Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Subcontractors Found Liable to Reimburse Insurer Defense Costs in Equitable Subrogation Action
August 03, 2020 —
Christopher Kendrick & Valerie A. Moore – Haight Brown & Bonesteel LLPIn Pulte Home Corp. v. CBR Electric, Inc. (No. E068353, filed 6/10/20), a California appeals court reversed the denial of an equitable subrogation claim for reimbursement of defense costs from contractually obligated subcontractors to a defending insurer, finding that all of the elements for equitable subrogation were met, and the equities tipped in favor of the insurer.
After defending the general contractor, Pulte, in two construction defect actions as an additional insured on a subcontractor’s policy, St. Paul sought reimbursement of defense costs solely on an equitable subrogation theory against six subcontractors that had worked on the underlying construction projects, and whose subcontracts required them to defend Pulte in suits related to their work. After a bench trial, the trial court denied St. Paul’s claim, concluding that St. Paul had not demonstrated that it was fair to shift all of the defense costs to the subcontractors because their failure to defend Pulte had not caused the homeowners to bring the construction defect actions.
The appeals court reversed, holding that the trial court misconstrued the law governing equitable subrogation. Because the relevant facts were not in dispute, the appeals court reviewed the case de novo and found that the trial court committed error in its denial of reimbursement for the defense fees. The appeals court found two errors: First, the trial court incorrectly concluded that equitable subrogation requires shifting of the entire loss. Second, the trial court applied a faulty causation analysis – that because the non-defending subcontractors had not caused the homeowners to sue Pulte, thereby necessitating a defense, St. Paul could not meet the elements of equitable subrogation.
Reprinted courtesy of
Christopher Kendrick, Haight Brown & Bonesteel LLP and
Valerie A. Moore, Haight Brown & Bonesteel LLP
Mr. Kendrick may be contacted at ckendrick@hbblaw.com
Ms. Moore may be contacted at vmoore@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Antidiscrimination Clause Required in Public Works and Goods and Services Contracts –Effective January 1, 2024
January 22, 2024 —
Travis Colburn - Ahlers Cressman & SleightIn July 2023, the Washington legislature passed Senate Bill 5186, which mandates inclusion of select antidiscrimination clauses in every state contract and subcontract for public works, goods, or services executed after January 1, 2024.
[i] RCW 49.60.530(3) codifies the now-required antidiscrimination clauses, which prohibit four categories of discrimination against any person because of age, sex, marital status, sexual orientation, gender identity, race, creed, color, national origin, citizenship or immigration status, honorably discharged veteran or military status, the presence of any sensory, mental, or physical disability, or the use of a trained dog guide or service animal by a person with a disability (the “Protected Class”).
Under the new law, public contractors and subcontractors (“Public Contractor”) may not refuse to hire a person because that person is a member of the Protected Class, unless that refusal is based upon a bona fide occupational qualification or if a person with a particular disability would be prevented from properly performing the particular work involved.
[ii] Similarly, Public Contractors may not discharge or bar a person from employment or discriminate against any person – either in terms of compensation or other terms and conditions of employment – because that person is a member of the Protected Class.
[iii] Last, Public Contractors may not print or circulate (or cause to be printed or circulated) any statement, advertisement, publication, form of application for employment, or make inquiry in connection with prospective employment, which expresses any limitation, specification, or discrimination as to the Protected Class.
[iv] Read the court decisionRead the full story...Reprinted courtesy of
Travis Colburn, Ahlers Cressman & SleightMr. Colburn may be contacted at
travis.colburn@acslawyers.com
Will the Hidden Cracks in the Bay Bridge Cause Problems During an Earthquake?
June 26, 2014 —
Beverley BevenFlorez-CDJ STAFFDespite a “no cracks” welding code and contract provision for the San Francisco-Oakland Bay Bridge, in 2008 Caltrans proceeded with the project despite welding cracks created by the Chinese firm hired to build the roadway, according to the Sacramento Bee. By the time the cracks had been discovered, the costs were at $6.5 billion and climbing, and fixing the cracks would be time-consuming and expensive.
However, there is some dispute as to rather the welding “cracks represent a hazard to the traveling public.”
“Examine history,” Brian Maroney, Caltrans’ chief engineer for the bridge, said in a recent interview by the Sacramento Bee. “… Caltrans reviewed major quakes around the globe and never found a case in which weld cracks caused bridge-roadway fractures.”
