
Notable is the fact that unlike almost all viruses, stuxnet was designed to carefully limit the way it is spread. Each flash drive has a counter such that it only allows three infections per stick. Stuxnet only attempts to spread across an internal network for 21 days, and most importantly, it does not spread itself across the internet at all. The result is that stuxnet spread outside its target environment very slowly, and was able to exist for more than a year without being detected. Stuxnet is designed to shut down on June 24, 2012. The authors apparently believed that by that date it would be detected and its target disinfected.
Stuxnet was designed to deploy its payload very precisely. If stuxnet did not find itself on a Windows computer connected to a Siemens S7-315-2DP or Siemens S7-417-2DP computer running industrial control software, stuxnet does nothing (except spread as described above). Therefore, almost everyone in the world infected by stuxnet never knew and never experienced any harm. Siemens is a major German engineering company that makes computers for, among other things, controlling industrial equipment. However, stuxnet further narrowed its target to Siemens computers that came from one of two vendors, a vendor in Vacon, Finland, or Fararo Paya, Iran. Finally, the Siemens computer must be running a frequency controller operating at a speed between 807-1210 Hz (something spinning at 60,000 revolutions per minute, which is unusually fast). Only if all of these conditions are met does stuxnet attack.
Stuxnet is the first known instance of computer malware to attack industrial control systems. Stuxnet subverts a software library allowing communication between a Windows PC and a Siemens computer connected to it. The stuxnet payload, or attack module, runs on the Siemens computer. It consists of 15,000 lines of code written in STL (Statement List) code, which is similar to an assembly programming language. The attack module has two "warheads", using two different logic paths, one designed to attack the S7-315 and the second to design the S7-417.
For the S7-315, the attack is done in the following manner. For a frequency controller operating between 807 and 1210 Hz, stuxnet counts events passively for a time period that is a minimum of 12 days. Then, in a process that takes between 15 and 50 minutes, it changes the speed to 1410 hz, then to 2 Hz, then to 1064 Hz, then repeats the process between 23 and 32 times (exact details vary depending on which vendor sold the S7-315). This could have the effect of damaging or destroying whatever equipment is rotating - though not right away. After the 15 minute takeover sequence, stuxnet goes back to a passive counting mode for at least 26 days. The built in delay could throw the troubleshooters of the system off track - hardware that fails after a long time would usually imply a subtle manufacturing defect.
The S7-417 attack takes about seven minutes. It changes the rotation frequency in a manner similar to the S7-315 attack, but it is more complex. The S7-417 attack code assumes that the frequency of rotation will be closely and constantly monitored by a human operator, so before beginning the attack it records data from the computer, then plays it back to the operator during the attack.
Stuxnet was also designed to hide itself on the Siemens computer, and if it is cleansed off the Windows computer, the Siemens computer can reinfect the Windows computer to which it is connected.
Symantec Corporation has monitored computers that try to connect to the stuxnet mother ship web sites, and at the time of this writing, about 100,000 internet-connected computers have been infected, 58% of them in Iran. Siemens reports that 14 factories unrelated to the Iranian nuclear program have been infected, though none have reported any damage. This would seem to indicate that the stuxnet authors were effective in minimizing any collateral damage from the attack. Note that the Iranian nuclear facilities are probably air-gapped, that is, not connected to the internet. Stuxnet would probably only reach those facilities via a USB drive.
For further information on the stuxnet software itself, I recommend reading the w32.stuxnet dossier written by the Symantec engineers who reverse engineered the software, or the blog by Cybersecurity expert Ralph Langner at www.langner.com.
Implications of the Stuxnet Software:
1. Stuxnet was designed to attack two high value industrial targets and to leave all other infected computers unharmed.
2. The stuxnet creators had detailed technical information on their target. For the Iranian nuclear weapons program, this would require spies or some sort of industrial espionage.
3. The stuxnet creators had the aid of agents who could commit brick and mortar type theft, to steal the two encryption keys.
4. The size of the stuxnet effort, 15,000 lines of code just for the payload, would require around 6-10 programmers working for at least a year. A support team of quality assurance, testing, management, etc. would also likely be required. I would estimate it took about 3 million dollars to develop stuxnet, not including the espionage aspects of the program. Microsoft estimated the task at 10,000 man-days, which is a bit higher. If the program was developed by the Israeli Army, as I will surmise later, it may have been less, as soldier salaries do not match those of software professionals. In any event, I believe everyone would agree with Ralph Langner that the total cost of the software did not exceed $10 million.
5. To assist in testing the software, a lab would need to be set up with Siemens and Windows computers and some kind of test hardware.
6. The creators of the program intended to closely monitor its spread, and to supply updates to the program as they saw fit.
7. The creators of the program knew stuxnet would eventually be detected, and took steps (instantly closing the mother ship web sites) to erase their trail.
8. The stuxnet creators had assistance from some party in deploying the virus initially in Iran. The reader can imagine multiple ways this could have been done using USB drives.
Part 2 - The Iranian Nuclear Program:
Stuxnet was apparently designed to target two aspects of the Iranian nuclear weapons program: (1) The uranium enrichment processing at the Natanz nuclear facility, and (2) The Bushehr nuclear power plant. The Natanz nuclear facility is a hardened underground site of 100,000 square meters. It contains multiple buildings and 9000 centrifuges, at last report. Much of the site is deep underground so as to make it difficult to attack by conventional methods. The Bushehr nuclear power plant can be used to produce electricity for the Iranian electrical grid. However, nuclear power plants also produce plutonium as a by-product, and plutonium can be used to make a nuclear weapon.
To describe the nature of the stuxnet attack, we first need to describe certain aspects of a nuclear weapons program.
