Economics

Infrastructure

  • Puerto Rico
    Repowering Puerto Rico with Solar a Worthwhile Goal, But Harder Than It Sounds
    In the wake of Hurricane Maria, there is an opportunity for Puerto Rico to reconstruct its energy infrastructure to be more resilient and efficient. However, if short-term rebuilding is prioritized over long-term restructuring, this critical window will be missed.
    Blog Post by Guest blogger for Varun Sivaram October 26, 2017 Energy, Security, and Climate
  • China
    Podcast: Will China Achieve Its Asian Dream?
    Podcast
    Most have heard of Xi Jinping’s Chinese Dream, but what is the Asian dream? In China's Asian Dream: Empire Building Along the New Silk Road, the editor of China Economic Quarterly Tom Miller suggests that it is nothing short of regional dominance. Miller takes us on a journey that examines China’s growing investment footprint in the region—from building bridges in Cambodia to establishing ports in Sri Lanka. China has expanded its influence but also encountered numerous political and economic challenges in the process. Miller also underscores the role of others in the region—warning readers not to ignore the importance of India and Japan. Is China likely to succeed in realizing its Asian dream? Listen to this week’s Asia Unbound podcast to find out. Listen on SoundCloud >>
    Podcast October 17, 2017 Asia Unbound
  • United States
    Harvey Lessons for U.S. Export Role: Public-Private Stockpiles
    Inventories play a crucial role in oil and gas commodity markets by smoothing out short term dislocations and sudden changes in demand. The historically high inventory levels lingering from the after effects of a global market share war that has been raging since 2014 helped mute potential shortages from emerging in the wake of Hurricane Harvey. The hurricane initially knocked out roughly four million barrels a day (b/d) of U.S. refining capacity, pipelines, and over a million b/d in U.S. domestic oil production, including offshore output as well as 300,000 to 500,000 b/d from south Texas onshore fields inhibited by flooding for several days. Oil and gas infrastructure requires electricity, workforce availability and safety conditions to operate. While some of the shuttered oil and gas facilities are now coming back on line, the broad physical toll of Harvey’s severe weather event warrants revisiting of the policies surrounding both commercial and strategic inventory management. Just over half of all U.S. refining capacity is located on the U.S. Gulf coast, which is seasonally prone to hurricanes. A reevaluation of inventory policy is particularly important given the United States’ newfound role as a major exporter of oil and gas. In preparation for the storm, close to fourteen refineries fully shut down production around the Houston area. The geographic range of the shutdowns ranged from Corpus Christi, where five refineries were shut down, to Beaumont and Port Arthur, where three refineries went offline. This included Motiva’s 603,000 b/d Port Arthur facility, which is the nation’s largest refinery. As of September 7, the U.S. Department of Energy [PDF] reported that six refineries in the Gulf coast were still shut down and five were just in the process of restarting. At least two ExxonMobil refineries suffered structural damage during the hurricane. U.S. national security can be enhanced by embracing the country’s emerging export role. The Donald J. Trump administration is looking to leverage the opportunity created by U.S. oil and gas exports to assert global energy “dominance.” But for U.S. industry and the United States to benefit to the fullest from its status as a major global oil power, it needs to shore up its bonafides as a secure and reliable supplier. That means forging a stronger link between private and public management of inventories needed to keep oil and gas flowing even in the face of natural disasters and other kinds of supply emergencies. My research with co-authors Colin Carter and Daniel Scheitrum shows that there has been a significant substitution effect between private commercial crude oil inventories and public inventories over the past two decades in the United States. We also found that inventory patterns are changing rapidly as the shale revolution and related export flows have altered oil, gas, and refined products pipeline flows around the United States in ways that are changing the calculus between public and private oil stockpiling activities. For example, reversed pipelines to bring U.S. domestic production down to Gulf coast refiners have meant that access to the Strategic Petroleum Reserve (SPR) for mid-continent refineries is now limited, propelling local refineries to carry higher working inventory. California’s pipeline access to SPR releases is similarly inhibited and has been under study at the federal level. California’s refiners have not increased inventory holdings to sufficiently cover for occasional accidental supply outages, leading to billions of dollars in burdensome fuel premiums being paid by the public. The brief Harvey-related cut off of the Colonial Pipeline, a main artery to bring gasoline to the northern United States from the Gulf coast, turned out to be less severe than similar problems during Hurricane Rita and Katrina partly due to its brevity and availability of local buffer commercial inventories but also given changing trade flows. Earlier this summer, Colonial Pipeline was experiencing lower than usual shipments to the U.S. Northeast as rising oil demand from Mexico and Latin America pulled more U.S. Gulf coast gasoline and diesel exports southward. In other words, a significant portion of the U.S. Gulf coast refining disruption affected U.S. refined product export volumes, which had been averaging 532,000 b/d for gasoline and 1.1 million b/d for diesel in July. The U.S. Department of Energy (DOE) and the General Accounting Office (GAO) have been studying how best to upgrade current SPR infrastructure given changes in the U.S. oil industry and the fact that some of the SPR’s current surface equipment is approaching its technical end of life, raising the chances of equipment failures. Among the questions being asked are: what is the appropriate size for the SPR over time as U.S. oil import levels shrink and also what kinds of upgrades are needed to maintain the system’s broader regional effectiveness. What will help the Trump administration in its current efforts to rethink SPR policy will be the fact that industry now has a greater incentive to ensure that its global image as a secure and reliable supplier is not damaged by poor logistics planning. In other words, policy makers may now have a unique opportunity to reshape the public-private partnership role in inventory management, taking into account the rising importance of the United States’ new role as a global energy exporter. A 2014 National Petroleum Council study entitled Enhancing Emergency Preparedness for Natural Disasters highlighted the importance of coordination between government and private sector leadership in emergency fuel preparedness and implementation. An important lesson from Hurricane Harvey may be that the U.S. emergency preparedness system, including the SPR, needs more flexibility, regional diversity, and enhanced private sector participation. As the Trump administration looks to consider how privatization could best be applied to emergency fuel management, it can look to Europe’s paradigm of combining coordinated mandated requirements for minimum private sector holdings of refined product stocks with more limited public holdings of crude oil for insights on how the SPR system could be reformed to meet the changing U.S. energy outlook. The European system allows for a more interactive coordination between private industry holdings and public policy. There is no question that a more flexible system that combines refiner products stocks and federal government crude oil stores would be beneficial, especially if U.S. import levels decline as expected. The Trump administration could also investigate whether any shale producers around the country could serve as flexible suppliers during a long term national emergency, perhaps through a public tender pre-payment system to purchase incremental local production for emergency release through a funding system for incremental drilling and well completions. Flexibility and public private partnership should be important elements to improving the SPR system. The current Congressional authorization targets up to one billion barrels to be held in the SPR, a level which may now seem arbitrary in light of changing market dynamics. The Trump administration has proposed selling off 270 million barrels of the reserve's current 687.7 million barrels over the next decade as part of a budget plan. The ultimate size of emergency stocks must represent enough to replace U.S. oil imports for 90 days in order to meet its obligations—together with U.S. allies such as Europe, Canada, Japan, and South Korea—under the International Energy Agency’s (IEA) coordinated emergency response measures for the Organization for Economic Cooperation and Development (OECD) membership. There is currently much uncertainty about what level U.S. imports will average in ten years. In light of recent experiences from natural disasters, which can range from hurricanes to flooding events to wildfires, geographic distribution of national emergency stockpiles needs to be given higher consideration in any revamp of the future U.S. preparedness system. Upgrades to the existing public-private emergency preparedness partnership should also consider how to protect the United States’ oil and gas export role to avoid losses in market share during outages. By thoughtfully rejiggering the existing system, the Trump administration might be able to save the tax-payer money, protect U.S. export market share, and wind up with a better, more reliable emergency response.
