• U.S. Homeland Security’s Cybersecurity & Infrastructure Security Agency posted a joint cybersecurity advisory on December 1st referencing cyberattacks on U.S. critical infrastructure or specifically a single-digit number of public water authorities.
• These incidents are not the same as financially motivated ransomware cyberattacks we have seen. These attacks are more similar to those identified in recent Director of National Intelligence and Homeland Security threat assessments.
• The Municipal Water Authority of Aliquippa in Pennsylvania was hacked by CyberAv3ngers an Iranian Government Islamic Revolutionary Guard Corps affiliated Advanced Persistent Threat cyber actor. Other similar attacks have also occurred on other water agencies but this attack in Pennsylvania is the only incident we have details on for now.
• The direct fallout on Aliquippa Water so far has been very minor and we do not expect results from the attack will have an impact on the water authority’s credit quality.
• We do not know the details of the other attacks so we are not able to judge the credit impact on those just yet.
• We continue to remain concerned about the potential negative credit impact a cyberattack such as these could have on U.S. state and local governments, critical U.S. infrastructure assets, and other public finance entities.

Read the full article

Read more Municipal Commentary