Nevada, the latest public entity to be hit by a cyberattack, has been struggling to restore service to state offices since Sunday's attack.
Several offices, including the Department of Motor Vehicles, have been closed for in-person visits since Monday and many state websites have been disabled, including the governor's website, though emergency services like 911 are functioning.
"The state of Nevada identified a network security incident and immediately engaged in 24/7 recovery efforts. The matter is under active investigation," Nevada Gov. Joe Lombardo's office said in a
There is no evidence that personal information was compromised in the cyberattack, the governor's release states. But beyond that assurance, the state has been tightlipped about the nature of the attack and who the perpetrators might be.
"To protect internal systems during an active criminal investigation, the state is unable to provide technical details at this point," the governor's press release states.
Elizabeth Ray, Lombardo's press secretary, didn't return calls seeking comment.
The incident began Sunday morning when the Nevada Highway Patrol and Nevada State Police dispatch phone lines for roadside emergency and assistance calls went down, the governor's release states. Those services have since been restored, the release said, though other in-person and online services remain unavailable.
The Governor's Technology Office has been working with state, local and federal partners to restore services including the Cybersecurity & Infrastructure Security Agency and the Federal Bureau of Investigation.
The GTO is "using temporary routing and operational workarounds to maintain public access where feasible," and validating systems before returning them to normal operations, according to the governor's memo.
State offices are expected to resume offering in-person services later this week. Employees were on leave on Monday but returned to offices on Tuesday.
Sandra Breault, a spokeswoman in the FBI's Las Vegas office, confirmed they are working with the state, but couldn't comment further.
The attack on Nevada comes after St. Paul, Minnesota, faced a
Baltimore also faced a similar incident and
A Fitch Ratings report released in June warned cyber risk for public agencies and government has been heightened by geopolitical conflict, including between Israel and Iran.
"Iranian-state affiliated actors and hacktivist groups are targeting U.S. critical infrastructure and the frequency of cyber intrusions is likely to rise, as highlighted by joint advisories from the CISA, the FBI, Department of Defense Cyber Crime Center, and National Security Agency," Fitch analysts wrote.
Fitch analysts recommend proactive risk management, including cyber insurance, to mitigate threats and maintain credit quality.
The incident, and others like it, are reminders of the increasing risks from cyberattacks to both public and private entities, said Tom Kozlik, head of public policy and municipal strategy for HilltopSecurities.
"The world we live in is shifting every moment, every day, every single time there is a new data center built and Chat GTP goes from version 2 to 3 and from 3 to 4. Every day it makes every element of our life, whether it's folks in the public, or private sector, more aware that if they aren't taking steps to alleviate that risk, that they need to."
He added, local and state governments also have many other tasks to juggle against the need to stay on top of the ever-changing risks from cyberattacks.
"I think awareness is increasing, but I don't think there is understanding about the level of sophistication, particularly when it comes to
Investors are viewing cyber risk in the same way they view weather resilience, he said, meaning it's hard to judge when and where it will hit and the magnitude of the impact on individual credits.