    Blog Post by Amy M. Jaffe September 13, 2017 Energy Realpolitik
  • United States
    How to Fix the Trump Plan to Fix Our Infrastructure
    In an uncharacteristically low-profile manner, the Trump administration included a high-level preview of how it intends to tackle America’s infrastructure deficit in the 2018 budget request it submitted to Congress this week. The six-page fact sheet asks for $200 billion in infrastructure-related funding and lays out the administration’s primary goal: to seek and secure long-term changes in how projects are regulated, funded, delivered and maintained. Trump’s full-fledged infrastructure plan is expected later this year, but the preview should be lauded as much for what it aims to achieve as criticized for where it falls woefully short. The preview of the infrastructure plan aims to be strategic. The United States lacks a multi-sector national strategy to prioritize and maximize use of scarce federal funds on infrastructure projects. The first principle in Trump’s preview would focus federal funds on high priority and transformative projects. To credibly determine what infrastructure projects are worthy of federal support, the administration will need to first undertake a comprehensive review of significant existing infrastructure assets on a national and regional level, then review current and proposed projects, and define a set of metrics to assess costs and benefits of investment. Metrics could include potential jobs impact, competitiveness, disaster resilience, public safety, public benefit, ability to leverage private capital, how close to “shovel ready” or other factors.  As a good example, in 2010 the United Kingdom addressed its own lack of strategy by developing an annual “National Infrastructure Delivery Plan” aimed at driving nationally significant infrastructure projects forward by unlocking private investment and measuring progress over time. From this strategic plan, the United Kingdom created a “National Infrastructure Pipeline” of priority projects. A second item to be lauded in the Trump preview is its intention to “increase accountability and cut red tape, so that taxpayers get more bang for their buck for every dollar they invest in infrastructure.” This particular quote actually comes straight from the Clinton Campaign’s Infrastructure Plan, not Trump’s preview, but is consistent with Trump’s objective. Both sides of the aisle agree that the current permitting and approval process is inefficient and time consuming. The Trump administration has a head start here, since Congress already provided authority to streamline the federal permitting review process in its 2015 long-term surface transportation bill, the Fixing America’s Surface Transportation (FAST) Act, signed into law by President Obama. This leaves the challenge of implementation[1] largely in the hands of the Executive Branch. A word of serious caution is warranted however: given this administration’s seeming disdain for the environment, its stated aim in the preview to improve “environmental performance” and to “better protect and enhance the environment” as part of this regulatory overhaul could just be a plan to cut important safeguards. A third principle to laud is the goal of increasing the role of the private sector and private finance in U.S. infrastructure investment, another objective consistent with both the Obama administration and the Clinton campaign. It would leverage federal dollars, and specifically highlights increased support for several good programs, including the Transportation Infrastructure Finance and Innovation Act (TIFIA), an existing financing program which supports Public Private Partnerships (PPPs), and innovative financing of transportation infrastructure with loans and credit enhancements. Trump's proposal also calls for expanded use of Private Activity Bonds (PABs), tax-exempt bonds issued on behalf of private entities constructing highway and freight facilities, and would fund the Water Infrastructure and Finance Innovation Act (WIFIA), the new water program based on TIFIA. These would be meaningful steps forward and would likely receive strong bipartisan support. Where Trump’s proposal falls woefully short is that when it comes to investment, much of U.S. infrastructure requires, and will continue to require, robust public funding. The Trump budget proposal would significantly cut public infrastructure funding, and seems to support federal funds only so far as they provide leverage to private initiatives. Senate Minority Leader Charles Schumer (D-NY) estimates $206 billion of infrastructure cuts are in this budget proposal, more than the $200 billion Trump’s 2018 budget proposes to add. More private investment in infrastructure is necessary, but on its own it is not a silver bullet.  Private investors require commercially viable projects that generate revenue in order to invest, and not all infrastructure needs are consistent with generating commercial investment returns. Further, private infrastructure investment works better in high density urban areas where user-fees, tolls and other revenue-generating structures can be used to scale to provide an acceptable return on investment, while much of America's infrastructure needs reside in less concentrated (though politically important) rural communities. Private investment in U.S. infrastructure remains so stubbornly low that over-reliance on private capital in the president’s proposal could easily disappoint.  Between 2007 and 2013 only two percent of overall capital investment in transportation projects came from private capital. The challenge is not the money - investors have significant capital to invest. Trump's team of bankers and businessmen may see the appeal of large sums of private capital looking for opportunities to invest in infrastructure, while at the same time see the country’s massive infrastructure investment needs; a seemingly perfect match. While superficially compelling, for now, the reality is the impediments to consummating that perfect match remain daunting and multi-faceted. There was no nod to these challenges in Trump’s preview of the infrastructure plan. While the preview of the plan “encourages self-help” for state and local governments—code for “you are on your own”— there is no indication of how Trump’s private sector initiative will complement (or compete) with the municipal bond market. Roughly three-quarters of all infrastructure investment in the United States is financed at the state and local level and relies on inexpensive, tax-exempt municipal bond issuance.  This part of our existing system works. Municipal finance is a challenge to the Trump private-sector only proposal because when state and local officials evaluate project costs, benefits and value to taxpayers compared to the higher costs of private capital alternatives and PPPs, they often rightly decide to pursue the traditional municipal bond option. In some cases, it makes more sense to share risk with private partners, potentially resulting in gains from better technology, “know how”, faster delivery, longer life-cycles and cost-effectiveness over time.  But these benefits often become apparent only over a longer time frame, and the value proposition for taxpayers is not always obvious.  Not only is it cheaper to stick with municipal bonds, it is often more politically resonant and defensible for states and local governments. Missing entirely from Trump’s fact sheet is any reference to how it will solve America’s PPP “knowledge gap,” without which it will have trouble advancing any private sector-led plan. Some states are not geared up to utilize private capital at all, and others use a varied patchwork of legal and regulatory systems. While 37 states have some form of enabling legislation and regulatory framework to work with private capital, there is limited consistency between them, with wide disparities as to what types of PPPs can be undertaken.  Given the cross-state nature of many infrastructure projects, this presents an enormous impediment to private-sector participation, which relies on legal and regulatory certainty before putting capital to work. Less obvious, but nonetheless challenging, is the knowledge gap at the state and local government level in evaluating costs and benefits of PPPs. Taxpayers can easily be exploited by private commercial interests if public officials lack the expertise and experience to protect the public interest.  