Uranium ore when it is mined consists primarily of two isotopes, uranium-238 and uranium-235. The concentrations are very uneven, at 99% uranium-238 and 0.7% uranium-235. To be useful for producing electricity, uranium-235 must be 3-5% of the total. To make a weapon, the uranium-235 must make up 80% of the total. To reach these totals, the uranium must be enriched. This is one of the most difficult steps in a nuclear weapons program. A common means of enriching uranium and the means used by Iran is the centrifuge method.
In the centrifuge method, uranium is first dissolved in hydrofluoric acid to produce uranium hexafluoride gas. The gas is injected into a centrifuge that spins at extremely high rates. The slight difference in mass between the isotopes causes the heavier uranium 238 to tend to collect at the sides of the centrifuge and uranium 235 to collect in the middle. The gas in the center is extracted and will be slightly enriched, with an increased percentage of uranium-235. The process is repeated until the desired levels are reached, using a cascade set of connected centrifuges. The fully enriched gas will be added to calcium, which reacts with the fluoride to produce a salt and uranium back in mineral form. The reader may correctly perceive that this is a complex process. Gas diffuses, so if a centrifuge stops spinning, it will all quickly remix and become "unenriched." The process is painstakingly slow. 1500 centrifuges running for months can produce 20 kg of uranium-235, which is enough for one nuclear weapon. The centrifuges are about seven feet in height and a little over a foot in diameter. They must be light, strong and well-balanced, with high speed bearings, usually magnetic, to reduce friction. They must cycle at around 1000 hz, or 1000 times per second. Iran has reported creating initial batches of 20% uranium-235 with their centrifuges at Natanz.
Enter stuxnet. Stuxnet could have been designed to command the centrifuges to cycle at any speed whatsoever, say 100,000 Hz, which would have immediately broken the centrifuge, but instead the attack is more subtle. It increases the speed to 1410 Hz, above the rate at which the centrifuge was designed to operate, but not so fast as to immediately destroy it. I surmise that this might cause the centrifuge to fail more quickly than its expected design life. Stuxnet then slows the centrifuge to 2 hz, a snail's pace. The uranium hexafluoride gas, being a gas, would have little friction with the slow moving centrifuge and would quickly diffuse so that the uranium became unenriched - a month's worth of work on the centrifuge wasted. The end result at Natanz would be that the uranium enrichment process was not working and the centrifuges were breaking down. If I worked at the facility, I would have soon suspected sabotage, but I would have suspected first that someone was corrupting the centrifuge hardware. I don't know what the Iranians thought. The Iranians never did discover the problem - stuxnet, when it was detected, was detected by a computer virus detection company in Belarus.
The Bushehr nuclear power plant, like all power plants, uses a large turbine to generate electricity. The main turbine in the Bushehr plant is 150 feet in length. It is controlled by a Siemens S7-417-2DP controller (although this ought to be secret, it as has been verified by internet search of Russian Cyrillic documents). The turbine is a model K-1000-60/3000-3. Stuxnet will take over the turbine controller for 7 minutes. In order to fool the operators, before taking over, stuxnet records data from the controller and plays that data back to the user while the turbine is being manipulated. Noteworthy is that if stuxnet did attack Bushehr, by attacking the turbine, it attacked a part of the plant that is not intrinsically nuclear.
Part 3 - Identifying the Creator of Stuxnet
Stuxnet was too large, complex and costly a project for an individual hacker or even a small team of amateurs - stuxnet was the product of a nation-state entity that wished to disrupt the Iranian nuclear weapons program. But which nation?
There is no reason to overthink this. Israel is the only country that has ever acted forcefully to prevent nuclear proliferation, and they have done it twice. On June 7, 1981, the Israeli Air Force bombed the Iraqi nuclear reactor at Osirak. On September 6, 2007, The Israeli Air Force bombed a Syrian nuclear reactor. Israeli officials have repeatedly indicated that the prospect of Iran possessing nuclear weapons was unacceptable. However, a conventional attack against Iran's nuclear weapons would be much more dangerous and difficult to accomplish than the attacks on Iraq and Syria. It is most likely that Israel did choose to take action against Iran, just in a way that was not as dangerous and not likely to start a war. The stuxnet registry key code 19790509 certainly points to Israel. Although a different nation could have planted that code, it seems more likely that the Israelis chose to leave a very subtle calling card.
There are other nations that may have been motivated to stop Iran - the U.S., a number of Arab states, and perhaps a few European states. However, most Arab states would have had difficulty pulling it off. The U.S. could have done it, but an effort such as stuxnet would have required approval at the Presidential level, and the U.S. would be filled with reservations about such a hostile action.
Israel, on the other hand, would have no reservations. If they held a cabinet vote on this in Israel, the cabinet would have voted unanimously for massive sabotage of the Iranian nuclear program. Furthermore, if I am wrong and this was not an Israeli operation, I'm sure the Israeli government is now asking "Why didn't WE do this?"
Within the Israeli army there is a large unit of several thousand soldiers called the Signal Intelligence Corps, or Unit 8200. The identity of the Brigadier General in command is secret. Unit 8200 specializes in electronics, computers, and the like. There are unconfirmed reports that Unit 8200 deactivated the Syrian Air Defense radar during the 2007 Israeli attack on the Syrian nuclear facility. I suspect that this unit within the Israeli Army developed stuxnet. Unit 8200 may have been assisted by Mossad, the Israeli spy agency, to obtain design schematics from the Iranian nuclear program, and to plant the virus in Iran.
