Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Red Tape Is Holding Up a Greener Future
March 13, 2023 —
The Editors - BloombergSeven months on, Democrats are still celebrating the Inflation Reduction Act, even though a crucial determinant of its success — permitting reform for energy projects — remains undone. Recent data shows just how imperative it is for them to stop dragging their feet.
What’s now called the IRA had little to do with inflation. It was a climate bill, and a big one: It provided $370 billion to improve energy efficiency, reduce emissions and smooth the path to a clean-power economy. It came on top of a 70% surge in private investment since 2017.
But the biggest impediment to the US energy transition isn’t financing: It’s building.
A decade ago, between 25% and 30% of proposed wind and solar projects moved from the drawing boards to completion. But as new projects and new funding have soared, utilities have been unable to keep up, leading to an immense backlog. A recent report by BloombergNEF found that over just six years, global clean-energy investment has gone from half the level of fossil-fuel investment to near parity, an extraordinary leap that reflects the market’s appetite for clean power. Yet America’s dysfunctional regulation is preventing many needed projects from even breaking ground.
Read the court decisionRead the full story...Reprinted courtesy of
The Editors, Bloomberg
Leveraging the 50-State Initiative, Connecticut and Maine Team Secure Full Dismissal of Coverage Claim for Catastrophic Property Loss
March 23, 2020 —
Regen O'Malley - Gordon & Rees Insurance Coverage Law BlogOn behalf of Gordon & Rees’ surplus lines insurer client, Hartford insurance coverage attorneys Dennis Brown, Joseph Blyskal, and Regen O’Malley, with the assistance of associates Kelcie Reid, Alexandria McFarlane, and Justyn Stokely, and Maine counsel Lauren Thomas, secured a full dismissal of a $15 million commercial property loss claim before the Maine Business and Consumer Court on January 23, 2020. The insured, a wood pellet manufacturer, sustained catastrophic fire loss to its plant in 2018 – just one day after its surplus lines policy expired.
Following the insurer’s declination of coverage for the loss, the wood pellet manufacturer brought suit against both its agent, claiming it had failed to timely secure property coverage, as well as the insurer, alleging that it had had failed to comply with Maine’s statutory notice requirements. The surplus lines insurer agreed to extend the prior policy several times by endorsement, but declined to do so again. Notably, the insured alleged that the agent received written notice of the non-renewal prior to the policy’s expiration 13 days before the policy’s expiration. However, the insured (as well as the agent by way of a cross-claim) asserted that the policy remained effective at the time of the loss as the insured did not receive direct notice of the decision not to renew coverage and notice to the agent was not timely. Although Maine’s Attorney General and Superintendent intervened in support of the insured’s and agent’s argument that the statute’s notice provision applied such that coverage would still be owed under the expired policy, Gordon & Rees convinced the Court otherwise.
At issue, specifically, was whether the alleged violation of the 14-day notice provision in Section 2009-A of the Surplus Lines Law (24-A M.R.S. § 2009-A), which governs the “cancellation and nonrenewal” of surplus lines policies, required coverage notwithstanding the expiration of the policy. The insured, the agent, and the State of Maine intervenors argued that “cancellation or nonrenewal” was sufficient to trigger the statute’s notice requirement, and thus Section 2009-A required the insurer to notify the insured directly of nonrenewal. In its motion to dismiss, Gordon & Rees argued on behalf of its client that Section 2009-A requires both “cancellation and nonrenewal” in order for the statute to apply. Since there was no cancellation in this case – only nonrenewal – Gordon & Rees argued that Section 2009-A is inapt and that the insurer is not obligated to provide the manufacturer with notice of nonrenewal. Alternatively, it argued that the statute is unconstitutionally vague and unenforceable.
Read the court decisionRead the full story...Reprinted courtesy of
Regen O'Malley, Gordon & ReesMs. O'Malley may be contacted at
romalley@grsm.com
MTA Implements Revised Contractors Debarment Regulations
July 06, 2020 —
Steven M. Charney, Gregory H. Chertoff & Paul Monte - Peckar & Abramson, P.C.On June 3, 2020, the Metropolitan Transit Authority (“MTA”) published and implemented revised regulations pertaining to the debarment of contractors. The revised regulations address many of the deep concerns raised by the contracting community.
Under relevant administrative procedure, the MTA publication of the revised regulations starts a 45 day notice period before the regulations can be adopted as final.
The prior regulations essentially required that debarment occur upon a purely formulaic calculation establishing that a contractor: 1) was more than 10% late, or 2) had submitted invalid claims that exceeded the adjusted contract price by a measure of 10%.
The revised regulations represent improvements over the prior regulations.
Critically, the revised regulations address the primary concern raised by the contracting community, that being the mandate of purely formulaic debarment. Instead, the revised regulations establish a process that includes greater flexibility and discretion before debarment may ensue.
