Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
ASHRAE Approves Groundbreaking Standard to Reduce the Risk of Disease Transmission in Indoor Spaces
July 10, 2023 —
ASHRAEATLANTA, June 27, 2023 (GLOBE NEWSWIRE) -- ASHRAE announced the approval for publication of its highly anticipated standard to reduce the risk of airborne infectious aerosol transmission in buildings, bringing numerous benefits to occupants and promoting healthier environments.
ASHRAE Standard 241, Control of Infectious Aerosols establishes minimum requirements to reduce the risk of disease transmission by exposure to infectious aerosols in new buildings, existing buildings, and major renovations. Infectious aerosols are tiny, exhaled particles that can carry pathogens that cause infections or disease. These particles are so small that they can remain in the air for long periods of time. Use of this standard could reduce exposure to the SARS-COVID-2 virus, which causes COVID-19, the flu virus and other pathogens. Standard 241 provides requirements for many aspects of air system design, installation, operation, and maintenance.
Standard 241 available now for
presale in the ASHRAE Bookstore.
About ASHRAE
Founded in 1894, ASHRAE is a global professional society committed to serve humanity by advancing the arts and sciences of heating ventilation, air conditioning, refrigeration, and their allied fields.
For more information and to stay up-to-date on ASHRAE, visit ashrae.org and connect on
Instagram,
LinkedIn,
Facebook,
Twitter and
YouTube.
Read the court decisionRead the full story...Reprinted courtesy of
Insurer Able to Refuse Coverage for Failed Retaining Wall
October 28, 2011 —
CDJ STAFFThe Eleventh District of the US Court of Appeals has ruled in the case of Nix v. State Farm Fire & Casualty Company. In this case, the Nixes filed a claim after a portion of the retaining wall in their home collapsed and their basement flooded. State Farm denied the claim “on the ground that the policy excluded coverage for collapses caused by defects in construction and for damage caused by groundwater.”
The court reviewed the Nixes’ policy and found that State Farm’s statement did specifically exclude both of these items. In reviewing the lower court’s ruling, the appeals court noted that State Farm’s expert witness, Mark Voll, determined that the retaining wall “lacked reinforcing steel, as required by a local building code, and could not withstand the pressure created by groundwater that had accumulated during a heavy rainfall.” Additionally, a french drain had been covered with clay soil and so had failed to disperse the groundwater.
The Nixes argued that the flooding was due to a main line water pipe, but their opinions were those of Terry Nix and the contractor who made temporary repairs to the wall. “Those opinions were not admissible as lay testimony. Neither Nix nor the contractor witnessed the wall collapse or had personal knowledge about the construction of the Nixes’ home.”
The lower court granted a summary judgment to State Farm which has been upheld by the appeals court.
Read the court’s decision…
Read the court decisionRead the full story...Reprinted courtesy of
PA Superior Court Provides Clarification on Definition of CGL “Occurrence” When Property Damage Is Caused by Faulty Building Conditions
September 30, 2019 —
Anthony L. Miscioscia & Konrad R. Krebs - White and Williams LLPThe standard for an “occurrence” under a commercial general liability (CGL) insurance policy has been addressed on several occasions by Pennsylvania courts when an insured has allegedly performed faulty workmanship on a construction project. Specifically, in Pennsylvania, a claim for damages arising from an insured’s performance of faulty workmanship pursuant to a construction contract, where the only damage is to property supplied by the insured or worked on by the insured, does not constitute an “occurrence” under the standard commercial general liability insurance policy definition. But what about the circumstance when the insured has failed to perform contractual duties where the claim is for property damage to property not supplied by the insured or unrelated to the service the insured contracted to provide? The Pennsylvania Superior Court recently addressed this question in Pennsylvania Manufacturers Indemnity Co. v. Pottstown Industrial Complex LP, No. 3489 EDA 2018, 2019 Pa. Super. 223, 2019 Pa. Super. LEXIS 729* (Pa. Super. 2019).
Pottstown Industrial Complex arose out of an underlying dispute between a landlord and a commercial tenant who had leased space to store its product inventory. The tenant alleged that the landlord was responsible under the lease for keeping the roof “in serviceable condition in repair.” Notwithstanding this responsibility, the tenant alleged that the landlord failed to properly maintain and repair the roof, resulting in leaks and flooding during four separate rainstorms, destroying over $700,000 in inventory. The tenant specifically alleged that the floods were caused by poor caulking of the roof, gaps and separations in the roofing membrane, undersized drain openings, and accumulated debris and clogged drains.
The insurer filed a declaratory judgment action, seeking a determination that there was no coverage under a commercial general liability policy issued to the landlord. Following a motion for judgment on the pleadings, the trial court entered an order in favor of the insurer, holding that allegations of inadequate roof repairs were claims for faulty workmanship and were not covered under Kvaerner Metals Division of Kvaerner U.S., Inc. v. Commercial Union Insurance Co., 908 A.2d 888 (Pa. 2006) and Millers Capital Insurance Co. v. Gambone Brothers Development Co., 941 A.2d 706 (Pa. Super. 2007).