Part 4 - The Effects of Stuxnet
How successful was stuxnet in harming the Iranian nuclear program? The drop in the number of operational centrifuges at Natanz in 2009, the 2009 wikileaks report of a series nuclear incident there, and the complete shutdown of all centrifuges in November 2010 would seem to indicate that stuxnet hit that target. The Bushehr reactor remains off-line long after it was scheduled to be online. However, delays on major industrial projects are not unusual, and I can't venture an educated guess on what has happened to Bushehr.
In conclusion, stuxnet appears to be a first of its kind computer software weapon. It is possible that the damage done, particularly at Natanz, was more than could have been achieved with a typical bombs and missile attack. Ralph Langner, one of the cybersecurity experts who has reverse engineered the stuxnet code, believes stuxnet was "like the arrival of an F35 into a World War 1 battlefield", and may have set back the Iranian nuclear program by two years.
One more thing - the next version of Stuxnet is likely underway.
Thursday, December 16, 2010
Saturday, October 9, 2010
The U.S. National Debt
It’s hard to think clearly about our government debt problem: the national debt, the annual budget deficit and future entitlement obligations. On the one hand, the debt problem is so unbelievably huge that we can’t even get our mind around a problem so big. On the other hand, it is not something that we “feel” in any sense in our day to day lives, so we don’t really have to think about it. This write-up is an attempt to reconcile those two different impulses.
First, to quantify it: At the time of this writing (10:00 p.m. on September 25, 2010) the national debt is $13.507 trillion dollars according to usdebtclock.org. If you are reading this note tomorrow it will be more. This number is increasing a little over $100 billion per month, which is about the run rate of the annual budget deficit of $1.360 trillion. This debt comes to $43,524 per citizen, so our family of four has a $174k share. This is a bit worse than it sounds, since many families of four could handle an additional $174k debt, but we have to remember that the analogy is imperfect, since this $174 k has to be paid out from our taxes, not from our salaries.
To put it a different way, the government’s annual revenue is $2.132 trillion, so the debt is six times revenue, and the deficit is 60% above revenue. The comparable analogy would be if a family with $100,000 annual income was spending $160,000 annually and was $600,000 in debt. But it’s here that analogies break down. Any family in a situation like that just described would be in great distress and probably bankrupt, but for the U.S. government, it’s not like that at all. Let’s presume that our debt-ridden family could continue to borrow at interest rates averaging around 2%, and had an unlimited line of credit to continue to borrow all it needed to fund its additional spending. Of course that could never happen for a normal family, but that is exactly the situation with the government.
This is the reason that we don’t “feel” the debt problem. It is not hurting us at all, since we can borrow all we need, and interest rates are so low that interest payments are not killing us. Interest payments are 15% of revenues, but no one is giving us any grief about borrowing all we need to cover those payments. Now I realize the debt is hurting us a little in indirect ways: sometimes a worthwhile program doesn’t get funded due to a surge in concern over the deficit, and economists are concerned that government borrowing has a certain crowding out affect that may restrict some private borrowing. However, for the most part, the economy continues just fine and we don’t really feel the debt.
The problem is that this process cannot continue indefinitely. It is a mathematical certainty. Eventually, we would soak up all the savings in the world and there would be nothing left to borrow. Or if interest rates increase, our interest payments will exceed our ability to borrow to cover them. Of course, it will never get quite that far. More likely is something akin to what happened to Greece this spring, when their interest rates rose to 20% suddenly, they had bills come due, and they couldn’t pay, so they got bailed out. We will not get bailed out because we are too big and no one can do it. Suddenly, we will have to live within our means, and when that happens, the pain will be almost unimaginable. All government programs would need to be cut about in half, including the entitlements like social security. It’s possible that this will occur along with inflation (though I don’t see inflation on the horizon yet), but the effect will be the same; inflation will just warp the way money gets distributed, with some people hurt more and others less.
Some folks have written that our debt situation is even worse, because they look at U.S. government commitments to make payments on programs in the future. For example, in 2030 Medicare will cost a bunch more money. I have chosen not to factor that into this analysis. If the government can’t pay somebody a promised benefit in 2030, it just won’t. They’ll change the law so that they don’t have to.
One final note – I believe the crunch will hit Japan before it hits the U.S. Their debt situation is worse than ours. They have been able to get away with it for a long time because they initially had a high national savings rate and they were able to export into a booming global economy. Neither of those factors is really in play any more, their debt is worse than ours, and their demographics are worse too. Japan will also be too big to bail out. There are other European nations that may be up to bat before Japan in the national debt baseball game, but I doubt the game will go on for too terribly much longer – it won’t be years and years.
First, to quantify it: At the time of this writing (10:00 p.m. on September 25, 2010) the national debt is $13.507 trillion dollars according to usdebtclock.org. If you are reading this note tomorrow it will be more. This number is increasing a little over $100 billion per month, which is about the run rate of the annual budget deficit of $1.360 trillion. This debt comes to $43,524 per citizen, so our family of four has a $174k share. This is a bit worse than it sounds, since many families of four could handle an additional $174k debt, but we have to remember that the analogy is imperfect, since this $174 k has to be paid out from our taxes, not from our salaries.
To put it a different way, the government’s annual revenue is $2.132 trillion, so the debt is six times revenue, and the deficit is 60% above revenue. The comparable analogy would be if a family with $100,000 annual income was spending $160,000 annually and was $600,000 in debt. But it’s here that analogies break down. Any family in a situation like that just described would be in great distress and probably bankrupt, but for the U.S. government, it’s not like that at all. Let’s presume that our debt-ridden family could continue to borrow at interest rates averaging around 2%, and had an unlimited line of credit to continue to borrow all it needed to fund its additional spending. Of course that could never happen for a normal family, but that is exactly the situation with the government.