Some states have created "PPP centers" to help guide officials through the process, but this is far from the norm. The Obama administration sought to address this part of the knowledge gap by creating a federal PPP knowledge center, the Build America Bureau, to help provide resources and best practices to states interested in pursuing PPPs, as well as to help streamline access to federal grants and credits. This bureau will need to be supercharged to meet the Trump administration’s ambitions, and become more like P3 Canada, Canada’s PPP knowledge center, which helped drive Canada over the past eight years to become a leading destination for private investment in infrastructure. A more amorphous hurdle is that the United States lacks a “culture” of private investment in many core infrastructure sectors.  Americans draw distinctions between core infrastructure they are comfortable with the private sector controlling and operating -- including electricity grids, telecommunications, pipelines and freight rail—and sectors where they are less comfortable with, and in some cases strongly opposed to, private investment or ownership—including water, airports, roads and bridges.  While not insurmountable (in the UK, for example the urban water supply and all three London airports are privately-owned and operated), changing public perception is a public education challenge and requires time and political effort. This is especially true if privatization becomes a central part of the Trump plan as it seeks “opportunities to appropriately divest from certain functions”. President Trump needs to address where his proposal falls short so he can move a bipartisan effort to repair and replace our country’s creaking infrastructure.  Doing so would not simply help address the country’s estimated $4.6 trillion infrastructure deficit, but could represent a once-in-a-generation legacy that the president so clearly desires. Trump’s final infrastructure plan will not be credible without adding at least a commensurate amount of additional public infrastructure funding to match the $200 billion of funds intended to support the private-sector component. The private component will also need to solve for the knowledge gap in the United States.  There could be bipartisan support for a credible plan to deliver the infrastructure this country sorely needs. The question is will President Trump be able to take a serious stab at making his fact sheet into a plan that might actually work? Endnotes ^ A good review of what can already be implemented comes from the "Bipartisan Policy Center: How the Trump Administration Can Accelerate Permitting Now"
    Blog Post by Heidi Crebo-Rediker May 25, 2017 Renewing America
  • China
    China’s Soft Power, Part 3: Why A Global Rise of Strongmen Won’t Boost Beijing’s Appeal
    As I noted in previous blog posts, China has in recent years embarked upon a global soft power offensive. This charm offensive has included an expansion of Xinhua and other state media outlets into many new markets, as well as professionalizing these news services and hiring many capable reporters. The new charm offensive has included vast increases in aid, much of it part of massive new concepts like One Belt, One Road. It has included an increase in assistance for educational exchanges, new programs for training of foreign officials coming to China on short courses, and an overall effort by Xi Jinping and other senior leaders to portray Beijing as a kind of defender of the global order—at least on trade and climate change, two issues where U.S. leadership appears to be retreating. This attempt to portray Xi as the new defender of the global order was most evident during his visit to Davos, in January. There, he told attendees at the World Economic Forum that Beijing would protect free trade rules and norms, warning that “no one will emerge as a winner in a trade war.” In my previous post, I wrote that, at least in Southeast Asia and Northeast Asia, China’s massive soft power offensive is not likely to succeed. A decade ago, when I wrote a book on China’s then-rising soft power, it might have; Beijing was perceived more favorably by its neighbors back then, in part because it had been relatively modest in exerting its hard power influence in Southeast Asia. Now, after a decade of squabbling over the South China Sea and East China Sea, and a rising Asian arms race, China’s hard power has become significant, and threatening to neighbors. This hard power, delivered in a manner many Southeast Asian nations view negatively, undermines the entire soft power effort. But, globally, China’s image is better than it is these days in Southeast Asia and Northeast Asia, in part because nations in Africa, Eastern Europe, Latin America, or the Middle East do not have to think as much about China’s rising hard power. The current partisan dysfunction in Washington also potentially makes China more appealing. But will the global democratic regression—Freedom House has now recorded eleven straight years of democratic regression in its annual Freedom in the World report— somehow boost China’s soft power? On the surface, the idea seems to make sense. If democratic leaders are failing to address major challenges like economic inequality, climate change, immigration, terrorism, technology’s impact on work and the job market, the rising cost of health care, and other issues, is it possible that an alternative model of governance would work—or at least might become more popular among citizens in many nations?   The fact that voters in democracies around the world are increasingly turning to strongman/strongwoman style candidates suggests that there is some pent up demand for an alternative model of governance, even if those strongmen are elected—which China’s leaders really are not. (The groundbreaking work of Yascha Mounk at Harvard suggests that, especially among younger men and women in many democracies, there is a greater willingness than in the past to consider alternative forms of government.) As the thinking goes, perhaps an elected strongman, like the Philippines’ Rodrigo Duterte or Hungary’s Viktor Orban, can break through political roadblocks, and use the popular will to make important progress on issues like economic inequality, or environmental threats, or sensible immigration? Certainly, strongman-style politicians, many of them using populist rhetoric, have made gains globally in the past decade—from Thaksin Shinawatra in Thailand to Duterte to Orban to many others. So, if voters in democracies are choosing strongman-style politicians, wouldn’t they also warm to China’s own authoritarian leaders, who are supposedly delivering the goods at home? Not necessarily. China, too, has in its own way succumbed to this strongman trend. Xi Jinping is now probably the most powerful single leader of China since Mao Zedong. He has built a formidable personality cult around himself—a cult that harkens back to that of Mao Zedong. He also has cracked down hard on all forms of dissent, within the Party and in society at large. But while Xi may indeed be the most strongman-style leader China has had in decades, his style of governance is not necessarily going to boost China’s soft power around the world. Remember that in most countries that have flirted with or voted in strongmen-style leaders, these politicians were still elected. Polling by the Barometer series shows overwhelming support, in most of these countries, for the idea of electing leaders. In other words, citizens of Thailand or Hungary or the Philippines may have voted in what I have called elected autocrats, but they still overwhelmingly prefer to elect their strongmen. This point cannot be overstated. Electing modern strongmen like Thaksin or Orban is dangerous to the future of democracy—they can undermine democratic institutions even while winning elections. But the Orban/Thaksin/Duterte/Erdogan model is probably going to remain more appealing than a China-style approach, which does not really give the public a voice—not even a voice in choosing a leader who could undermine democracy. A model of an unelected strongman, chosen through opaque and byzantine political maneuvering, is indeed unlikely to be more popular than voters choosing an elected autocrat. Choosing an elected autocrat allows for the possibility that voters can eventually turn against and remove the elected leader—although, as Turkey shows, this gets harder over time. China’s system does not allow for that possibility. In my next post, I will address a second major flaw in China’s authoritarian model that undermines its global soft power.
