If Russian hackers target the U.S. as retribution for economic sanctions prompted by its invasion of Ukraine, it could mean more harmful and longer-term cyberattacks than the public sector has experienced previously.
“We remain concerned about the potential for cyberattacks on U.S. public finance related targets such as utilities, infrastructure and state and local governments,” Tom Kozlik, head of municipal research and analytics for Hilltop Securities wrote in a recent report.
Cyber risk for the public sector could shift to attacks aimed at permanently disabling government systems, rather than seeking a ransom, Kozlik said in an interview.
The previous focus had been on targeting entities that had money to pay, Kozlik said, but now the motive would be to create a “shock and awe” or to destabilize, he said.
An example of this was the data wiping software that hit computers in Ukraine.
“This is new,” Kozlik said. “That is why the long-term effects of these wartime attacks could rise above the impact in the past. With ransomware, they would ask for a couple of million dollars and then the systems would come back online almost as good as before. If [data wiping software] is used in the U.S., it could be destabilizing, destructive and expensive.”
It’s difficult to determine credit risk to various public sectors, because it’s unclear “what the specific targets could be. The federal government in the form of the FBI and Homeland Security have just broadly described targets as utilities, infrastructure and state and local governments,” Kozlik said.
The Department of Homeland Security had circulated an intelligence briefing on Jan. 23 warning infrastructure operators and state and local governments that the potential for cyber attacks remained high as the situation between Ukraine and Russia escalated, CNN reported.
Escalating sanctions mean the Russian economy is increasingly cut off from the world. The U.S, the European Commission, and Canada said in a joint statement on Saturday that they would disconnect four of Russia’s largest banks from SWIFT, the Society for Worldwide Interbank Financial Telecommunication, a global service that facilitates transactions among thousands of financial institutions.
State and local governments and agencies that have prepared over a multi-year period for cyber intrusions and that have healthy fund balances will be the best protected from cyber attacks, Kozlik said.
Another risk to U.S. public finance could come from attacks on Ukraine that have knock-on global effects like the NotPetya attack in 2017, S&P Global Ratings analysts said in a report.
The NotPetya malware circulated through a tax reporting software distributed in the Ukraine “caused weeks of disruption for about 7,000 companies across 65 counties globally,” S&P’s report said.
“The economic impact from such an attack for [corporations and governments globally] could exceed the $10 billion estimated from the 2017 NotPetya attack, given increased interconnectedness and digitalization,” S&P analysts wrote.
The Port of Los Angeles’ largest terminal was closed for several days in 2017 when the NotPetya computer worm struck shipping firm Maersk, slowing its computers’ functions to a crawl.
A cyber attack on Colonial Pipeline in May halted 5,500 miles of pipeline, creating severe fuel shortages along the East Coast.
Fitch Ratings continues to “assess the potential impact” of events following the Russian invasion of Ukraine and related sanctions on the credits it rates, a Fitch spokesman said, adding the rating agency would communicate any rating changes “through its normal channels.”
Fitch in a Feb. 10 report pointed to recent steps taken by the federal government to bolster cyber security across the water sector as an important step in mitigating rising cyber risks for publicly owned systems.
“The federal effort to bolster water utility cyber resiliency is timely as [Homeland Security] warned in a Jan. 23 memorandum that operators of public infrastructure could be increasingly targeted as a result of geopolitical tensions,” Fitch analysts wrote. “Similar warnings were issued by the U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency in the past several weeks as global conflicts intensified.”
Hilltop raised its outlook on U.S. state government, local government and school districts in early February to positive from stable, and it does not plan to revise that as a result of the invasion, Kozlik said.