Reprinted courtesy of
Anthony Miscioscia, White and Williams LLP and
Konrad Krebs, White and Williams LLP
Mr. Miscioscia may be contacted at misciosciaa@whiteandwilliams.com
Mr. Krebs may be contacted at krebsk@whiteandwilliams.com
Read the court decisionRead the full story...Reprinted courtesy of
Contractor Sues License Board
June 30, 2011 —
CDJ STAFFJudge Kendall J. Newman of the US District Court handed down a decision on June 24 on the case of Kent v California Department of Consumer Affairs. Mr. Kent, appearing as his own counsel, had brought the suit against the California Department of Consumer Affairs and the Contractors State Licensing Board after he was arrested in a sting operation and, as the plaintiff put it, “was absurdly arrested and uncooperatively detained for a time longer than necessary or allowed by law under the false pretense of contracting with out a license.” Mr. Kent’s alleged that Rick Lopez, one of the defendants, formed him to read allow from the California Business and Professions Code. He said he was later handcuffed and placed in an uncomfortable chair, “enduring physical pain and emotional agony.”
�Although Kent was given a Notice to Appear, he alleged that a further defendant, Stuart Rind, “closed the plaintiff’s case marked citation A7773 without giving written notice to anyone.” As a result, the Placer County District Attorney’s Office had no record of his Notice to Appear.
�Kent alleged that subsequently his firm was essentially shut down for two years and that he was prevented from “legally contracting or selling services for any other contractor or qualifying for any other licensed capacity governed by the CSLB.” After this, the CSLB suspended the license for his firm, DSI Construction. He was assessed a $1,500 fine, after which he claims he sent a letter to the CSLB demanding money damages. The judge noted that the letter was not included in the plaintiff’s Ninth Amended Complaint.
�Judge Kendall recommended that the plaintiff’s Complaints be dismissed, although he did allow that sixth, and perhaps the eighth and ninth, could be amended with a tenth amended complaint.
�Read the court’s decision…
Read the court decisionRead the full story...Reprinted courtesy of
A Top U.S. Seller of Carbon Offsets Starts Investigating Its Own Projects
April 19, 2021 —
Ben Elgin - BloombergFollowing concerns that it is facilitating the sale of meaningless carbon credits to corporate clients, the Nature Conservancy says it’s conducting an internal review of its portfolio of carbon-offset projects. The nonprofit owns or has helped develop more than 20 such projects on forested lands mostly in the U.S., which generate credits that are purchased by such companies as JPMorgan Chase & Co., BlackRock Inc., and Walt Disney Co., which use them to claim large reductions in their own publicly reported emissions.
The self-examination follows a Bloomberg Green investigation last year that found the world’s largest environmental group taking credit for preserving trees in no danger of destruction. The internal review is a sign that it’s at least questioning some practices that have become widespread in the environmental world, and could carry implications for the broader market for carbon credits.
Read the court decisionRead the full story...Reprinted courtesy of
Ben Elgin, Bloomberg
Civil Engineers: Montana's Infrastructure Grade Declines to a 'C-'
December 23, 2024 —
American Society of Civil EngineersHelena, MT — The Montana Section of the
American Society of Civil Engineers (ASCE) today released the
2024 Report Card for Montana's Infrastructure, assigning 14 categories of infrastructure a cumulative grade of 'C-', which is on par with the national average from the
2021 Report Card for America's Infrastructure. This is a one-notch decrease from the 'C' grade Montana received in its last report in 2018, citing increasingly severe weather events putting strain on aging and underfunded assets, and one of the fastest growing populations requiring expansions of transportation, water and energy infrastructure.
The report includes the first-ever chapter on Montana's broadband infrastructure, assigning an 'I' grade for 'incomplete' due to a lack of sufficient condition data; however, the chapter does note that 71% of Montana residents have access to adequate broadband service, and the IIJA provided nearly $630 million to expand this access across the state.
ABOUT THE AMERICAN SOCIETY OF CIVIL ENGINEERS
Founded in 1852, the American Society of Civil Engineers represents more than 160,000 civil engineers worldwide and is America's oldest national engineering society. ASCE works to raise awareness of the need to maintain and modernize the nation's infrastructure using sustainable and resilient practices, advocates for increasing and optimizing investment in infrastructure, and improve engineering knowledge and competency. For more information, visit www.asce.org or www.infrastructurereportcard.org and follow us on Twitter, @ASCETweets and @ASCEGovRel.
Read the court decisionRead the full story...Reprinted courtesy of
Cal/OSHA Approves COVID-19 Emergency Temporary Standards; Executive Order Makes Them Effective Immediately
July 11, 2021 —
Leila S. Narvid - Payne & Fears LLPOn June 17, 2021, California's Occupational Safety and Health Standards Board (Standards Board) passed amended COVID-19 Emergency Temporary Standards (ETS). Gov. Gavin Newsom issued an Executive Order to make the amended ETS effective as soon as filed with the Secretary of State. The Office of Administrative Law (OAL) filed them, and the Secretary of State posted them, making the ETS effective immediately. These changes attempt to bring the ETS in alignment with recent changes to California Department of Public Health Order and the latest guidance from the Center for Disease Control (CDC). Highlights of the changes to the ETS can be found here.
Face Coverings in the Workplace; Elimination of Physical Distancing
Notably, fully vaccinated employees do not have to wear a face covering indoors except in limited circumstances. Unvaccinated workers will still need to wear face coverings indoors (unless they are alone in a room or eating and drinking) and in shared vehicles. All employees regardless of vaccination status do not have to wear masks outdoors. Unvaccinated employees must be trained that face coverings are recommended outdoors for individuals who are not fully vaccinated when six feet of physical distance cannot be maintained.
Read the court decisionRead the full story...Reprinted courtesy of
Leila S. Narvid, Payne & Fears LLPMs. Narvid may be contacted at
ln@paynefears.com