    Blog Post by Joshua Kurlantzick May 19, 2017 Asia Unbound
  • India
    India Objects to China's Belt and Road Initiative—and It Has a Point
    The grandiose Belt and Road Forum—a symbol of China’s foreign policy stepping-out as a global connectivity visionary—kicked off on May 14 with a notable absentee: India. On May 13, India’s Ministry of External Affairs released its formal response to a question about Indian representation at the Belt and Road Forum, attended by “nearly three dozen” heads of state and dozens of senior officials from around the world. It’s worth reading in full. The statement abandons the typical language Indian officialdom crafts to be as inoffensive as possible to the greatest number of countries. Citing India’s commitment to physical connectivity “in an equitable and balanced manner,” the statement itemizes a series of principles for infrastructure projects that sound like a World Bank investment monitoring report: “must be based on universally recognized international norms, good governance, rule of law, openness, transparency and equality” “must follow principles of financial responsibility to avoid projects that would create unsustainable debt burden for communities” “balanced ecological and environmental protection and preservation standards” “transparent assessment of project costs” “skill and technology transfer to help long term running and maintenance of the assets created by local communities” “must be pursued in a manner that respects sovereignty and territorial integrity” India obviously believes that Belt and Road projects do not meet the above criteria. India’s statement also closes with a kicker focused on the China-Pakistan Economic Corridor (CPEC): “No country can accept a project that ignores its core concerns on sovereignty and territorial integrity.” India’s objections to CPEC have been repeated and vocal. The crux of the issue concerns the transit pathway that will link western China to the plains of Pakistan and then through to a new deep-water port at Gwadar. The only way to get from western China to the heart of Pakistan is through the Karakoram Highway, a high-altitude transport corridor that in many ways could be called the twentieth-century blueprint for the Belt and Road Initiative. The highway was built by China and Pakistan, beginning back in 1959. It opened in 1979. The highway runs through territory now called Gilgit-Baltistan (earlier termed the “Northern Areas”) that was originally part of the princely state of Jammu and Kashmir. India and Pakistan both claim the entirety of the former princely state of Jammu and Kashmir, though it is Pakistan’s claims to the Srinagar Valley that tend to occupy international public attention as the “Kashmir Conflict,” not Indian claims to other parts of the territory which Pakistan presently administers. (The history of this territory is complex; for historical details, see Cabeiri deBergh Robinson’s recent book.) This territory and its history explain the objection to CPEC, but India’s public statement also noted concern for “financial responsibility to avoid projects that would create unsustainable debt burden for communities.” Here, too, the China-sponsored infrastructure developments in neighboring Sri Lanka offer an instructive lesson. Numerous infrastructure projects, negotiated in secret by the former Sri Lankan government of Mahinda Rajapaksa, saddled the Sri Lankan treasury with debts to China estimated at some $8 billion. Sri Lanka cannot repay what it owes, so it has negotiated a debt-for-equity swap of the Hambantota Port project. This has led to protests in the country. With other projects financed by China proliferating, under unclear terms and with the prospect of similar bills due down the line, India’s external affairs ministry has a good point. China’s Belt and Road Initiative is not a gift to the world. It is a vision that has a price tag—known to Beijing. That lesson is worth remembering. But whatever the merit in India’s view, the global response to the forum shows that it has few takers for the moment. This post originally appeared on Forbes.com. Follow me on Twitter: @AyresAlyssa. Or like me on Facebook (fb.me/ayresalyssa) or Instagram (instagr.am/ayresalyssa).  
    Blog Post by Alyssa Ayres May 17, 2017 Asia Unbound
  • South Africa
    The End of South African Electricity Load Shedding and the Prospects of a Nuclear Deal
    A cause of South African malaise since 2010 and beyond has been the shortage of electricity. This shortage transcended more than just social divisions (rich and poor, influential and powerless), it also had a direct impact on the most sophisticated economy in Africa – one that is highly dependent of uninterrupted power. This was the backdrop to President Jacob Zuma’s nuclear cooperation deal with Russian company Rosatom in 2013, with a further agreement in 2016.  Zuma’s government has also had conversations with potential nuclear suppliers in South Korea and the United States. Throughout, Zuma’s nuclear initiative has hardly been transparent, and Zuma’s critics saw the likelihood of contract “irregularities” that would benefit Zuma’s cronies, the Gupta brothers, and perhaps Zuma himself and his family. However, at present there is no longer a power shortage, and load shedding has stopped. The new power abundance appears to be as a result of new generating plants coming on line and a static, possibly declining, demand for power associated with the lack of economic growth. Meanwhile, the Western Cape High Court has ruled that Zuma’s Department of Energy’s deals with “foreign governments” did not follow legal procedures- yet another example of the independent South African judiciary stopping Zuma dead in his tracks. Even during the period of power shortages, many South Africans were dubious about a nuclear energy program. There was concern about its costs and its safety. Though it was the opposition parties that were most vocal, there was significant anti-nuclear sentiment within Zuma’s African National Congress, a reminder that the governing party is hardly monolithic. Further, renewable sources of power are becoming cheaper–and the end of load shedding has made nuclear power less compelling. The court ruling addressed the process by which Zuma was seeking a nuclear agreement with the Russians, not the issue of nuclear power in general. So, the Zuma government could continue to pursue a nuclear agreement through methods that would pass legal muster. However, it is unlikely that one can be achieved before the ANC’s 54th National Conference in December, where the betting is that Zuma will be replaced as party leader. Hence, under these circumstances, there is a reasonable chance that Zuma’s ambitious and expensive nuclear power initiative will cease to exist.
    Blog Post by John Campbell May 4, 2017 Africa in Transition
  • Cybersecurity
    A Cyberattack on the U.S. Power Grid
    Introduction The U.S. power grid has long been considered a logical target for a major cyberattack. Besides the intrinsic importance of the power grid to a functioning U.S. society, all sixteen sectors of the U.S. economy deemed to make up the nation’s critical infrastructure rely on electricity. Disabling or otherwise interfering with the power grid in a significant way could thus seriously harm the United States. Carrying out a cyberattack that successfully disrupts grid operations would be extremely difficult but not impossible. Such an attack would require months of planning, significant resources, and a team with a broad range of expertise. Although cyberattacks by terrorist and criminal organizations cannot be ruled out, the capabilities necessary to mount a major operation against the U.S. power grid make potential state adversaries the principal threat. Attacks on power grids are no longer a theoretical concern. In 2015, an attacker took down parts of a power grid in Ukraine. Although attribution was not definitive, geopolitical circumstances and forensic evidence suggest Russian involvement. A year later, Russian hackers targeted a transmission level substation, blacking out part of Kiev. In 2014, Admiral Michael Rogers, director of the National Security Agency, testified before the U.S. Congress that China and a few other countries likely had the capability to shut down the U.S. power grid. Iran, as an emergent cyber actor, could acquire such capability. Rapid digitization combined with low levels of investment in cybersecurity and a weak regulatory regime suggest that the U.S. power system is as vulnerable—if not more vulnerable—to a cyberattack as systems in other parts of the world. An adversary with the capability to exploit vulnerabilities within the U.S. power grid might be motivated to carry out such an attack under a variety of circumstances. An attack on the power grid could be part of a coordinated military action, intended as a signaling mechanism during a crisis, or as a punitive measure in response to U.S. actions in some other arena. In each case, the United States should consider not only the potential damage and disruption caused by a cyberattack but also its broader effects on U.S. actions at the time it occurs. With respect to the former, a cyberattack could cause power losses in large portions of the United States that could last days in most places and up to several weeks in others. The economic costs would be substantial. As for the latter concern, the U.S. response or non-response could harm U.S. interests. Thus, the United States should take measures to prevent a cyberattack on its power grid and mitigate the potential harm should preventive efforts fail. The Contingency The U.S. power system has evolved into a highly complex enterprise: 3,300 utilities that work together to deliver power through 200,000 miles of high-voltage transmission lines; 55,000 substations; and 5.5 million miles of distribution lines that bring power to millions of homes and businesses. Any of the system’s principal elements––power generation, transmission, or distribution––could be targeted for a cyberattack. In the Ukraine case, attackers targeted substations that lower transmission voltages for distribution to consumers. Lloyd’s of London, an insurance underwriter, developed a plausible scenario for an attack on the Eastern Interconnection—one of the two major electrical grids in the continental United States—which services roughly half the country. The hypothetical attack targeted power generators to cause a blackout covering fifteen states and the District of Columbia, leaving ninety-three million people without power. Other experts have concluded that an attack on the system for transmitting power from generation to end consumers would have devastating consequences. In one scenario, disruption of just nine transformers could cause widespread outages. Many experts are now also concerned that smart grid technologies, which use the internet to connect to power meters and appliances, could allow an attacker to take over thousands—if not millions—of unprotected devices, preventing power from being delivered to end users. Regardless of which part of the power grid is targeted, attackers would need to conduct extensive research, gain initial access to utility business networks (likely through spearphishing), work to move through the business networks to gain access to control systems, and then identify targeted systems and develop the capability to disable them. Such sophisticated actions would