Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Congratulations Bryan Stofferahn, August Hotchkin, and Eileen Gaisford on Their Promotion to Partner!
April 19, 2021 —
Bremer Whyte Brown & O’MearaBryan Stofferahn has been with BWB&O’s Oakland office since 2016 and has been practicing law since 2002. Mr. Stofferahn focuses his practice on insurance defense matters and was lead counsel on the Millennium Tower construction defect case in San Francisco, which was the largest construction defect action in the country.
Outside of work, Bryan is passionate about traveling the world with his wife Claire and has finished in last place in two separate chili cook-offs (pre-COVID, of course).
August Hotchkin has been with BWB&O since 2013 and helped open the Reno office located in Northern Nevada in 2016. He is duly licensed in both Nevada and California, handling various legal matters, especially complex litigation, throughout Northern Nevada and Northern California.
Mr. Hotchkin has taken several cases to trial, including a successful defense verdict on a wrongful death matter. He has also argued countless dispositive motions as well as having cases heard at the Appellate level.
During his free time, Mr. Hotchkin enjoys golfing, snowboarding, and spending time with his family and friends, especially up at Lake Tahoe.
Eileen Gaisford has been with BWB&O’s Woodland Hill’s office for almost a decade and is licensed to practice law in California.
Read the court decisionRead the full story...Reprinted courtesy of
Bremer Whyte Brown & O'Meara LLP
Federal Court Predicts Coverage In Utah for Damage Caused By Faulty Workmanship
April 03, 2013 —
Tred EyerlyThe federal district court predicted that the Utah Supreme Court would find that damage to property other than the insured's work product is unexpected and arises from an occurrence. Cincinnati Ins. Co. v. AMSCO Windows, 2013 U.S. Dist. LEXIS 15999 (D. Utah Feb. 5, 2013).
The insured, AMSCO Windows, installed windows in new homes constructed in Nevada. A number of homeowners asserted claims against the contractors who built their homes, alleging numerous construction defects, including the windows, and that the defects caused property damage to their homes. The contractors, in turn, asserted claims against AMSCO.
The insurer, Cincinnati Insurance Company, filed for a declaratory judgment that it had no duty to defend or indemnify AMSCO.
Read the court decisionRead the full story...Reprinted courtesy of
Tred EyerlyTred Eyerly can be contacted at
te@hawaiilawyer.com
Will a Notice of Non-Responsibility Prevent Enforcement of a California Mechanics Lien?
August 06, 2019 —
William L. Porter - Porter Law GroupThe “Notice of Non-Responsibility” is one of the most misunderstood and ineffectively used of all the legal tools available to property owners in California construction law. As a result, in most cases the answer to the above question is “No”, the posting and recording of a Notice of Non-Responsibility will not prevent enforcement of a California Mechanics Lien.
The mechanics lien is a tool used by a claimant who has not been paid for performing work or supplying materials to a construction project. It provides the claimant the right to encumber the property where the work was performed and thereafter sell the property in order to obtain payment for the work or materials, even though the claimant had no contract directly with the property owner. When properly used, a Notice of Non-Responsibility will render a mechanics lien unenforceable against the property where the construction work was performed. By derailing the mechanics lien the owner protects his property from a mechanics lien foreclosure sale. Unfortunately, owners often misunderstand when they can and cannot effectively use a Notice of Non-Responsibility. As a result, the Notice of Non-Responsibility is usually ineffective in protecting the owner and his property.
The rules for the use of the Notice of Non-Responsibility are found in California Civil Code section 8444. Deceptively simple, the rules essentially state that an owner “that did not contract for the work of improvement”, within 10 days after the owner first “has knowledge of the work of improvement”, may fill out the necessary legal form for a Notice of Non-Responsibility and post that form at the worksite and record it with the local County Recorder in order to prevent enforcement of a later mechanics lien on the property.
Read the court decisionRead the full story...Reprinted courtesy of
William L. Porter, Porter Law GroupMr. Porter may be contacted at
bporter@porterlaw.com
Federal Energy Regulator Approves Rule to Speed Clean Energy Grid Links
August 28, 2023 —
Mary B. Powers & Debra K. Rubin - Engineering News-RecordThe Federal Energy Regulatory Commission unanimously passed a sweeping rule at its July 27 open meeting meant to eliminate U.S. transmission system bottlenecks for new power generation and storage. But stakeholders worry that more needs to be done to add needed and viable clean energy projects to the grid.
Reprinted courtesy of
Mary B. Powers, Engineering News-Record and
Debra K. Rubin, Engineering News-Record
ENR may be contacted at enr@enr.com
Ms. Rubin may be contacted at rubind@enr.com
Read the full story...
Read the court decisionRead the full story...Reprinted courtesy of
Bad Faith in the First Party Insurance Context
December 15, 2016 —
David Adelstein – Florida Construction Legal UpdatesIn a previous article I discussed bad faith when it comes to an insurance claim. Recently, in Barton v. Capitol Preferred Insurance Co., Inc., 41 Fla. L. Weekly D2736b (Fla. 5th DCA 2016), the court discussed bad faith in the first-party insurance context (i.e., a property / homeowners insurance policy).
In this case, homeowners, as the insured, sued their homeowners insurance carrier for sinkhole coverage. The homeowner filed a Civil Remedy Notice of Insurer Violation (also known as a Civil Remedy Notice) against their insurer with the Florida Department of Insurance in accordance with Florida Statute s. 624.155. This Civil Remedy Notice is a prerequisite to initiating such a bad faith claim; the notice specifies the statutory violations committed by the insurer and gives the insurer 60 days to cure the violation.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Florida Construction Legal UpdatesMr. Adelstein may be contacted at
dma@katzbarron.com
Construction Defect Specialist Joins Kansas City Firm
January 13, 2014 —
CDJ STAFFDavid Schatz, whose practice specializes in construction disputes and defects, has joined the Kansas City, Missouri firm Spencer Fane Britt & Brown LLP in their litigation practice group. Mr. Schatz’s expertise also includes banking and finance, banking litigation, commercial disputes, insurance, surety, employment, contract claims, and personal injury.
Pat Whalen, Chairman of Spencer Fane Britt & Brown, said that Schatz “brings great experience across a range of industries, but many of us in Kansas City are particularly pleased by his construction and general litigation credentials, which will fit will with the resources we’re building in those areas.”
Read the court decisionRead the full story...Reprinted courtesy of
Toddler Crashes through Window, Falls to his Death
January 24, 2014 —
Beverley BevenFlorez-CDJ STAFFTwo-year old Alijah Glenn fell 17 stories to his death after crashing through “a floor-to-ceiling window” at the Crystal Tower apartments in East Cleveland, Ohio, on January 13th, according to The Plain Dealer. Solandra Wallace, East Cleveland’s building and housing manager, told The Plain Dealer that “the city inspects the building whenever a complaint is filed and does not have regular inspections.” The apartment complex “was built in 1966 and would have to adhere to that era's building code standards,” according to the article.
The Plain Dealer reports that three complaints have been filed at the Crystal Tower since 2010. A resident complained in 2012 that “her apartment was falling apart, causing water damage and emitting a foul odor,” however, by the time an inspector arrived the ceiling was being fixed. In 2011, an “unspecified roof leak” turned out to be “condensation from a hot pipe.” An elevator was reported inoperable in 2010, however the claim was deemed “invalid” since the elevator worked when inspectors arrived.
The Cuyahoga County Medical Examiner ruled Glenn’s death accidental.
Read the court decisionRead the full story...Reprinted courtesy of
