Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
What California’s COVID-19 Reopening Means for the Construction Industry
July 05, 2021 —
Garret Murai - California Construction Law BlogThis past Wednesday, Governor Newsom announced that California would reopen after being in lockdown for over a year due to COVID-19. Gone is Governor’s Stay at Home Executive Order. Gone is California’s Blueprint for a Safer Economy. And gone is the state’s somewhat confusing four-tier, yellow (minimal), orange (moderate), red (substantial) and purple (widespread), risk-level mapping system.
So what does this mean for the construction industry?
Well it’s not quite business back to usual. CalOSHA’s Standards Board voted this past Thursday to pass revised COVID-19 Emergency Temporary Standards (“Revised Standards”). That same day, Governor Newsom signed Executive Order N-09-21 implementing the Revised Standards immediately while they are being reviewed by the Office of Administrative Law.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Nomos LLPMr. Murai may be contacted at
gmurai@nomosllp.com
Toolbox Talk Series Recap - Guided Choice Mediation
November 05, 2024 —
Douglas J. Mackin - The Dispute ResolverIn the September 26, 2024 edition of Division 1's Toolbox Talk Series,
Clifford Shapiro presented on Guided Choice Mediation (“GCM”) and how it can lead to better outcomes in construction disputes.
GCM is an approach to mediation that focuses on early and efficient dispute resolution, which prominent mediators created as a public interest project.
Shapiro described his particular variant of GCM based on his experience while acknowledging that other Guided Choice Mediators’ processes may differ from his in various ways. Shapiro’s brand of GCM focuses on ensuring that parties have reasonable expectations and appropriate settlement authority prior to arriving at a mediation. Some of the strategies to help accomplish these noble goals are (i) early mediator engagement, (ii) mediator facilitation of information exchange, (iii) mediator involvement with insurance issues (particularly important in construction defect cases, especially those with multiple defendants), (iii) pre-mediation ex parte meetings, and (iv) mediator participation in risk analysis. These strategies are not typical in the more traditional/historic approach to mediation in which mediation is scheduled based on a scheduling order, mediation statements are sent to the mediator roughly a week before the scheduled mediation (and sometimes not even shared with anyone other than the mediator), and the parties speak with the mediator for the first time on the day of the mediation.
Read the court decisionRead the full story...Reprinted courtesy of
Douglas J. Mackin, Cozen O’ConnorMr. Mackin may be contacted at
dmackin@cozen.com
OSHA Updates: You May Be Affected
July 19, 2017 —
Louis “Dutch” Schotemeyer – Newmeyer & Dillion LLPGovernor Brown Signs Legislation Increasing Cal/OSHA Fines
Cal/OSHA has increased its maximum fines for the first time in more than twenty years pursuant to legislation recently signed into law by Governor Brown. The changes nearly double the maximum fines and have brought California in line with the Federal standard. The increase in fines will not be isolated to this year, as fines will now be automatically increased annually based on the percentage increase in the Consumer Price Index for All Urban Consumers (CPI-U). Additionally, any employer who repeatedly violates any occupational safety or health standard, order, or special order, or Section 25910 of the Health and Safety Code, can no longer receive any adjustment of a penalty assessed based on the good faith or the history of previous violations. Such adjustments were previously commonplace.
Specific increases are listed below (all increases refer to maximum fines, Cal/OSHA has discretion as to the amount of the fine when issuing the citation):
- Section 6427 of the Labor Code was amended to increase fines, not of a serious nature, from $7,000 for each violation to $12,471 for each violation.
- Section 6429 of the Labor Code has increased fines for repeat violations; raising the maximum fine from $70,000 to $124,709 for each violation. Additionally, Section 6429 also raised the minimum fine for repeat violations from $5,000 to $8,908.
- Section 6431 raised fines for posting or recordkeeping violations from $7,000 to $12,471 per violation.
Full text of the penalty section of the labor code may be found
here
California OSHA Emergency Action Plan elements revised; California now more consistent with Federal Standards
Revisions to General Safety Orders section 3220(b) became effective on June 5, 2017 and contain two minor changes for California employers with regards to Emergency Action Plans (EAP).
The first change requires that an employer’s EAP be more detailed in describing the type of evacuation that is to be performed, not just the route for an evacuation. The previous element of the EAP simply required that the plan contain, “[e]mergency escape procedures and emergency escape route assignments.” The current element of the EAP requires that, “[p]rocedures for emergency evacuation, including type of evacuation and exit route assignments,” be identified.
The second change clarifies the language surrounding employees performing rescue or medical duties. Previously the only requirement in the EAP regarding rescue and medical duties was for employees that performed rescue and medical duties. The current version requires that the EAP contain, “[p]rocedures to be followed by employees performing rescue or medical duties. The use of the word and created potential gaps in plans as it is likely that employees may not be performing both rescue and medical duties, instead performing just rescue or medical duties. Plans must now include procedures to be followed by employees who perform either rescue or medical duties.