require extensive planning by an organization able to recruit and coordinate a team that has a broad set of capabilities and is willing to devote many months, if not years, to the effort. State actors, therefore, are the more likely perpetrators, and given these long lead times, U.S. adversaries have likely already begun this process in anticipation of conflict. It is doubtful that a terrorist organization would have both the intent and means to carry out such an attack successfully. In the future, however, criminal groups could pose a real threat. They are growing in sophistication and in some cases rival, if not exceed, the capabilities of nation states. Payments for ransomware—malicious software that encrypts data and will not provide a code to unlock it unless a ransom has been paid—by some estimates have topped $300 million. This funding could allow criminal groups to purchase more sophisticated capabilities to carry out the ultimate ransomware attack. The likelihood that an attack carried out by a determined and capable adversary would be thwarted by security measures is low. While some U.S. utilities might block attempts by an adversary to gain initial access or might be able to detect an adversary in their systems, many might not have the necessary tools in place to detect and respond. Efforts to improve data sharing that could enable detection by one company to block access across the entire industry are in their infancy. In the Lloyd’s scenario, only 10 percent of targeted generators needed to be taken down to cause a widespread blackout. Short of outright conflict with a state adversary, several plausible scenarios in which the U.S. power grid would be subject to cyberattack need to be considered: Discrediting Operations. Given the importance of electricity to the daily lives of Americans, an adversary may see advantage in disrupting service to undermine public support for a U.S. administration at a politically sensitive time. Distracting Operations. A state contemplating a diplomatic or military initiative likely to be opposed by the United States could carry out a cyberattack against the U.S. power grid that would distract the attention of the U.S. government and disrupt or delay its response. Retaliatory Operations. In response to U.S. actions considered threatening by another state, such as the imposition of economic sanctions and various forms of political warfare, a cyberattack on the power grid could be carried out to punish the United States or intimidate it from taking further action with the implied threat of further damage. There are many plausible circumstances in which states that possess the capability to conduct cyberattacks on the U.S. power grid––principally Russia and China, and potentially Iran and North Korea––could contemplate such action for the reasons elaborated above. However, considerable potential exists to miscalculate both the impact of a cyberattack on the U.S. grid and how the U.S. government might respond. Attacks could easily inflict much greater damage than intended, in good part because the many health and safety systems that depend on electricity could fail as well, resulting in widespread injuries and fatalities. Given the fragility of many industrial control systems, even reconnaissance activity risks accidentally causing harm. An adversary could also underestimate the ability of the United States to attribute the source of a cyberattack, with important implications for what happens thereafter. Thus, an adversary’s expectations that it could attack the power grid anonymously and with impunity could be unfounded. Warning Indicators A series of warning indicators would likely foretell a cyberattack on the U.S. power grid. Potential indicators could include smaller test-run attacks outside the United States on systems that are used in the United States; intelligence collection that indicates an adversary is conducting reconnaissance or is in the planning stages; deterioration in relations leading to escalatory steps such as increased intelligence operations, hostile rhetoric, and recurring threats; and increased probing of electric sector networks and/or the implementation of malware that is detected by more sophisticated utilities. Implications for U.S. interests A large-scale cyberattack on the U.S. power grid could inflict considerable damage. The 2003 Northeast Blackout left fifty million people without power for four days and caused economic losses between $4 billion and $10 billion. The Lloyd’s scenario estimates economic costs of $243 billion and a small rise in death rates as health and safety systems fail. While darker scenarios envision scarcity of water and food, deterioration of sanitation, and a breakdown in security, leading to a societal collapse, it would be possible to mitigate the worst effects of the outage and have power restored to most areas within days. At this level of damage, the American public would likely demand a forceful response, which could reshape U.S. geopolitical interests for decades. Traditional military action, as opposed to a response in kind, would be likely. In addition to the direct consequences of a cyberattack, how the United States responds also has implications for its management of the situation that may have prompted the attack in the first place, the state of relations with the apparent perpetrator, the perceived vulnerability of the United States, and the evolution of international norms on cyberwarfare. How the U.S. government reacts, more than the actual harm done, will determine whether the cyberattack has a continuing impact on geopolitics. If the incident reveals a U.S. vulnerability in cyberspace that can be targeted to deter the United States from taking action abroad, the implications of the incident would be profound. If, on the other hand, the U.S. government shows firm resolve in the face of the attack and does not change its behavior in the interest of the attacker, the event is unlikely to have significant consequences for the role of the United States abroad. On the domestic front, a highly disruptive attack would likely upend the model of private sector responsibility for cybersecurity. As was done with aviation security after 9/11, Congress would likely move quickly to take over responsibility for protecting the grid from cyberattack by either creating a new agency or granting new authorities to an existing agency such as U.S. Cyber Command. Such a move would likely reduce the efficiency of grid operations and open the door to expanding government’s role in protecting other sectors of the economy. A devastating attack might also prompt calls to create a national firewall, like China and other countries have, to inspect all traffic at national borders. However, the experience of other countries and the technical reality of the internet suggest that these firewalls are ineffective for cybersecurity but well suited to restricting speech online and censoring information. Preventive Options Preventing an attack will require improving the security of the power grid as well as creating a deterrence posture that would dissuade adversaries from attacking it. The goal of such a strategy should be to secure the power grid to make it defensible, to detect attempts to compromise the security of the grid, and to provide certainty to adversaries that the United States will be able to attribute the attack and respond accordingly. Protective Measures. Unlike enterprise information technology, the industrial control systems that control the power grid typically perform single functions and need to communicate only with a small set of other devices in routine patterns. Thus, securing these systems and detecting malicious activity should, in theory, be relatively simple. In practice, many industrial control systems are built on general computing systems from a generation ago. They were not designed with security in mind and cannot be updated. This problem has not been corrected with the latest generation of smart grid technologies; the Government Accountability Office (GAO) has found that these devices often lack the ability to authenticate administrators and cannot maintain activity logs necessary for forensic analysis, among other deficiencies. These devices are often accessible from the public internet and use weak authentication mechanisms. Thus, improving the protection of the grid requires investing in new, more secure technology that can be protected and to implement basic cybersecurity hygiene. The challenge is, therefore, not to develop technical specifications to secure the grid but how to incentivize investment. A regulatory approach could theoretically set a minimum standard, thereby leveling costs across all companies and addressing cost-cutting in security measures. Such a regimen—the Critical Infrastructure Protection Standards established by the North America Electric Reliability Council (NERC)—has been in place for over a decade, though GAO has found that many standards remain voluntary and the extent to which utilities have implemented these standards is unknown. Raising and enforcing standards could help prevent a catastrophic attack by encouraging utilities to proactively defend their networks. A model for such an approach could be borrowed from the nuclear sector, where the Nuclear Regulatory Council has established so-called Design Basis Threats and requires nuclear plant operators to prove that they have the controls in place to defeat such threats. Yet, given the thin margins on which utilities operate, such an unfunded mandate is not likely to meaningfully improve security. Moreover, current federal requirements do not extend to power distribution, which is regulated unevenly at the state level. As regulated entities with fees set by control boards, utilities do not have sufficient budgets to significantly increase security funding. Risk managers at utilities will argue that they must balance the possibility of a cyberattack against the near certainty that weather events will affect their customers. A decision to increase spending on cybersecurity could come at the expense of burying power lines, raising them above the tree line, or trimming trees along the lines. In 2016, the Department of Energy (DOE) received only three reports of cyber incidents at utilities; none of the incidents affected customers. In the same time period, forty-one weather events caused outages, affecting 5.2 million customers. Numbers for 2015 show a similar pattern. Thus, some form of rate relief is needed to encourage significant investments in cybersecurity. More could also be done to improve government support for securing electric utilities. The DOE has run a pilot program, known as the Cybersecurity Risk Information Sharing Program (CRISP), for several years to help companies detect advanced threats targeting their networks. DOE labs have also funded research projects on the specific cybersecurity needs of utilities. Yet critics of the program argue that it is too expensive for most utilities to participate in and that it is only focused on detecting threats at network boundaries rather than within ICS networks. Expansion of intelligence and data sharing between the government and private companies, and among private companies themselves, could greatly reduce the chances of an attacker being capable of taking down multiple targets and causing a cascading effect. The Electricity Information Sharing and Analysis Center (E-ISAC) is