Reprinted courtesy of Peckar & Abramson, P.C. attorneys
Steven M. Charney,
Gregory H. Chertoff and
Paul Monte
Mr. Charney may be contacted at scharney@pecklaw.com
Mr. Chertoff may be contacted at gchertoff@pecklaw.com
Mr. Monte may be contacted at pmonte@pecklaw.com
Read the court decisionRead the full story...Reprinted courtesy of
How Pennsylvania’s Supreme Court Decision Affects Coverage of Faulty Workmanship Claims
March 31, 2014 —
Beverley BevenFlorez-CDJ STAFFDarin J. McMullen of the firm Anderson Kill explained how a recent opinion by the Pennsylvania Supreme Court allows “Pennsylvania policyholders” to “more confidently challenge insurance companies’ denials of faulty workmanship claims.”
The decision in Indalex Inc. v. National Union Fire Ins. Co. of Pittsburgh, PA, 2013 Pa. Super 311 (Dec. 3, 2013) “reverses a nearly decade-long trend of Pennsylvania decisions narrowing the scope of insurance coverage for construction and defect-related claims under commercial general liability insurance policies,” according to McMullen. “Equally important, the Indalex ruling dealt a blow to the insurance industry’s continual efforts to win overbroad expansion of the rulings in Kvaerner Metals Div. of Kvaerner U.S., Inc. v. Commercial Union Ins. Co., Millers Capital Ins. Co. v. Gambone Bros. Dev. Co., and Erie Ins. Exchange v. Abbott Furnace Co., which found that claims of faulty workmanship in some circumstances may not constitute coverage-triggering ‘occurrences.’”
Read the court decisionRead the full story...Reprinted courtesy of
Texas Supreme Court Rules on Contractual Liability Exclusion in Construction Cases
January 22, 2014 —
Beverley BevenFlorez-CDJ STAFFThe Texas Supreme Court ruled on Ewing v. Amerisure Ins. Co. on January 17th, a “much-anticipated” decision according to Carl A. Salisbury of Kilpatrick Townsend & Stockton LLP. “Construction projects are always the subject of contracts among owners and contractors” Salisbury stated in his article on Lexology.com. The recent decision demonstrates that “an exclusion in the standard Comprehensive Liability Insurance policy that precludes coverage for ‘liabilities assumed under contract’” does not usually “apply to construction contracts.”
In 2008, Ewing Construction Company built a set of tennis courts in Corpus Christi, according to Salisbury. “Shortly after construction was complete, according to the school district, ‘the courts started flaking, crumbling, and cracking, rendering them unusable for their intended purpose of hosting competitive tennis events.’” After the school district sued Ewing in state court, Ewing “turned the suit over to Amerisure, its CGL insurer, seeking a defense and indemnity. Amerisure denied all coverage, citing the contractual liability exclusion in its policy. This inspired Ewing to sue the carrier in federal district court for the Southern District of Texas.”
After several rulings and appeals, the case eventually reached the Texas Supreme Court: “According to the Ewing court, the contract claims that Ewing failed to perform in a good and workmanlike manner ‘are substantively the same as its claims that Ewing negligently performed under the contract because they contain the same factual allegations and alleged misconduct.’ Failure to perform in a ‘good and workmanlike manner’ is functionally and substantively the same as performing negligently. ‘Accordingly,’ the Ewing court said, ‘we conclude that a general contractor who agrees to perform its construction work in a good and workmanlike manner, without more, does not enlarge its duty to exercise ordinary care in fulfilling its contract, thus it does not ‘assume liability’ for damages arising out of its defective work so as to trigger the Contractual Liability Exclusion.’”
Read the court decisionRead the full story...Reprinted courtesy of
Creative Avenue for Judgment Creditor to Collect a Judgment
October 27, 2016 —
David Adelstein – Florida Construction Legal UpdatesI have a judgment against another entity. Now what? I want to briefly talk about this “now what?” in the context of the recent decision in MYD Marine Distributor, Inc. v. International Paint, Ltd., 41 Fla. L. Weekly D2364a (Fla. 4th DCA 2016). Although this case is not a construction case, it poses an interesting issue for any entity that has a judgment entered against it (known as the judgment debtor) while it is contemporaneously the plaintiff and pursuing monetary damages in an unrelated case or cases. This case also presents an avenue for any judgment creditor to pursue in the event other post-judgment collection efforts are unsuccessful.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Katz, Barron, Squitero, Faust, Friedberg, English & Allen, P.A.Mr. Adelstein may be contacted at
dma@katzbarron.com
Judge Nixes SC's $100M Claim Over MOX Construction Delays
February 16, 2017 —
Engineering News-RecordA federal judge on Feb. 8 dismissed a claim by the state of South Carolina against the U.S. Dept. of Energy over delayed construction of the Mixed-Oxide Fuel Fabrication Facility, near Aiken, S.C. The claim for financial compensation was part of a lawsuit the state filed in February 2016 seeking payment of $1 million per day—or an annual maximum of $100 million—for the MOX facility not producing fuel by Jan. 1, 2016.
Read the court decisionRead the full story...Reprinted courtesy of
Engineering News-RecordENR may be contacted at
ENR.com@bnpmedia.com
