Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Nerves of Steel Needed as Firms Face Volatile Prices, Broken Contracts and Price-Gouging
December 06, 2021 —
Richard Korman, Jonathan Barnes, & Greg Aragon - Engineering News-RecordWhen Elmhurst Group, a Pittsburgh-area developer, started collecting bids for a new mixed-use building last November, the price of the steel frame, roof and cladding panels for the $14-million project came in $382,000 higher than expected—a big enough disappointment to give Elmhurst pause. Overall material costs for the project were running more than $650,000 above what was originally calculated.
Reprinted courtesy of
Richard Korman, Engineering News-Record,
Jonathan Barnes, Engineering News-Record and
Greg Aragon, Engineering News-Record
Mr. Korman may be contacted at kormanr@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Robinson+Cole’s Amicus Brief Adopted and Cited by Massachusetts’s High Court
July 31, 2024 —
Erica Whaley - Construction Law ZoneEarlier this year, the
Associated Subcontractors of Massachusetts hired Robinson+Cole attorney
Joseph Barra to submit an amicus brief to the Massachusetts Supreme Judicial Court for consideration in the appeal pending before it in
Business Interiors Floor Covering Business Trust v. Graycor Construction Co., Inc. In its June 17, 2024 decision in that case, the Court interpreted the Massachusetts Prompt Pay Act, which applies to private construction projects and “requires that parties to a construction contract approve or reject payment within” an allotted time period and in compliance with certain procedures else such payments will be deemed approved. Two years ago, the Massachusetts Appeals Court, in
Tocci Building Corp. v. IRIV Partners, LLC, decided that an owner who fails to timely advise its general contractor of the reasons as to why it was withholding payment, coupled with failure to certify that such funds are being withheld in good faith, violates the Prompt Pay Act and makes the owner liable for funds owed.
[1] However, the Tocci Building Court left open the question of whether one who violates the Prompt Pay Act forfeits its substantive defenses to non-payment, such as fraud, defective work, or breach of material obligation of the contract.
The facts of Business Interiors involve a general contractor, Graycor, which subcontracted Business Interiors to perform certain flooring work for a movie theatre in Boston’s North End. When Graycor failed to formally approve, reject, or certify, in good faith, its withholding of payment of three of Business Interiors’ applications for payment as prescribed by the Prompt Pay Act, Business Interiors brought suit alleging, among other things, breach of contract. Business Interiors then moved for summary judgement arguing that Graycor’s failure to comply with the Act rendered it liable for the unpaid invoices.
Read the court decisionRead the full story...Reprinted courtesy of
Robinson + Cole
Business Risk Exclusions Do Not Preclude Coverage
November 13, 2013 —
Tred Eyerly — Insurance Law HawaiiThe court rejected the insurer's arguments that the business risk exclusions barred coverage for a contractor. Gen. Cas. Co. of Wisconsin v. Five Star Bldg. Corp., 2013 U.S. Dist. LEXIS 134122 (D. Mass. Sept. 19, 2013).
Five Star was hired by the University of Massachusetts to upgrade the ventilation (HVAC) system on a portion of a building. The large majority of the work involved work in the interior of the building, but a small portion required installation of duct work and supports on top of the roof of the complex. Five Star also penetrated the roof at numerous locations to install supports for duct work and other rooftop structures for the ventilation system. Other subcontractors then secured supports to the concrete roof deck and installed permanent patches where Five Star had penetrated the roofing system.
On same days, Five Star could not accomplish the process in a single day after penetrating the roof. It would install temporary patches until the next day. This was the only work on the roof performed by Five Star.
Read the court decisionRead the full story...Reprinted courtesy of
Tred EyerlyTred Eyerly can be contacted at
te@hawaiilawyer.com
NYC Shuts 9 Pre-Kindergartens for Health, Safety Issues
September 03, 2014 —
Henry Goldman – BloombergNew York City won’t permit nine of 1,700 planned pre-kindergarten centers to open because of health and safety shortcomings and will delay use of 36 others for incomplete construction, officials in Mayor Bill de Blasio’s administration said.
The announcement in an e-mail from the mayor’s press office came two days before the city was to embark on de Blasio’s signature policy initiative to offer free universal pre-school to the city’s 4-year-olds starting with more than 50,000 this year and expanding to more than 70,000 next year.