This is the reason that we don’t “feel” the debt problem. It is not hurting us at all, since we can borrow all we need, and interest rates are so low that interest payments are not killing us. Interest payments are 15% of revenues, but no one is giving us any grief about borrowing all we need to cover those payments. Now I realize the debt is hurting us a little in indirect ways: sometimes a worthwhile program doesn’t get funded due to a surge in concern over the deficit, and economists are concerned that government borrowing has a certain crowding out affect that may restrict some private borrowing. However, for the most part, the economy continues just fine and we don’t really feel the debt.
The problem is that this process cannot continue indefinitely. It is a mathematical certainty. Eventually, we would soak up all the savings in the world and there would be nothing left to borrow. Or if interest rates increase, our interest payments will exceed our ability to borrow to cover them. Of course, it will never get quite that far. More likely is something akin to what happened to Greece this spring, when their interest rates rose to 20% suddenly, they had bills come due, and they couldn’t pay, so they got bailed out. We will not get bailed out because we are too big and no one can do it. Suddenly, we will have to live within our means, and when that happens, the pain will be almost unimaginable. All government programs would need to be cut about in half, including the entitlements like social security. It’s possible that this will occur along with inflation (though I don’t see inflation on the horizon yet), but the effect will be the same; inflation will just warp the way money gets distributed, with some people hurt more and others less.
Some folks have written that our debt situation is even worse, because they look at U.S. government commitments to make payments on programs in the future. For example, in 2030 Medicare will cost a bunch more money. I have chosen not to factor that into this analysis. If the government can’t pay somebody a promised benefit in 2030, it just won’t. They’ll change the law so that they don’t have to.
One final note – I believe the crunch will hit Japan before it hits the U.S. Their debt situation is worse than ours. They have been able to get away with it for a long time because they initially had a high national savings rate and they were able to export into a booming global economy. Neither of those factors is really in play any more, their debt is worse than ours, and their demographics are worse too. Japan will also be too big to bail out. There are other European nations that may be up to bat before Japan in the national debt baseball game, but I doubt the game will go on for too terribly much longer – it won’t be years and years.
The U.S. National Debt
It’s hard to think clearly about our government debt problem: the national debt, the annual budget deficit and future entitlement obligations. On the one hand, the debt problem is so unbelievably huge that we can’t even get our mind around a problem so big. On the other hand, it is not something that we “feel” in any sense in our day to day lives, so we don’t really have to think about it. This write-up is an attempt to reconcile those two different impulses.
First, to quantify it: At the time of this writing (10:00 p.m. on September 25, 2010) the national debt is $13.507 trillion dollars according to usdebtclock.org. If you are reading this note tomorrow it will be more. This number is increasing a little over $100 billion per month, which is about the run rate of the annual budget deficit of $1.360 trillion. This debt comes to $43,524 per citizen, so our family of four has a $174k share. This is a bit worse than it sounds, since many families of four could handle an additional $174k debt, but we have to remember that the analogy is imperfect, since this $174 k has to be paid out from our taxes, not from our salaries.
To put it a different way, the government’s annual revenue is $2.132 trillion, so the debt is six times revenue, and the deficit is 60% above revenue. The comparable analogy would be if a family with $100,000 annual income was spending $160,000 annually and was $600,000 in debt. But it’s here that analogies break down. Any family in a situation like that just described would be in great distress and probably bankrupt, but for the U.S. government, it’s not like that at all. Let’s presume that our debt-ridden family could continue to borrow at interest rates averaging around 2%, and had an unlimited line of credit to continue to borrow all it needed to fund its additional spending. Of course that could never happen for a normal family, but that is exactly the situation with the government.
This is the reason that we don’t “feel” the debt problem. It is not hurting us at all, since we can borrow all we need, and interest rates are so low that interest payments are not killing us. Interest payments are 15% of revenues, but no one is giving us any grief about borrowing all we need to cover those payments. Now I realize the debt is hurting us a little in indirect ways: sometimes a worthwhile program doesn’t get funded due to a surge in concern over the deficit, and economists are concerned that government borrowing has a certain crowding out affect that may restrict some private borrowing. However, for the most part, the economy continues just fine and we don’t really feel the debt.
The problem is that this process cannot continue indefinitely. It is a mathematical certainty. Eventually, we would soak up all the savings in the world and there would be nothing left to borrow. Or if interest rates increase, our interest payments will exceed our ability to borrow to cover them. Of course, it will never get quite that far. More likely is something akin to what happened to Greece this spring, when their interest rates rose to 20% suddenly, they had bills come due, and they couldn’t pay, so they got bailed out. We will not get bailed out because we are too big and no one can do it. Suddenly, we will have to live within our means, and when that happens, the pain will be almost unimaginable. All government programs would need to be cut about in half, including the entitlements like social security. It’s possible that this will occur along with inflation (though I don’t see inflation on the horizon yet), but the effect will be the same; inflation will just warp the way money gets distributed, with some people hurt more and others less.
Some folks have written that our debt situation is even worse, because they look at U.S. government commitments to make payments on programs in the future. For example, in 2030 Medicare will cost a bunch more money. I have chosen not to factor that into this analysis. If the government can’t pay somebody a promised benefit in 2030, it just won’t. They’ll change the law so that they don’t have to.
One final note – I believe the crunch will hit Japan before it hits the U.S. Their debt situation is worse than ours. They have been able to get away with it for a long time because they initially had a high national savings rate and they were able to export into a booming global economy. Neither of those factors is really in play any more, their debt is worse than ours, and their demographics are worse too. Japan will also be too big to bail out. There are other European nations that may be up to bat before Japan in the national debt baseball game, but I doubt the game will go on for too terribly much longer – it won’t be years and years.
