The services provided by municipal borrowers have always been, and remain, vital to our everyday life. The need to protect these services from possible disruption has become ever more important. Cybersecurity can help provide this protection. Cure, as opposed to prevention, is less and less an acceptable option. Luckily, initiatives such as those from NIST and US-CERT already exist. These have been designed to help all levels of government address the challenges of cybersecurity. Incentive remains the key issue.
In sum, initiatives from analysts, bankers, and legal teams, in concert with issuers, to establish a standard clause in bond offering documents committing the borrower to establish and maintain certain cybersecurity standards are of paramount importance. Further, tying an issuer’s credit rating to a commitment to, and subsequent maintenance of, certain cybersecurity standards needs the attention of credit rating agencies to provide the market incentive (lower cost) the issuers seek.
Last week, security firm Symantec reported that dozens of energy companies, including some in the U.S., had been subject to hacker attacks in spring and summer this year. The firm’s analysis found that “hackers obtained what they [power firms] call operational access … giving them the ability to stop the flow of electricity into U.S. homes and businesses.” According to an article on the attacks in WIRED, Symantec noted that hackers had never before “been shown to have that level of control of American power company systems.”
The picture above shows the impact tax-exempt munis (XMPT)(HYD) have had on the US economy. Municipals provide important services for our daily lives, as the image above suggests. As we mentioned earlier in this series, municipalities have significant amounts of citizens’ confidential information, like social security numbers. So it’s very important for municipalities to prevent cyber attacks.
Municipalities need to be vigilant to keep their cyber systems safe. They have to beef up their ability to detect and prevent cyber attacks.