mostly focused on physical threats and weather events. GAO found cybersecurity information sharing weak across the sector. Sectors such as finance and the defense industrial base have developed strong information sharing practices with government support. Emulating these efforts in the electricity sector would be a valuable government contribution to help owners and operators in the industry protect themselves. Given the large number of utilities and the vast infrastructure to protect, even with improved cybersecurity, an adversary would still be likely to find numerous unprotected systems that can be disrupted. As the Lloyd’s analysis concluded, only 10 percent of targeted generators needed to be taken offline to cause widespread harm. Therefore, improving the security of individual utilities alone is unlikely to significantly deter attackers. By focusing on detecting early signs of an attack and sharing that information within the sector and with the government, even when individual utilities fail to detect attacks on themselves, they can warn the government and other companies and help prevent wider disruption. Deterrent Measures. Adversaries may underestimate both the ability of the U.S. government to determine who carried out an attack and the seriousness with which such an attack would be addressed. Law enforcement agencies such as the Federal Bureau of Investigation (FBI) and the U.S. Secret Service have built strong forensic investigation capabilities and strong relationships with both foreign law enforcement and the intelligence community. Through cooperation, the U.S. government has been able to determine the parties behind most major attacks. The Barack Obama administration publicly named the foreign actors behind some attacks and provided supporting evidence on a case-by-case basis. Making public attribution of attacks a routine practice could be a deterrent. Beyond simply naming the adversary behind attacks, the U.S. government could make clear how it would view an attack on the power grid and the kinds of responses it would consider. Characterizing an attack on the power grid as an armed attack would likely have the strongest deterrent effect. Doing so would reflect the developing norms against peacetime attacks on critical infrastructure as agreed to in the UN Group of Governmental Experts. In keeping with these norms, the U.S. government could outline response options that would be proportional but not necessarily in kind. These response options would clarify how the U.S. government would respond not only to a successful attack but also to a failed attempt and to the discovery of adversarial probing and exploration to prepare for an attack. In developing its policy, the U.S. government should keep in mind that a strong policy against targeting U.S. systems could constrain U.S. military options to target foreign systems. Yet, given the long lead times for carrying out a successful cyberattack campaign, labeling reconnaissance activities as hostile actions and limiting such activities by U.S. cyber operators could mean forgoing the ability to make significant use of cyber operations during a conflict. Mitigating Options If an attack on the grid cannot be prevented, steps can be taken now to mitigate the effects of the attack and plan the response. Pre-Attack Measures. Actions taken now could significantly mitigate the effects of a large-scale blackout caused by a cyberattack. Maintaining and exercising manual operations of the grid, planning and exercising recovery operations, and continually expanding distributed power could significantly shorten the duration of any blackout and reduce economic and societal damage. A SANS Institute report concluded that the effects of the attack on Ukraine’s power grid were largely mitigated because grid operations there could be returned to manual control. Most experts believe that the current complexity of grid operations in the United States would make a switch to manual operations difficult; newer systems might not allow for the use of manual controls at all. Requiring the ability to shift to manual controls and exercising those controls on an annual basis might now be the most valuable step to take. Michael Assante, the former chief information security officer for NERC, argues that utilities should design their systems with backup tools that are either not connected to any information technology networks or are analog. For certain pieces of technology, it may make sense to replace software systems with hardware systems, “hardwiring” functions into circuit boards so that they cannot be modified remotely.   The next administrator of the Federal Emergency Management Agency (FEMA) could make response and recovery planning a priority. The all-hazards approach favored in emergency management may prove insufficient for a blackout of long duration covering large swaths of the nation. Beyond domestic emergency planning, exercising crisis response at a national level with government, allies, and private sector actors would be valuable. Doing so would identify the difficulties of operating without power systems and prompt the development of response options to prevent unneeded delay. The continued expansion of distributed generation in the form of wind and solar installations could also significantly reduce the magnitude of an attack on the grid; however, most rooftop systems feed directly into the grid, and homes and businesses do not draw from their own systems. From a resiliency perspective, it might be worth incentivizing the purchase of systems that allow a direct draw and have on-site storage. Moving military installations in the continental United States off the grid so that they can supply their own power would eliminate one of the rationales for attacking the grid and limit the hindrance caused by such an attack on military operations. Post-Attack Measures. Following an attack, eliminating malware and regaining control of the power grid would likely be carried out by the owners and the operators of affected systems with support from private incident response teams. Specialized support from the Department of Homeland Security’s Industrial Control System Computer Emergency Response Team (ICS-CERT) and the DOE national labs would also be provided. The government’s main role would be attributing the attack and responding to it. The FBI would take lead responsibility for investigating the attack domestically and for conducting computer forensics. The intelligence community would look at its existing intelligence collection for indications of what might have been missed and would begin targeted collection efforts to trace the attack. Within weeks, the U.S. government would have confidence in its attribution. The White House would set the public posture for the response. Based on precedents from both cyber- and non-cyberattacks over multiple administrations, government agencies would likely advocate for a show of firm resolve but recommend avoiding a rush to judgment or an immediate counterattack. Agencies would present a range of options to respond. These options would include a show of military force, such as moving U.S. ships into disputed waters or staging exercises in contested regions; response in kind, through cyberspace; traditional military options; public and private diplomacy; use of economic sanctions targeting the state and the private entities or individuals involved; use of international law enforcement to arrest any parties involved; and targeting of known intelligence assets. The president should choose a strategy that combines these options in such a way as to deter the adversary from escalating further—the adversary should recognize that the consequences of continued escalation will be severe and choose to cease hostile activity, allowing a reset of the relationship. Recommendations The Donald J. Trump administration should focus its efforts on preventing an attack on the grid both through a deterrence policy and by strengthening security. The deterrence policy should articulate how the administration would view an attack on the power grid and should outline possible response options. As a starting point, the administration should be clear that an action against the grid would be treated as an armed attack and signal that a military response in or out of cyberspace would likely be required. The policy should also address how the administration would view the discovery that an adversary had taken initial steps toward a takedown of the grid, particularly the discovery that foreign actors had infiltrated utility networks. Together with continually demonstrating law enforcement and intelligence capabilities to attribute the sources of cyberattacks, a strong statement on deterrence could do more than anything else to prevent an attack on the grid. To ensure that the United States will be able to maintain military operations even in the face of a large blackout, the Trump administration should plan to end the reliance of military installations on the grid. Doing so would also reduce the likelihood of the grid becoming a military target. To protect the grid from cyberattack, the Trump administration should initially focus on creating an information-sharing system that can bring together early signals that an attack against the grid is under way and share information that can be used to stop it. A stronger E-ISAC and a strong DOE counterpart to support it are necessary. The DOE should model its efforts on the Department of Defense’s Cyber Crime Center, which provides intelligence feeds and forensic support to companies within the defense industrial base. The newly created Cyber Threat Intelligence Integration Center within the Office of the Director of National Intelligence should ensure that collection and analysis of threats to the grid are an intelligence priority and that intelligence on threats to the grid are downgraded and shared with targeted utilities. In the event that an attack on the grid succeeds in causing blackout to some extent, the Trump administration should ensure that both the government and the industry are prepared to respond. FEMA should develop a response plan for a prolonged regional blackout that addresses the logistical difficulties of responding at scale in an environment degraded by the loss of power. NERC standards should require companies to maintain capabilities for manual operations. Those operations need to be exercised on a regional and coordinated basis. Finally, the Trump administration should ensure that utilities can invest sufficiently in cybersecurity and do not need to make tradeoffs between traditional risk management activities and addressing national security threats. Increased funding could be achieved through a user fee similar to the universal service fee on phone lines, though a new tax on consumers may not be politically feasible. Alternatively, a tax deduction for utility spending on cybersecurity may be a less direct—but more politically palatable—way to increase funding. The Trump administration should also set security requirements for infrastructure investments made for the grid as part of its proposed stimulus package. Collectively, these recommendations, if implemented, would greatly reduce the likelihood of an adversary deciding to conduct a cyberattack on the U.S. power grid while also improving the chances that the United States would manage any such attack without significant disruption of service. 