First, to quantify it: At the time of this writing (10:00 p.m. on September 25, 2010) the national debt is $13.507 trillion dollars according to usdebtclock.org. If you are reading this note tomorrow it will be more. This number is increasing a little over $100 billion per month, which is about the run rate of the annual budget deficit of $1.360 trillion. This debt comes to $43,524 per citizen, so our family of four has a $174k share. This is a bit worse than it sounds, since many families of four could handle an additional $174k debt, but we have to remember that the analogy is imperfect, since this $174 k has to be paid out from our taxes, not from our salaries.
To put it a different way, the government’s annual revenue is $2.132 trillion, so the debt is six times revenue, and the deficit is 60% above revenue. The comparable analogy would be if a family with $100,000 annual income was spending $160,000 annually and was $600,000 in debt. But it’s here that analogies break down. Any family in a situation like that just described would be in great distress and probably bankrupt, but for the U.S. government, it’s not like that at all. Let’s presume that our debt-ridden family could continue to borrow at interest rates averaging around 2%, and had an unlimited line of credit to continue to borrow all it needed to fund its additional spending. Of course that could never happen for a normal family, but that is exactly the situation with the government.
This is the reason that we don’t “feel” the debt problem. It is not hurting us at all, since we can borrow all we need, and interest rates are so low that interest payments are not killing us. Interest payments are 15% of revenues, but no one is giving us any grief about borrowing all we need to cover those payments. Now I realize the debt is hurting us a little in indirect ways: sometimes a worthwhile program doesn’t get funded due to a surge in concern over the deficit, and economists are concerned that government borrowing has a certain crowding out affect that may restrict some private borrowing. However, for the most part, the economy continues just fine and we don’t really feel the debt.
The problem is that this process cannot continue indefinitely. It is a mathematical certainty. Eventually, we would soak up all the savings in the world and there would be nothing left to borrow. Or if interest rates increase, our interest payments will exceed our ability to borrow to cover them. Of course, it will never get quite that far. More likely is something akin to what happened to Greece this spring, when their interest rates rose to 20% suddenly, they had bills come due, and they couldn’t pay, so they got bailed out. We will not get bailed out because we are too big and no one can do it. Suddenly, we will have to live within our means, and when that happens, the pain will be almost unimaginable. All government programs would need to be cut about in half, including the entitlements like social security. It’s possible that this will occur along with inflation (though I don’t see inflation on the horizon yet), but the effect will be the same; inflation will just warp the way money gets distributed, with some people hurt more and others less.
Some folks have written that our debt situation is even worse, because they look at U.S. government commitments to make payments on programs in the future. For example, in 2030 Medicare will cost a bunch more money. I have chosen not to factor that into this analysis. If the government can’t pay somebody a promised benefit in 2030, it just won’t. They’ll change the law so that they don’t have to.
One final note – I believe the crunch will hit Japan before it hits the U.S. Their debt situation is worse than ours. They have been able to get away with it for a long time because they initially had a high national savings rate and they were able to export into a booming global economy. Neither of those factors is really in play any more, their debt is worse than ours, and their demographics are worse too. Japan will also be too big to bail out. There are other European nations that may be up to bat before Japan in the national debt baseball game, but I doubt the game will go on for too terribly much longer – it won’t be years and years.
Wednesday, June 16, 2010
The Increasing Oil Spill Rates
I’ve seen a bit of angst over the fact that the government and BP keep increasing their estimates of how much oil is spewing into the Gulf of Mexico. Hardly mentioned is the fact that the earlier lower estimates may have been correct, and that the current, higher estimates are also correct. This is to be expected.
The pressure at the spew point is about 12,000 psi – very high. When the spew started, the rate at which it spewed was constrained by some choke point – I don’t know exactly where that was, but of course there would be a choke point somewhere in the system. But with oil, sediment, sand and seawater speeding through the choke point, rapid erosion would occur, even if the choke point was made of steel. The erosion would broaden the choke point to allow an even faster rate of spew. This will continue to increase until the choke point is very broad and the pressure decreases a lot, or until they fix the problem in some fashion (capping it, relief wells, etc.) At that point most of the oil in the reservoir will be in the Gulf, unfortunately.
What I don’t understand is why the government and BP haven’t bothered to explain what I just said. It detracts from their credibility for them to keep upping their estimates of the spew rate without explaining why.
The pressure at the spew point is about 12,000 psi – very high. When the spew started, the rate at which it spewed was constrained by some choke point – I don’t know exactly where that was, but of course there would be a choke point somewhere in the system. But with oil, sediment, sand and seawater speeding through the choke point, rapid erosion would occur, even if the choke point was made of steel. The erosion would broaden the choke point to allow an even faster rate of spew. This will continue to increase until the choke point is very broad and the pressure decreases a lot, or until they fix the problem in some fashion (capping it, relief wells, etc.) At that point most of the oil in the reservoir will be in the Gulf, unfortunately.
What I don’t understand is why the government and BP haven’t bothered to explain what I just said. It detracts from their credibility for them to keep upping their estimates of the spew rate without explaining why.
Sunday, May 23, 2010
Economic Thoughts
Synopsis of this article: Despite what almost everyone thinks, we do not really have a paper money system in the United States. This fact has implications for our economic future. I don’t think we will have any inflation in the short to middle term future. Part of the reason I am writing this article is that my thinking has changed over the last two years. I used to be pretty sure we would eventually have inflation and maybe even hyperinflation. I don’t think so any more. It is possible that we still might, but the government would first have to act in a totally different manner than what they do now in order to make that happen.
Economists of all persuasions talk as if the U.S. has a paper money system. Federal Reserve Chairman Ben Bernanke said “the U.S. government has a technology, called a printing press (or, today, its electronic equivalent), that allows it to produce as many U.S. dollars as it wishes at essentially no cost.” [Speech at the National Economist’s Club, Washington, D.C., November 21, 2002] Economists who wish the U.S. had maintained the gold standard bemoan our paper currency, and think tanks like STRATFOR discuss the consequences of the U.S. “printing money.” The context of the discussion of paper money usually involves the idea that if we print too much money we will trigger inflation.
