How Municipalities Can Prevent Cyber Attacks

One possible driver to action could simply be alerting the public through their local media outlets just what havoc can be, and has been, wrought by cyberattacks.

VanEck - Author
By

Sep. 25 2017, Updated 12:06 p.m. ET

uploads///Healthcare Has Been One of the Major Industries Hit by Ransomeware

VanEck

Article continues below advertisement
Article continues below advertisement

Possible Drivers to Action

One possible driver to action could simply be alerting the public through their local media outlets just what havoc can be, and has been, wrought by cyberattacks. For example, at the National Health Service in the U.K. and the power company Prykarpattyaoblenergo in Ukraine. While the latter appears to have been a targeted attack, the former was simply about money. While both were malicious and extremely damaging, they could also be viewed simply as warning shots and indicative of what further might happen.

Another driver could lie with municipalities’ furthering their own commitments to high-quality and reliable public services. Terry Smith, CEO and founder of Smith’s Cyber Security Gradings, believes that with the tradition of first-class service to uphold, public sector (both state and local) cybersecurity professionals are willing to meet the challenge, but the critical physical infrastructure is weak.

Article continues below advertisement

I believe two other potentially effective approaches (if they were adopted) lie with the muni bond market itself. First, lenders should insist that bond issuers meet certain minimum standards of cybersecurity. These could be based on guidelines and standards set out by NIST and/or US-CERT. And their adherence to these standards will be monitored on a continuing basis.

A commitment to and the subsequent maintenance of, these standards would be incorporated in municipal bond offering documents; that is, a clause covering cybersecurity would become standard. Its absence would likely result in a yield penalty to the issuer similar to what occurs with bond insurance.

In the second instance, a commitment to and the recognition of standards by, credit rating agencies would have a direct bearing on an issuer’s ability to obtain a stronger rating for the bond: the tradability of the bond would likely improve as a result. Cybersecurity gradings do already exist in the private sector, but not yet in the muni space.

Market Realist

Municipalities (MUB)(XMPT) need to initially undertake a risk assessment so they can know what information assets they own and identify vulnerable areas.

Once they’ve determined this key information, municipalities can look at encrypting data. An important step that has worked for companies and could also work for municipalities is data encryption. Encrypted data can only be read by the person who knows the encryption key.

As the graph above shows, cyber attacks have hit businesses the most, followed by governments, from 2015 to 2016.

Advertisement

Latest iShares National AMT-Free Muni Bond News and Updates

    Opt-out of personalized ads

    © Copyright 2024 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.