    Contingency Planning Memorandum by Robert K. Knake April 3, 2017 Center for Preventive Action
  • China
    Behind China’s Gambit in Pakistan
    China’s flagship investment project in Pakistan could provide a much needed economic spark, but significant security and political challenges loom.
    Expert Brief by Daniel S. Markey and James West May 12, 2016
  • Asia
    Integrating the Region and Bridging Differences
    Play
    Experts assess regional opportunities to realize economic integration through trade agreements and infrastructure investment.  
    Event with Shahid Burki, Jayant Prasad, Su Xiaohui and Steven Weisman May 4, 2016
  • Cybersecurity
    The President’s Cybersecurity Plan Is More of the Same (And That’s a Good Thing)
    Today, the Obama administration announced the Cybersecurity National Action Plan. Already turned into an acronym in Washington, DC, CNAP is not so much a bold new direction as a tidying up of loose ends to set the stage for the next administration. Critics are already lambasting the plan as “nothing new.” Yet given the political calendar, it would be hard for the president to set an entirely new course. And given the reality of the cybersecurity challenge, it would also not be warranted. The Obama administration has focused its efforts to date on preserving and extending an “open, interoperable, secure, and reliable” Internet. Its cybersecurity policies (at least after the failed 2011 regulatory attempt) have been about avoiding cures for cyber threats that are worse than the disease. In other words, don’t launch a Manhattan Project to reinvent the Internet so that it is inherently secure and therefore easily controlled; do try to increase adoption of two factor authentication. Cybersecurity is an area in which many have demanded bold new approaches but few have been able to articulate what those would be. Witness Jeb Bush’s cyber plan, which basically (and wisely) calls for a continuation of the Obama administration’s policies while taking swipes at Hillary Clinton’s email server. Similarly, Ben Carson’s plan called for creating a series of programs that already exist and creating a new agency that looks a lot like the Department of Homeland Security. From this perspective, the CNAP isn’t so much about setting a new direction as it is about implementation. It takes long-overdue actions like appointing a single official to be in charge of federal agency cybersecurity in a new Chief Information Security Officer. It creates a privacy council to resolve the many privacy challenges associated with implementing cybersecurity. And it calls for modernizing insecure an unsecurable legacy IT systems. The plan also not-so-subtly puts the onus on Congress to put its money where its mouth is. For two successive years, Congress has managed to pass new laws that clarified mandates and set the stage for the federal government to act. Now the president is asking for the funds to put those authorities to use. If President Obama succeeds in getting Congress to boost the cyber budget by 35 percent, those funds will mostly be spent by whoever wins the election in November. For close watchers of cybersecurity policy, the timing and approach is very similar to what the Bush administration did in its last year with the then classified Comprehensive National Cyber Initiative (CNCI). That program put billions of dollars into cybersecurity, beginning many of the programs that came to fruition in the Obama administration. Michael Daniel, the President’s cybersecurity advisor and the reported force behind the CNAP, is a former Office of Management and Budget official who worked on that program. When the Center for Strategic and International Security assembled a group of experts in 2008 to make recommendations to the next president on cybersecurity, their number one piece of advice was simple: “Do not start over.” Instead, build off of CNCI, making adjustments and changes where necessary. It was sage advice. Whatever progress President Obama and his team can make in the next year should be the foundation for the next administration. If the next president gets to declare victory on the cybersecurity challenge, it won’t be because he or she charted a bold new course, but because previous administrations laid the groundwork for success.
    Blog Post by Robert K. Knake February 9, 2016 Net Politics
  • Infrastructure
    Road to Nowhere: Federal Transportation Infrastructure Policy
    Overview How America Stacks Up: Economic Competitiveness and U.S. Policy compiles all eight Progress Reports and Scorecards from CFR's Renewing America initiative in a single digital collection. Explore the book and download an enhanced ebook for your preferred device.  In his blog post, CFR Senior Fellow and Renewing America Director Edward Alden introduces the Renewing America Progress Report and Scorecard series, which is intended to highlight—in both a visually compelling fashion and in a more detailed narrative—the challenges the United States faces in rebuilding the foundations of its economic strength. The second installment of the series, "Road to Nowhere: Federal Transportation Infrastructure Policy," provides a critical assessment of federal transportation policy. Just a generation ago, the United States invested heavily to create one of the world's best transportation infrastructure networks. But now, with real investment stagnating even as much of the infrastructure is reaching the end of its useful life, global economic competitors are leaving the United States behind. Along with a description of major policy initiatives, the report analyzes what's needed to get U.S. transportation infrastructure back on track. This scorecard is part of CFR's Renewing America initiative, which generates innovative policy recommendations on revitalizing the U.S. economy and replenishing the sources of American power abroad. Scorecards provide analysis and infographics assessing policy developments and U.S. performance in such areas as infrastructure, education, international trade, and government deficits. The initiative is supported in part by a generous grant from the Bernard and Irene Schwartz Foundation. Download the scorecard [PDF]. Table of Contents Click on a subject below to view and download each Progress Report and Scorecard.
