4 min read

Frequency Analysis #7: Energy season, diverse disclosures and red teams

Over on the progress side of Tail Risk, we've made it to the cultural explanations of stagnation. Culture is a tricky topic to collapse into a tractable enough concept to speak about, in part because we're all surrounded by cultures all the time. Much like the David Foster Wallace joke, This is Water, culture is the set of rules we don't even think about. When cultures overlap or collide, this can create unexpected problems.


Oil prices are hitting highs for the year off of news that Saudi Arabia and Russia are maintaining their cuts in the face of slack demand from China and a so far, uneventful hurricane season in the U.S. The Biden administration's disdain for the Saudis hasn't made it likely that OPEC will buffer any Russian production cuts, a diplomatic strategy that has taken some of the sting out of the administration's sanctions. Not only does the global oil trade highlight cultural frictions between the United States, Saudi Arabia, Russia and China, but also between finance, energy and political cultures.

While we're still below the 2022 highs, look for oil to be continued source of instability in financial markets as we turn towards the winter. Russia will turn its war effort back from targeting agriculture to energy as Ukraine gets colder. Speaking of Ukrainian agriculture and financial markets, Lloyds of London, the world's biggest insurance market, has said it supports the Turkish deal to insure grain cargo coming out of the Black Sea but won't indemnify the cargo without UN backing.

Insurance is a peculiar culture of its own, with customs and jargon older than any other part of finance. When this culture butts up against technology, by definition a culture of novelty, a lot of context can get lost in translation. Throw in regulators, and it quickly devolves into a series of unintended consequences. The SEC's new cybersecurity disclosure rules are riling the already fragile cyber insurance market. The legal analysis expects more coverage denials and greater losses in the short run, which is bad for both policyholders and carriers. In the long run, greater disclosure should mean better data and more accurate underwriting.


Recent news over major new Japanese defense spending has made headlines and is being taken as a sign of increasing tensions between the island nation and China. Most of the money will go towards more ships, new joint development of aircraft with Britain and Italy and missile defense collaboration with the United States. Despite the news cycle, these increases have been well telegraphed by the Japanese government. Last spring, a Brookings piece even claimed that the spending, while higher was far less than the claimed "doubling" of defense spending as a percentage of GDP. The two big reasons they point towards are the ambiguous definition of what counts as defense and the echo-chamber of English language media that relies on other English headlines, not primary Japanese documents.

The recent revelation that Elon Musk, SpaceX CEO, turned off Starlink satellite coverage over parts of Crimea, has created outrage. Musk, who unilaterally decided to provide some $80 million in free equipment and support to the Ukrainian government, feared the Ukrainian attack on the Black Sea peninsula would prompt an escalatory response from Russia. Technology and foreign policy cultures don't often mix, but when they do, the results are often suboptimal. Technology provides the means and foreign policy the rationale, and one without the other is a recipe for conflict. Fortunately, this is old news and the DoD has been paying for Starlink since June.

In fresher Ukraine news, CERT-UA (Computer Emergency Response Team - Ukraine) thwarted a Russian linked phishing attempt at a Ukrainian energy company. This is the first publicly disclosed attempt since last fall, providing support to the thesis of a seasonal pattern in energy and agriculture attacks. Much has been made of the lack of successful cyber attacks against Ukraine, in large part due to the impressive defense of Ukrainian IT professionals, but also because we are fish and cyber attacks are like water.


Speaking of cyber attacks, Apple rolled out an emergency patch to combat the Pegasus Spyware (update your iPhones!). NSO group, the maker of the Pegasus Spyware, has a long and checkered history of selling its software to authoritarian regimes, but these vulnerabilities could be exploited by more than just mercenaries and dictators. It is likely that if researchers were able to find the bugs, sophisticated states have already known about them for some time.

China, coincidentally, has banned all government workers from using iPhones, and may extend the ban to many state owned enterprises. The murky relationship between the U.S. government and Apple is a mirror of Apple's equally murky relationship with the Chinese government. China is now getting serious about using its market power to exploit not just trade secrets and manufacturing know-how, but also software vulnerabilities, with a new disclosure law.

In AI news, Byrne Hobart of The Diff has an excellent take on this article about the unit economics of AI red teams. These red teams attempt to exploit biases and flaws in large language models, to generate responses unintended by the model developers. Whatever you think about the level of intelligence of AI, you have to admit it is developing a distinct culture from humans. Whether it can learn human culture, or just mimic it, will largely determine whether moderation can scale.

In other red teaming news, MITRE, the $1.8B in revenue defense and intelligence non-profit, released an attack simulation framework for operational technology. The open source tool allows defenders to run attack playbooks on their assets, a crucial way to anticipate and practice for cyber attacks. IT has long had attack simulation tools, but a variety of technical and cultural reasons has prevented OT from doing the same. Sometimes cultures that overlap and conflict converge and that's a good thing, at least in this case.