It is recommended that your EAP be in writing and updated to comply with the revised General Safety Orders section 3220. The full text of General Safety Orders section 3320 can be seen
here. Please contact us if you would like further details regarding your Emergency Action Plan.
Deadline for Electronic Submission of OSHA 300 Log Records for Injuries and Illnesses Delayed
On May 12, 2016, the Federal Occupational Safety and Health Administration (OSHA) published a rule entitled “Improve Tracking of Workplace Injuries and Illnesses” which required certain employers subject to Federal OSHA regulations to submit the information from their completed 2016 Form 300A to OSHA via electronic submission no later than July 1, 2017. On June 28, 2017, OSHA, via a
Notice of Proposed Rule Making, has proposed a December 1, 2017 deadline for the electronic reporting; the electronic reporting system is scheduled to be available on August 1, 2017.
Per the California Department of Industrial Relations, California employers are not required to follow the new requirements and will not be required to do so until "substantially similar" regulations go through formal rulemaking, which would culminate in adoption by the Director of the Department of Industrial Relations and approval by the Office of Administrative Law.
Cal/OSHA drafted a proposed rulemaking package to conform to the revised federal OSHA regulations by amending the California Code of Regulations, title 8, sections 14300.35, 14300.36, and 14300.41; these are currently under review with the State.
It is currently unclear what, if any, impact the delay by OSHA will have on the proposed amendments to the California Code.
We will keep you posted as to the changes in California recordkeeping requirements. Please contact Louis “Dutch” Schotemeyer with any questions regarding Cal OSHA or your safety program. Dutch is located at Newmeyer & Dillion’s Newport Beach office and can be reached at dutch.schotemeyer@ndlf.com or by calling 949.271.7208.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
One World Trade Center Due to Be America’s Tallest and World’s Priciest
February 10, 2012 —
CDJ STAFFAs One World Trade Center rises, so does the price tag. After construction delays and cost overruns, the cost of the building at the site of the September 11 attacks has risen to $3.8 billion. Part of the expense of the skyscraper is the heavily reinforced base of the building. The elevator shafts are also heavily reinforced, all part of guarding against future terrorist attacks.
� In comparison, the world’s tallest tower, the Burj Khalifa in Dubai, cost only $1.5 billion, less than half the cost of One World Trade Center. As a result, the Port Authority does not see the building as being profitable in near future. In order to fund it, the agency is raising tolls on bridge and tunnel traffic.
� Currently, about the half the unfinished building is leased. Construction is expected to conclude in 2013.
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
What Will the 2024 Construction Economy Look Like?
January 02, 2024 —
Grace Calengor - Construction ExecutiveCE just wrapped its "2024 Economic Update and Forecast" webinar, which revealed some interesting insights for 2023 and projections for next year. Anirban Basu, chief economist for ABC and CEO of Sage Policy Group, began his presentation by stating auspiciously: “The economy has been much stronger along more dimensions than I expected.”
Polling: good news for the supply chain
Not only did Basu's own research reveal strong construction growth in a majority of sectors, a decent number of construction job openings and wage increases, as well as supply-chain improvement and a stagnating federal rate—but webinar attendees who answered Basu's polling questions felt similarly.
Reprinted courtesy of
Grace Calengor, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Read the court decisionRead the full story...Reprinted courtesy of
San Francisco Law Firm Pillsbury Winthrop Shaw Pittman Hired New Partner
May 21, 2014 —
Beverley BevenFlorez-CDJ STAFFThe San Francisco law firm Pillsbury Winthrop Shaw Pittman has hired Clark Thiel as a new partner. Thiel has “significant experience in construction disputes” and “bolsters Pillsbury’s capabilities in litigation, mediation and domestic and international arbitration,” according to The Lawyer. Furthermore, Thiel is a licensed contractor and registered architect. Formerly, he was a partner at the firm Jones Day.
Read the court decisionRead the full story...Reprinted courtesy of
Toolbox Talk Series Recap - Undocumented Change Work
October 15, 2024 —
Douglas J. Mackin - The Dispute ResolverIn the August 29, 2024 edition of Division 1's Toolbox Talk Series,
Don Rea presented on the causes of undocumented change order work and what actions parties to a construction project can take to protect themselves, which compliments and reinforces some of the key points from the
May 30, 2024 Toolbox Talk on maximizing profits while experiencing changes during project performance.
Article 7 of AIA A201 General Conditions covers (i) change orders, (ii) constructive change directives, and (iii) “minor changes.” Work that falls outside the scope of the construction contract will often fit into one of these three categories. Rea’s presentation focused on the fact that, regardless of which category applies, proper documentation of the change work is vital.
Read the court decisionRead the full story...Reprinted courtesy of
Douglas J. Mackin, Cozen O’ConnorMr. Mackin may be contacted at
dmackin@cozen.com