However, the Sacramento Bee reported that there was a case where welding cracks led to fractures. For instance, after the southern California earthquake in 1994 centered in Northridge, the Santa Clara River Bridge “suffered several fractures in steel girders. The breaks were traced to tiny cracks in welds, likely present before the quake, and worsened by vibrations of heavy trucks passing overhead. When the quake struck, the girders fractured.”
The Santa Clara bridge did not collapse. Sacramento Bee claimed it remained standing because the I-beam-shaped girders were “not fracture-critical.” However, the Bay Bridge’s “roadway consists of box-girder segments welded together. In effect, they create one contiguous, fracture-critical girder,” Abolhassan Astaneh-Asl, UC Berkeley engineering professor told the Sacramento Bee. “If welds crack and grow rapidly during a large quake, the entire roadway could fail.”
Read the court decisionRead the full story...Reprinted courtesy of
Yellowstone Park Aims for Quick Reopening After Floods
July 03, 2022 —
The Associated Press (Matthew Brown & Amy Beth Hanson) - BloombergGardiner, Mont. (AP) -- Most of Yellowstone National Park should reopen within the next two weeks — much faster than originally expected after record floods pounded the region last week and knocked out major roads, federal officials said.
Yellowstone Superintendent Cam Sholly said the world-renowned park will be able to accommodate fewer visitors for the time being, and it will take more time to restore road connections with some southern Montana communities.
Park officials said Sunday they'll use $50 million in federal highway money to speed up road and bridge repairs. There’s still no timetable for repairs to routes between the park and areas of Montana where the recovery is expected to stretch for months.
Yellowstone will partially reopen at 8 a.m. Wednesday, more than a week after more than 10,000 visitors were forced out of the park when the Yellowstone and other rivers went over their banks after being swelled by melting snow and several inches of rainfall.
Read the court decisionRead the full story...Reprinted courtesy of
Bloomberg
Congratulations to Jonathan Kaplan on his Promotion to Partner!
February 10, 2020 —
Bremer Whyte Brown & O'Meara LLPBremer Whyte Brown & O’Meara, LLP is proud to announce the promotion of Jonathan Kaplan to Partner!
Jonathan has been with the firm for nearly eight years out of our Newport Beach office. He focuses his practice on general liability defense and construction litigation matters, in addition to handling high-profile plaintiff defect cases. Jonathan earned his law degree from Chapman University School of Law, obtaining a certificate in Environmental, Real Estate and Land Use Law, and went to undergrad at the University of Washington. Jonathan is an active participant within the firm’s Hiring Committee and assists with legal recruitment at the prominent Orange County law schools. Jonathan is also an avid hiker and has coordinated several hiking events for our Southern California offices.
Read the court decisionRead the full story...Reprinted courtesy of
Bremer Whyte Brown & O'Meara LLP
Boilerplate Contract Language on Permits could cause Problems for Contractors
March 19, 2014 —
Beverley BevenFlorez-CDJ STAFFCraig Martin on his blog Construction Contractor Advisor discusses the potential problems for a contractor that a “boilerplate contract” could cause: “A recent case revealed the problems a contractor had with permits when the contractor’s estimate contemplated an easy permitting process and compliance, but in actuality it was much, much more difficult.”
Martin cites the case Bell/Heery v. United States, where a contractor discovered that the permit process would be much more time-consuming and expensive than originally planned. When Bell/Heery asked for additional funds to cover the additional costs, the “contracting officer rejected the request, finding that Bell/Heery had assumed the risk of the permitting process and it was liable for any costs associated with the permitting process and construction methods required by the permitting process.”
“Bell/Heery appealed to the Court of Claims,” but lost the battle. The contractor had to absorb $7 million in costs to comply with the required permits.
Read the court decisionRead the full story...Reprinted courtesy of
The Anatomy of a Construction Dispute Stage 2- Increase the Heat
January 21, 2015 —
Christopher G. Hill – Construction Law MusingsLast week we discussed the groundwork and circumstances of a construction claim. This week’s post will discuss the next steps, hopefully short of full blown arbitration or litigation that you, as a construction company, can pursue presuming your claim has been properly preserved.
If your contract requires certain steps such as informal resolution attempts or other items, these are the first things that must be done while still preserving your rights to pursue all remedies available. Instituting such contractually required resolution steps can and should be the first “notch” on the dial of increased pressure on the Owner, General Contractor or possibly Subcontractor against whom you have a claim.
Read the court decisionRead the full story...Reprinted courtesy of
Christopher G. Hill, Law Office of Christopher G. Hill, PCMr. Hill may be contacted at
chrisghill@constructionlawva.com
