Skip directly to Accessibility Notice
  • Muni Nation

    Cybersecurity and Municipal Bonds: Part 2

    Jim Colby, Portfolio Manager
    August 24, 2017

    Addressing the Issues

    This is part two of a three part series by Jim Colby, Municipal Bond ETF Portfolio Manager at VanEck, that explores the intersection between cybersecurity and the municipal bond market. Part 1 looks at what is at stake; Part 2 describes ways in which these issues can be addressed; and Part 3 discusses possible drivers to action.

    We have firmly established that cybersecurity is a critical issue in the muni space – an arena that impacts the everyday lives of all Americans. Now let's look at how cybersecurity issues are already being addressed through two important initiatives that have been developed by the federal government and the private sector.

    Creation of the NIST Cybersecurity Framework under Obama

    Cybersecurity's importance is being recognized at the highest levels. Help from our central government in Washington DC in tackling cybersecurity issues has been available to state and local governments (and others) for some time.

    On February 12, 2013, President Barack Obama issued the first executive order addressing cybersecurity: Executive Order (EO) 13636 entitled "Improving Critical Infrastructure Cybersecurity". The order directed the Executive Branch to "enhance the security and resilience of the Nation's critical infrastructure".1

    One of the most important things resulting from EO 13636 has been the "Framework for Improving Critical Infrastructure Cybersecurity"2developed by the National Institute of Standards and Technology's (NIST). The NIST Cybersecurity Framework follows a set of industry standards and best practices to help organizations manage cybersecurity risks, and was established through the collaboration of the government and the private sector.

    Critical Infrastructure Sectors1

    • Chemical
    • Commercial Facilities
    • Communications
    • Critical Manufacturing
    • Dams
    • Defense Industrial Base
    • Emergency Services
    • Energy
    • Financial Services
    • Food and Agriculture
    • Government Facilities
    • Healthcare and Public Health
    • Information Technology
    • Nuclear Reactors, Materials, and Waste
    • Transportation Systems
    • Water and Wastewater Systems

    NIST Cybersecurity Framework Becomes Policy under Trump

    President Trump recognized the importance of standardizing cybersecurity practices by issuing EO 138003on May 11, 2017. This EO turned the NIST framework into federal government policy that requires NIST to provide cybersecurity process frameworks for all federal agencies.4

    NIST highlights the fact that cybersecurity cannot be addressed by technology alone. The NIST Cybersecurity Framework goes beyond technology and also addresses both people and processes. All are critical to solving cybersecurity issues. Just as importantly, whatever an organization's size, the degree of its exposure to cybersecurity risk, or its cybersecurity sophistication, the NIST framework can help it "to apply the principles and best practices of risk management."5

    How Municipalities Benefit from NIST Framework

    The NIST Cybersecurity Framework provides an important resource for municipal governments. State and local governments "face unique challenges due to limited resources, complex regulations, and an increasingly sophisticated threat environment,"6according to global tech giant Cisco. The NIST Framework offers municipalities a proven risk-based approach to tackling cyberthreats, one that "reduces complexity and provides visibility, continuous control, and advanced threat protection across the extended network and attack continuum before, during, and after a cyberattack."7

    US-CERT: A Safer, Stronger Internet for All Americans

    Cybersecurity help is also available to state and local municipalities through US-CERT (the U.S. Computer Emergency Readiness Team), established in 2003. Its overall mission is to strive for "a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world." One of US-CERT's critical mission activities is to provide timely and actionable cybersecurity information to state and local governments.

    What Will Drive Municipalities to Take Action?

    Part 3 will discuss possible drivers to action. Whether private or public, organizations need incentives to address cybersecurity. Come the day of reckoning when an organization/local or state government is held to cybersecurity ransom, any excuses will likely be recognized as hollow.


    This content is published in the United States for residents of specified countries. Investors are subject to securities and tax regulations within their applicable jurisdictions that are not addressed on this content. Nothing in this content should be considered a solicitation to buy or an offer to sell shares of any investment in any jurisdiction where the offer or solicitation would be unlawful under the securities laws of such jurisdiction, nor is it intended as investment, tax, financial, or legal advice. Investors should seek such professional advice for their particular situation and jurisdiction.

    VanEck does not provide tax, legal or accounting advice. Investors should discuss their individual circumstances with appropriate professionals before making any decisions. This information should not be construed as sales or marketing material or an offer or solicitation for the purchase or sale of any financial instrument, product or service.

    Please note this represents the views of the author and these views may change at any time and from time to time. MUNI NATION is not intended to be a forecast of future events, a guarantee of future results or investment advice. Current market conditions may not continue. Non-VanEck proprietary information contained herein has been obtained from sources believed to be reliable, but not guaranteed. No part of this material may be reproduced in any form, or referred to in any other publication, without express written permission of VanEck. MUNI NATION is a trademark of Van Eck Associates Corporation.

    Municipal bonds are subject to risks related to litigation, legislation, political change, conditions in underlying sectors or in local business communities and economies, bankruptcy or other changes in the issuer’s financial condition, and/or the discontinuance of taxes supporting the project or assets or the inability to collect revenues for the project or from the assets. Bonds and bond funds will decrease in value as interest rates rise. Additional risks include credit, interest rate, call, reinvestment, tax, market and lease obligation risk. High-yield municipal bonds are subject to greater risk of loss of income and principal than higher-rated securities, and are likely to be more sensitive to adverse economic changes or individual municipal developments than those of higher-rated securities. Municipal bonds may be less liquid than taxable bonds.

    The income generated from some types of municipal bonds may be subject to state and local taxes as well as to federal taxes on capital gains and may also be subject to alternative minimum tax.

    Diversification does not assure a profit or protect against loss.

    Investing involves substantial risk and high volatility, including possible loss of principal. Bonds and bond funds will decrease in value as interest rates rise. An investor should consider the investment objective, risks, charges and expenses of a fund carefully before investing. To obtain a prospectus and summary prospectus, which contain this and other information, call 800.826.2333 or visit Please read the prospectus and summary prospectus carefully before investing.