The problem is that we really don’t do this any more. In the past, say in the Civil War, the Union was short on money and began printing “greenbacks”, a paper dollar in addition to the use of gold and silver coins. Greenbacks were printed at the Treasury and paid directly into the hands of Union soldiers. This caused an increase in the money supply and inflation, even though the greenbacks were nominally tied to the value of gold. At the same time, the Confederate States lacked a gold supply and printed even more money, leading to much worse inflation. This really was a paper money system, and money really was created by use of a printing press. The Weimar Republic in Germany did the same thing. Many similar examples have occurred in U.S. and international history. But this is in the past; it doesn’t work like this any more (except for a few out of the way exceptions, like Zimbabwe). People talk about Ben Bernanke tossing money out of a helicopter, but he doesn’t do this. If he did it would be inflationary, but he doesn’t and so the analogy is flawed.
We might get a clue that our money is not paper-based by our own experience. In our recent family vacation to Florida, we spent about $2000 on plane fare, hotel, rental car, food and various fees, yet the amount of greenbacks we used was less than $10. All our other expenses were handled electronically. Furthermore, the money used was never really paper. It came out of a bank account, and I did not put green paper in the bank account. That was done electronically too. The total money supply in the U.S. is now more than ten times the total of all the green paper dollars that exist. The money supply isn’t really paper any more, it is electronic. The paper is just used as a temporary substitute to handle local transactions, especially in places where they can’t takes checks or don’t have card readers (like the coke machine).
Still, what we use for transactions (paper or electronic) is not as important to the economy as how money is created and destroyed. It is not done with a printing press -dollars from the printing press are just exchanged at a bank for electronic dollars to use as convenient small change. Money today is created by fractional reserve lending. See the article at http://en.wikipedia.org/wiki/Money_creation for a description if not familiar with the concept. The short version is that the Fed loans money out to banks which in turn loan out even more than they borrowed from the Fed, “creating” money. Since all economists know this, it is a bit strange that they still talk in terms of “printing money.”
Fractional reserve lending in most times has the power to significantly increase the money supply and lead to inflation. Can you imagine if interest rates in the 1980’s dropped to 1%? Everyone in the country would have borrowed money like crazy for all kinds of ventures, purchases, businesses, investments, etc.
However, I believe when debt beast gets too scary, fractional reserve lending and quantitative easing will not succeed in increasing the money supply, because commercial bank loans will just not be made. For example, when a middle class guy is a million dollars in debt and can’t make his payments, he is not going to borrow more money even if interest rates are less than 1%, because he knows he can’t afford it. Even if the guy thinks he can afford it, no commercial bank will lend to him at any interest rate because the bank knows he will not pay them back. Now it’s hard to pinpoint the exact level in an economy where this happens, but I think we are already there. The whole economy isn’t there of course; a bank can borrow at 1% and loan to IBM or AT&T for one year at 5% and still make a profit, but for most of the economy, it is no longer possible to expand the money supply with fractional lending.
Last March the Fed began a major operation of “Quantitative Easing,” in which they bought long term government bonds and also mortgage instruments, probably causing a reduction in long term interest and mortgage rates. They have now stopped after buying a little over a trillion dollars of such debt. However, this is still just an additional form of lending – just of a type the Fed had not done before. Therefore, for reasons mentioned in the previous paragraph I don’t think it will increase the money supply either. The guy in California who owes $600,000 on a house that he is trying to sell for $400,000 is not going to borrow money to buy a new home for $700,000 regardless of how low the Fed caused the mortgage interest rates to go.
Finally, the fact that the government is running a huge deficit is no longer inflationary either. The Treasury is not creating money. They are just spending money that is either (1) collected in taxes, or (2) Borrowed when they sell treasury bills or bonds. Eventually, the market will doubt our ability to pay it back, and our interest rates will go up, like what has happened in Greece. But that will not be inflationary either.
The bottom line is that since we don’t really have a paper money system, we are not in our current environment going to have significant inflation. We might even have deflation until the level of total debt in our country comes down to a much lower level.
Economists of all persuasions talk as if the U.S. has a paper money system. Federal Reserve Chairman Ben Bernanke said “the U.S. government has a technology, called a printing press (or, today, its electronic equivalent), that allows it to produce as many U.S. dollars as it wishes at essentially no cost.” [Speech at the National Economist’s Club, Washington, D.C., November 21, 2002] Economists who wish the U.S. had maintained the gold standard bemoan our paper currency, and think tanks like STRATFOR discuss the consequences of the U.S. “printing money.” The context of the discussion of paper money usually involves the idea that if we print too much money we will trigger inflation.
The problem is that we really don’t do this any more. In the past, say in the Civil War, the Union was short on money and began printing “greenbacks”, a paper dollar in addition to the use of gold and silver coins. Greenbacks were printed at the Treasury and paid directly into the hands of Union soldiers. This caused an increase in the money supply and inflation, even though the greenbacks were nominally tied to the value of gold. At the same time, the Confederate States lacked a gold supply and printed even more money, leading to much worse inflation. This really was a paper money system, and money really was created by use of a printing press. The Weimar Republic in Germany did the same thing. Many similar examples have occurred in U.S. and international history. But this is in the past; it doesn’t work like this any more (except for a few out of the way exceptions, like Zimbabwe). People talk about Ben Bernanke tossing money out of a helicopter, but he doesn’t do this. If he did it would be inflationary, but he doesn’t and so the analogy is flawed.
