Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Cyber attacks heighten credit risks in US public sector: S&P

Reprints
Cyber attacks heighten credit risks in US public sector: S&P

(Reuters) — Credit risks stemming from cyber attacks on U.S. cities, school districts and other municipal bond issuers are likely to grow as the public sector remains an easy target for hackers, S&P Global Ratings said in a report Wednesday.

The U.S. public sector has broadly and quickly adopted new technologies to provide public services, such as online bill payment systems, but it has had a hard time guarding against increasingly frequent and sophisticated cyber attacks, the S&P report said.

"The very nature of public finance attracts criminals looking for an easy target," it said.

While S&P has never downgraded a municipal issuer because of a cyber incident, repeated successful attacks can eat away at credits over time by eroding public trust, the report said. That would potentially make it harder for municipal issuers to increase tax rates and take other measures needing public support.

The public sector struggles with retaining information security talent and keeping an aging workforce up to speed on emerging cyber risks, S&P said. The transparent nature of government, where information is more accessible compared private companies, makes public entities increasingly vulnerable.

Cyber criminals are also getting more organized and more professional, it said.

On the so-called darkweb, where illegal activity can be engaged in freely, purchasers of ransomware — software designed to block access to a computer system until a sum of money is paid — are offered moneyback guarantees, the report said.

Attacks launched on the public sector commonly involve extortion attempts. That was the case earlier this year in Atlanta, where hackers demanded roughly $50,000 in bitcoins after encrypting data across city departments.

The attacks also include cases where someone hacks into a municipal website to push a political or social message in a so-called "hacktivist" action. Sometimes hackers simply leach off of public networks, slowing them down for lengthy periods of time before being detected.

Despite concerns about losing public confidence, municipal issuers should stop concealing cyber attacks, which they often do out of embarrassment, S&P said. Instead, it recommended sharing details of attacks broadly with the municipal bond market and law enforcement.

Public entities should also report the attacks through an event notice on the Municipal Securities Rulemaking Board website, EMMA, it said.

"Only with consistent and transparent disclosure can the evolving sophistication of cyber criminals be recognized and prudent mitigation measures taken and disseminated," the report said.

 

Read Next