    Report by Rebecca Strauss and Edward Alden February 1, 2016 Renewing America
  • Trade
    Cyber Week in Review: January 8, 2016
    Happy New Year! Here is a quick round-up of this week’s technology headlines and related stories you may have missed while you were binging on Netflix, eating turkey or Chinese food, and ringing in 2016. 1. The first publically-known cyberattack to take down a power grid? Ukraine’s energy ministry accused Russia perpetrating a cyberattack that caused a power outage, affecting several hundred households on December 23, 2015. If true, this is the first known instance of hackers disabling a power grid. Some press reports have attributed the attack to malware known as “BlackEnergy,” while others have pointed to a group of Russian hackers called “SandWorm.” However, as Robert Lee has pointed out, there’s not yet enough information about the attack to come to a conclusion. In the meantime, U.S. companies that rely on industrial control systems should review their defenses and keep their ears open for new information on the incident in Ukraine as it becomes available. 2. Chinese regulators suspect Microsoft of antitrust. Chinese regulators have reignited a probe into alleged monopoly practices by Microsoft first started in summer 2014 when officials raided the company’s Chinese offices, seizing documents and hard drives. The State Administration for Industry and Commerce says that “major questions” remain regarding the data seized in the 2014 raids. Microsoft’s China troubles should be a red flag for other foreign firms hoping to do business in China. Despite hosting leaders of Chinese and U.S. tech companies for a meeting with Chinese President Xi Jinping and launching a new partnership with a Chinese government-owned electronics firm in the last few months, Microsoft can’t seem to get a break. Nor is the environment in China for foreign tech companies likely to get better any time soon. Last month, the Chinese legislature passed a counter-terrorism law that authorizes the government to require telecoms to assistance in terrorism investigations, which includes handing over encryption keys. 3. The Netherlands and the United Kingdom disagree over encryption. The Dutch government issued a statement in which it ruled out pursuing legislation that would limit the "development, availability and use of encryption" within the Netherlands. In other words, the Dutch government has decided that it will not legislate the creation of "back doors" that would allow law enforcement from decrypting communications. That approach differs considerably to that of the United Kingdom, where the government is currently seeking comment on a draft law that would, among other things, require communications providers to have the ability to decrypt communications, retain metadata on their customers, and explicitly authorize UK law enforcement to engage in offensive cyber operations against terror suspects. Tech companies have roundly criticized the UK proposals, noting that they would have far-reaching consequences in reducing user security and privacy. Last week, NetPolitics contributor Lincoln Davidson recently took a look at the encryption issue in our top five cyber issues of 2015 series. You can check it out here. 4. More questions than answers over unauthorized code in Juniper software. Last month, Juniper Networks, one of the largest sellers of networking products, announced that it had discovered unauthorized code in some of its NetScreen firewall software that would allow a potential attacker to decrypt VPN traffic. The fact that Juniper called it unauthorized code instead of a software flaw (i.e. an error in the way the code was written) suggests that it was deliberately placed and probably the work of an intelligence agency. That led some to believe that the flaw was the work of the NSA, given that some of the Snowden documents refer to NSA operations against Juniper products. While Juniper has not further commented on what the unauthorized code contained, it would seem that Juniper deliberately undermined the security of NetScreen. According to Kim Zetter at WIRED, the company incorporated an algorithm into NetScreen’s code and configured it in a manner that would make it more vulnerable to compromise. It’s unclear why Juniper would do this--and Zetter does not speculate. The mystery is likely to become the best cyber-related whodunit of 2016.
    Blog Post by Adam Segal January 8, 2016 Net Politics
  • Infrastructure
    New Cyber Brief: Cleaning Up U.S. Cyberspace
    The Digital and Cyberspace Policy Program has launched its fifth Cyber Brief. This one is authored by Net Politics’ own Robert K. Knake. The U.S. government’s effort to persuade other countries to adopt norms of responsibility for cyberspace faces a significant obstacle: computers located in the United States host much of the malicious software used to carry out cyberattacks. Botnets—groups of compromised computers under the control of a malicious actor—are regularly used to distribute spam, spy, break passwords, harvest credentials, and engage in distributed denial-of-service (DDOS) attacks. When botnets located in the United States attack computers in other countries, the victims could view the United States as either being behind the attacks or an accomplice in violation of the norms the United States is pressuring other countries to uphold. Other countries have nearly eliminated botnets operating under their jurisdiction, but the U.S. government has not aggressively pursued the issue, and U.S. Internet service providers (ISPs) have chosen mostly to ignore this type of malicious traffic when it emanates from their customers. Rob outlines why this is the case and what the U.S. government and U.S. private sector can do about it. You can find the full brief here.
    Blog Post by Adam Segal December 9, 2015 Net Politics
  • Infrastructure
    Finally a Highway Bill, But Big Financing Problems Remain
    For the first time in a decade, Congress has cobbled together a highway bill that guarantees transportation infrastructure funding for several years. House and Senate negotiators announced a deal this week, and the final votes are expected shortly. Unfortunately, the bill does nothing to fix the terrible infrastructure financing system, nor does it increase current spending levels enough. First the good news. It fully funds highway and transit spending for five straight years, ending a six-year era of multi-month funding patches that made planning for multi-year capital investments at the state and local level particularly difficult. The act beefs up security measures for rail that could help to prevent accidents, like the one that left eight dead near Philadelphia last May. It sets up a new grant program focused on improving freight corridors. And Amtrak would be given more freedom to focus its resources on the heavily-traveled northeastern corridor. But on the big-ticket dilemmas facing federal transportation policy, this bill is a disappointment. The FAST Act, as it’s known, does nothing to fix how the federal government funds highway and transit spending. The financing system is a mess. Our updated infographic scorecard on federal transportation policy serves as a useful primer for what’s gone wrong. Drivers pay a federal gas tax, with those revenues placed in trust funds dedicated solely to pay for highway, roads, and transit. But the gas tax is not producing as much revenue as it did in the past, mostly because the gas tax has been stuck at 18 cents since 1993, meaning its real value has been on the decline for over two decades. Since 2008, gas tax revenues have been less than highway spending, forcing Congress to borrow money from the general fund to plug the gap. Next year the gap is estimated to be $16 billion. In ten years it could be $25 billion. Instead of raising the gas tax or finding a sustainable long-term self-financing solution to the deficit, the highway bill relies on one-off withdrawals and budget gimmicks. Most of the hole will be plugged by withdrawing from the Federal Reserve’s rainy day surplus fund. The rest comes from lowering Federal Reserve dividend payments to banks, selling oil from the Strategic Petroleum Reserve, levying some customs duties and outsourcing some IRS work. And while the United States should be spending substantially more on transportation funding, the highway bill increases funding only slightly above inflation adjustments. Other peer countries in the G7 spend nearly twice as much (as a percentage of GDP) on transportation infrastructure. According to official government estimates, we are only spending enough to maintain our highways and roads, but not enough to improve or expand them. Since 1980, the U.S. population has grown four times faster than new lane construction. Congestion is now twice as bad as it was in the early 1980s. Policymakers have been grasping at partial solutions. States and localities have been raising their own gas and sales taxes to pay for transportation investments, but not enough to make up for where federal spending should be. Politicians from across the political spectrum have supported using more public-private partnerships (P3s) to take some of the burden off the public sector. But private financing only works for a limited number of projects that have a high enough rate of return. Transportation infrastructure is a public good, and public dollars should make up the lion’s share of the investment gap. Ultimately, the American people will have to spend more to pay for their infrastructure. This means raising federal tax revenue to fully fund the spending through some kind of tax hike. By locking in budget gimmicks for five years, the highway bill delays the serious discussion this country must have about how to pay for and improve its infrastructure.
    Blog Post by Rebecca Strauss December 3, 2015 Renewing America