We might get a clue that our money is not paper-based by our own experience. In our recent family vacation to Florida, we spent about $2000 on plane fare, hotel, rental car, food and various fees, yet the amount of greenbacks we used was less than $10. All our other expenses were handled electronically. Furthermore, the money used was never really paper. It came out of a bank account, and I did not put green paper in the bank account. That was done electronically too. The total money supply in the U.S. is now more than ten times the total of all the green paper dollars that exist. The money supply isn’t really paper any more, it is electronic. The paper is just used as a temporary substitute to handle local transactions, especially in places where they can’t takes checks or don’t have card readers (like the coke machine).
Still, what we use for transactions (paper or electronic) is not as important to the economy as how money is created and destroyed. It is not done with a printing press -dollars from the printing press are just exchanged at a bank for electronic dollars to use as convenient small change. Money today is created by fractional reserve lending. See the article at http://en.wikipedia.org/wiki/Money_creation for a description if not familiar with the concept. The short version is that the Fed loans money out to banks which in turn loan out even more than they borrowed from the Fed, “creating” money. Since all economists know this, it is a bit strange that they still talk in terms of “printing money.”
Fractional reserve lending in most times has the power to significantly increase the money supply and lead to inflation. Can you imagine if interest rates in the 1980’s dropped to 1%? Everyone in the country would have borrowed money like crazy for all kinds of ventures, purchases, businesses, investments, etc.
However, I believe when debt beast gets too scary, fractional reserve lending and quantitative easing will not succeed in increasing the money supply, because commercial bank loans will just not be made. For example, when a middle class guy is a million dollars in debt and can’t make his payments, he is not going to borrow more money even if interest rates are less than 1%, because he knows he can’t afford it. Even if the guy thinks he can afford it, no commercial bank will lend to him at any interest rate because the bank knows he will not pay them back. Now it’s hard to pinpoint the exact level in an economy where this happens, but I think we are already there. The whole economy isn’t there of course; a bank can borrow at 1% and loan to IBM or AT&T for one year at 5% and still make a profit, but for most of the economy, it is no longer possible to expand the money supply with fractional lending.
Last March the Fed began a major operation of “Quantitative Easing,” in which they bought long term government bonds and also mortgage instruments, probably causing a reduction in long term interest and mortgage rates. They have now stopped after buying a little over a trillion dollars of such debt. However, this is still just an additional form of lending – just of a type the Fed had not done before. Therefore, for reasons mentioned in the previous paragraph I don’t think it will increase the money supply either. The guy in California who owes $600,000 on a house that he is trying to sell for $400,000 is not going to borrow money to buy a new home for $700,000 regardless of how low the Fed caused the mortgage interest rates to go.
Finally, the fact that the government is running a huge deficit is no longer inflationary either. The Treasury is not creating money. They are just spending money that is either (1) collected in taxes, or (2) Borrowed when they sell treasury bills or bonds. Eventually, the market will doubt our ability to pay it back, and our interest rates will go up, like what has happened in Greece. But that will not be inflationary either.
The bottom line is that since we don’t really have a paper money system, we are not in our current environment going to have significant inflation. We might even have deflation until the level of total debt in our country comes down to a much lower level.
Tuesday, February 16, 2010
The End of the Manned Space Program?
February 1, 2010. Big disasters tend to hit the U.S. manned space program this time of year. On January 27, 1967, Apollo 1 was destroyed by fire during a pad test, killing the three astronauts inside. On January 28, 1986, the Space Shuttle Challenger exploded 73 seconds into flight, killing the crew of seven astronauts. On February 1, 2003, the Space Shuttle Columbia disintegrated during re-entry, killing its crew of seven. On February 1, 2010, the President released a budget which is likely to end the U.S. Manned Space Program.
The President’s budget cancels the Constellation Program, the NASA Program to build a new manned spacecraft that first services the International Space Station, then returns to the moon, then continues to Mars and beyond. The cancellation specifically includes elements such as the Orion Crew Exploration Vehicle, the Ares 1 launch vehicle, and the Ares 5 heavy launch vehicle. As justification, the Constellation Program’s critics assert that it is behind schedule and unlikely to meet its ambitious goals without a substantial budget increase. The President proposed to replace the Constellation Program with increased funding to NASA unmanned programs, commercial space initiatives, and extensive investment in new technology needed for future space exploration.
The Space Shuttle Program is scheduled to end later this year after the five remaining scheduled flights. It is too late to revive the Space Shuttle Program, as assembly lines for such items as solid rocket boosters have already been shut down. The Space Shuttle is a 30 year old program, and the Constellation Program was its logical successor.
With the end of the Shuttle Program and the cancellation of the Constellation Program, the only remaining active manned space program will be the International Space Station (ISS). The President proposes to extend the life of ISS until 2020, a reasonable goal. However, after the Shuttle stops flying, the only way for U.S. astronauts to get to or from ISS will be in Russian Soyuz capsules. The only way to bring supplies to ISS will be on Russian Progress vehicles, or less frequently, on Japanese HTV or European ATV vehicles. In other words, ISS may be a U.S. led effort, but the U.S. will no longer be able to get there without help from foreign countries. The Constellation Program would have eventually flown to ISS, but this will no longer be the case.
When the Shuttle stops flying, the U.S. will lose all leverage in managing ISS activities. We will have to go cap in hand to the Russians to beg for rides (they will charge us), and the Russians will call the shots. The absence of a heavy lift spacecraft may lead to maintenance problems on ISS. In addition, the end of the Shuttle and Constellation Programs will produce a NASA brain drain that may compound the problems. In short, we can hope that ISS will operate until 2020, but we will depend on good fortune and the kindness of strangers for it to do so.