The nine shuttered schools each raised health and safety concerns after they were examined by building inspectors, fire officials and the Health Department, said Wiley Norvell, a spokesman for the mayor. Of the 236 students enrolled for those locations, officials had found alternatives for 83. The city is working with parents to find other schools for the rest, Norvell said.
Read the court decisionRead the full story...Reprinted courtesy of
Henry Goldman, BloombergMr. Goldman may be contacted at
hgoldman@bloomberg.net
Updated 3/13/20: Coronavirus is Here: What Does That Mean for Your Project and Your Business?
March 16, 2020 —
Alexander Gorelik, Joshua E. Holt, Brian N. Krulick, Shoshana E. Rothman, A. Michelle West, & Brian S. Wood - Smith CurrieThe outbreak of COVID-19 (“coronavirus”) has wreaked a considerable human toll of death, physical suffering, fear, and anxiety internationally. Much of the fear and anxiety results from a lack of information or a full understanding about the spread of the disease, protection against infection, and treatment. At Smith, Currie & Hancock, we urge our clients, friends, and colleagues to take seriously, but calmly and prudently, the threat of this disease to protect yourselves, your loved ones, and your businesses. The first step in that process is to inform yourselves with reliable information. Toward that end, we direct your attention to the Centers for Disease Control and Prevention’s Coronavirus Disease 2019 website: https://www.cdc.gov/coronavirus/2019-ncov/index.html
In addition to the human toll, coronavirus has caused substantial disruptions to economies worldwide. In that regard, the adage “a picture is worth a thousand words,” is particularly foreboding. Satellite images taken by the U.S. National Aeronautics and Space Administration (NASA) of China at the outset of the coronavirus outbreak and approximately a month later show a dramatic decline in air pollution, signifying and illustrating a sharp decline in industrial activity and transportation caused by the disease.
Reprinted courtesy of Smith Currie attorneys
Alexander Gorelik,
Joshua E. Holt,
Brian N. Krulick,
Shoshana E. Rothman,
A. Michelle West, and
Brian S. Wood
Mr. Gorelik may be contacted at agorelik@smithcurrie.com
Mr. Holt may be contacted at jeholt@smithcurrie.com
Mr. Brian may be contacted at bnkrulick@smithcurrie.com
Ms. Shoshana may be contacted at serothman@smithcurrie.com
Ms. West may be contacted at amwest@smithcurrie.com
Mr. Wood may be contacted at bswood@smithcurrie.com
Read the court decisionRead the full story...Reprinted courtesy of
WSHB Ranked 4th Most Diverse Law Firm in U.S.
July 14, 2016 —
Beverley BevenFlorez-CDJ STAFFAmerican Lawyer, in its annual Diversity Scoreboard Survey, ranked Wood Smith Henning & Berman LLP (WSHB) one of the four top law firms in the nation. Scores are based upon the firms’ combined percentage of minority lawyers as well as minority partners in U.S. offices.
“Historically, law has not been among the most diverse of professions,” Partner Domingo Tan, Chair of WSHB’s Recruiting Committee, stated according to the firm’s media release. “This trend has recently begun to change and I am proud that our firm is one of the national leaders in recognizing and celebrating diversity as a core value.”
WSHB Partner Jade Tran explained how the firm’s diversity benefits its clients: “At WSHB, we are a litigation powerhouse built upon the experiences drawn from our diverse attorney backgrounds. It’s this diversity that also makes our attorneys relatable to our clients who themselves stem from diverse backgrounds.”
Read the court decisionRead the full story...Reprinted courtesy of
Water Leak Covered for First Thirteen Days
April 11, 2018 —
Tred R. Eyerly - Insurance Law HawaiiThe Florida Court of Appeals recently held the policy's exclusion for repeated water seepage over a period of fourteen days or more does not exclude loss caused by the seepage for the first thirteen days.
Hicks v. Am. Integrity Ins. Co. of Florida, 2018 Fla. App. LEXIS 2616 (Fla. Ct. App. Feb. 23, 2018). Read the court decision
Read the full story...
Reprinted courtesy of Tred R. Eyerly, Insurance Law Hawaii
Mr. Eyerly may be contacted at te@hawaiilawyer.com