Two private companies, Orbital Sciences and SpaceX, have contracts to build commercial vehicles to fly to ISS. These vehicles may be ready in several years. After that, they may be upgraded to carry humans to ISS. The President’s plan relies on rapid development of commercial space activities to fill the void left by the Constellation Program.
There are two drawbacks to the commercial space plan. The first drawback is that commercial businesses require a customer base. If ISS operations end, there will be no clear customer for Orbital, SpaceX, or any other commercial companies who wish to be involved in manned spaceflight. Even if ISS operations continue until 2020, those commercial businesses will only be able to rely on a customer for a short period of time – from whenever they are ready until 2020.
The second drawback to the commercial plan is more severe, and likely to be more important to those with a real interest in exploring space. It is unlikely that any commercial business will ever be able to develop a business plan that supports exploration of the solar system outside earth orbit. Companies build satellites because they are profitable, but at no time in the near future will a moon base or a Mars mission be profitable. Advocates of a commercial-only space program must realize that they are confining humanity to earth orbit for the indefinite future.
The largest new line items in the President’s budget involved research and development in three areas: (1) technology demonstration, including in-flight refueling and storage, (2) heavy lift and propulsion, and (3) robotic precursor missions. Such research and development is likely to be useful. However, research and development is more useful when it has a specific mission focus. Which was more useful, the 1804 Lewis and Clark expedition that explored the Louisiana Territory, or theoretical research into building better wagon wheels to enable exploration of the Louisiana Territory?
My six-year old son loves all things related to space, both fictional and real. He watches Stars Wars and Star Trek and asks when we can go to other stars like they do on those shows. I showed him videos of the Ares 1-x burn test and the Ares 1-x test launch. I explained that this was the first version of a rocket which would eventually take us to the outer solar system and then maybe, someday, beyond. I haven’t had the heart to tell him yet that we have decided not to go.
The President’s budget cancels the Constellation Program, the NASA Program to build a new manned spacecraft that first services the International Space Station, then returns to the moon, then continues to Mars and beyond. The cancellation specifically includes elements such as the Orion Crew Exploration Vehicle, the Ares 1 launch vehicle, and the Ares 5 heavy launch vehicle. As justification, the Constellation Program’s critics assert that it is behind schedule and unlikely to meet its ambitious goals without a substantial budget increase. The President proposed to replace the Constellation Program with increased funding to NASA unmanned programs, commercial space initiatives, and extensive investment in new technology needed for future space exploration.
The Space Shuttle Program is scheduled to end later this year after the five remaining scheduled flights. It is too late to revive the Space Shuttle Program, as assembly lines for such items as solid rocket boosters have already been shut down. The Space Shuttle is a 30 year old program, and the Constellation Program was its logical successor.
With the end of the Shuttle Program and the cancellation of the Constellation Program, the only remaining active manned space program will be the International Space Station (ISS). The President proposes to extend the life of ISS until 2020, a reasonable goal. However, after the Shuttle stops flying, the only way for U.S. astronauts to get to or from ISS will be in Russian Soyuz capsules. The only way to bring supplies to ISS will be on Russian Progress vehicles, or less frequently, on Japanese HTV or European ATV vehicles. In other words, ISS may be a U.S. led effort, but the U.S. will no longer be able to get there without help from foreign countries. The Constellation Program would have eventually flown to ISS, but this will no longer be the case.
When the Shuttle stops flying, the U.S. will lose all leverage in managing ISS activities. We will have to go cap in hand to the Russians to beg for rides (they will charge us), and the Russians will call the shots. The absence of a heavy lift spacecraft may lead to maintenance problems on ISS. In addition, the end of the Shuttle and Constellation Programs will produce a NASA brain drain that may compound the problems. In short, we can hope that ISS will operate until 2020, but we will depend on good fortune and the kindness of strangers for it to do so.
Two private companies, Orbital Sciences and SpaceX, have contracts to build commercial vehicles to fly to ISS. These vehicles may be ready in several years. After that, they may be upgraded to carry humans to ISS. The President’s plan relies on rapid development of commercial space activities to fill the void left by the Constellation Program.
There are two drawbacks to the commercial space plan. The first drawback is that commercial businesses require a customer base. If ISS operations end, there will be no clear customer for Orbital, SpaceX, or any other commercial companies who wish to be involved in manned spaceflight. Even if ISS operations continue until 2020, those commercial businesses will only be able to rely on a customer for a short period of time – from whenever they are ready until 2020.
The second drawback to the commercial plan is more severe, and likely to be more important to those with a real interest in exploring space. It is unlikely that any commercial business will ever be able to develop a business plan that supports exploration of the solar system outside earth orbit. Companies build satellites because they are profitable, but at no time in the near future will a moon base or a Mars mission be profitable. Advocates of a commercial-only space program must realize that they are confining humanity to earth orbit for the indefinite future.
The largest new line items in the President’s budget involved research and development in three areas: (1) technology demonstration, including in-flight refueling and storage, (2) heavy lift and propulsion, and (3) robotic precursor missions. Such research and development is likely to be useful. However, research and development is more useful when it has a specific mission focus. Which was more useful, the 1804 Lewis and Clark expedition that explored the Louisiana Territory, or theoretical research into building better wagon wheels to enable exploration of the Louisiana Territory?
My six-year old son loves all things related to space, both fictional and real. He watches Stars Wars and Star Trek and asks when we can go to other stars like they do on those shows. I showed him videos of the Ares 1-x burn test and the Ares 1-x test launch. I explained that this was the first version of a rocket which would eventually take us to the outer solar system and then maybe, someday, beyond. I haven’t had the heart to tell him yet that we have decided not to go.
Subscribe to:
Posts (Atom)
