Be Proactive Now: Commercial Construction Quickly Joining List of Industries Vulnerable to Cyber Attacks
June 15, 2017 —
Jeffrey M. Dennis & Nathan Owens – Newmeyer & Dillion LLPCommercial contractors have long faced their own unique business risks - labor and material shortages, delay claims, bonding issues, and defects in workmanship. But, in today's ever-evolving cyber world, it is imperative that contractors understand they are vulnerable to risks beyond finishing a project on time and on budget. As we are seeing more and more each day, cyber threats impact all businesses, including the construction industry, and the failure to protect against these threats will cost your company millions in damages and reputational harm.
UNDERSTANDING CYBER THREATS
Traditionally, cyber threats are thought of as the theft of employee and customer information over the internet. Given the construction industry is the largest employer in the world, the need to protect this information is obvious. The release or loss of personnel or consumer data could lead to extensive liability under a variety of potential claims, including statutory fines. In addition to securing confidential information, companies have to protect against outside agents accessing control of a company’s security protocols, equipment or encrypting files using malicious software. The recent “WannaCry” attack demonstrates that no business is immune from cyber attacks.
EXAMPLES OF RELATED BREACHES
For those that think these scenarios do not happen, here are two examples of these types of breaches:
* In May 2013, Chinese hackers stole floor plans, server information, and security system designs from an Australian prime contractor. Fearing the risks of compromised physical and network security, the contractor incurred additional costs of $132.6 million in project delays and costs to rework the various components that had been stolen.
* Then, in December 2014, a German governmental office reported that a steel mill suffered massive damage when malware prevented a blast furnace from being properly shut down. Hackers gained access to key technology within the company, which eventually allowed them to control the production line.
THE NEW WORLD OF THE IoT
In addition to these types of “traditional” hacking threats, cybersecurity risks continue to evolve and become more complicated every day. Some of these new threats are driven by the development of a phenomenon known as the Internet of things, or IoT. The IoT is most basically defined as the interconnection of devices with on / off switches to the Internet and each other. Since the IoT is estimated to be 20 billion or more devices within 3 years, and can be combined with malicious software, IoT poses one of the most challenging risks for contractors to protect against.
The technology included in today's commercial buildings clearly opens this avenue of risk. A centralized computer control center, typically employed in new buildings, controls and maintains the systems that are vital to the operation of the building, e.g., power, elevators, HVAC, lighting, and security. What happens if a hacker gains control to one of these systems, let alone all of them? What if a hacker simply utilizes an IoT attack to overwhelm a building’s computer systems? In either scenario, at a minimum, significant disruption would occur. Worse, the health and safety of those within the building could be jeopardized. A hacker may utilize ransomware in combination with an IoT attack to take over control of the building and hold it and possibly the occupants “hostage” until a ransom is paid.
The first significant IoT attack happened in October 2016 when a major web hosting company was attacked through the IoT, causing the host site to crash. The attack did not steal information, it simply caused the site to crash. But, that crash caused world-wide disruption across the Internet.
Hackers used malicious software to access a hundred thousand common household devices — web cameras, fitness trackers, DVR’s, smart TVs and even baby monitors — to flood the hosting company’s servers with incredibly high internet traffic. This attack showed that everyday items can be hacked and controlled by cyber criminals and then used against anyone else.
As we have all seen in recent news, the WannaCry cyber attack impacted businesses across the globe. Days after the attacks, hospitals were still left feeling its impact with continued appointment and planned operation cancellations, and delays in service. We should expect to see these types of attacks increasing in frequency.
PAY ATTENTION OR FACE THE CONSEQUENCES
Make no mistake about it, the stakes are incredibly high in the realm of cyber security protection. By 2021, the annual worldwide cost attributable to cyber attacks is estimated to reach the trillions of dollars. If any of these potential attacks occur, a contractor faces significant exposure, in many forms, including:
* Monetary. Cybersecurity events result in direct monetary losses in the form of notification costs, data recovery costs, and, of course, legal and public relations fees. States are also starting to impose strict standards on companies which will result in significant regulatory punishment in the cases of cyber breaches, including the added costs associated with agency investigations, regulatory fines and consumer redress funds.
* Reputation. Perhaps more important than the monetary risk, a contractor may incur substantial reputational harm if such a breach or attack is successful. Recent data has shown that small to medium-sized companies that experience a significant cybersecurity breach go out of business within six months of the breach – due to not only high monetary costs, but severe reputational damage.
* Criminal. The recently passed New York cybersecurity regulations place potential criminal penalties on compliance personnel. Other states are likely to follow New York.
As a business leader and commercial builder, the time to act is now. While the purchase of specific cyber insurance is an important part of protecting against the risks of a cyber attack, many cyber policies contain exclusionary language embedded in the policy making coverage potentially illusory. Additional steps can and need to be taken immediately, including an honest discussion of internal cybersecurity protections, examination of risk management strategy, and the training of employees. Failure to take these important steps could result in a disastrous cybersecurity breach and the loss of millions of dollars.
Jeffrey M. Dennis currently serves as Newmeyer and Dillion’s Managing Partner and, as a business leader, advises his clients on cybersecurity related issues, introducing contractual and insurance opportunities to lessen their risk. You can reach Jeff at jeff.dennis@ndlf.com.
J. Nathan Owens is the Managing Partner for Newmeyer & Dillion’s Las Vegas office. With more than 10 years in the construction industry as a former contractor himself, Nathan understands the complex issues builders and developers face in all aspects of development and construction. You can reach Nathan at nathan.owens@ndlf.com.
About Newmeyer & Dillion
For more than 30 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business, employment, real estate, construction and insurance law, Newmeyer & Dillion delivers legal services tailored to meet each client’s needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949-854-7000 or visit http://www.newmeyeranddillion.com/.
Read the court decisionRead the full story...Reprinted courtesy of
Safer Schools Rendered Unsafe Due to Construction Defects
February 10, 2012 —
CDJ STAFFBuilt on a program for safer school buildings, schools in Neenan County, Colorado have been shown to have mild-to-moderate structural problems, rendering some of them unsafe. The Denver Post reports that a third-party review of schools built by the Neenan Company has shown structural issues in all fifteen school buildings.
� One school, Meeker Elementary, has been closed as it could collapse under high winds or during an earthquake. Sargent Junior-Senior High School is in use, but there are plans to evacuate the buildings if winds exceed 25 mile per hour. Two schools have roofs that are unable to bear expected loads of snow during the winter.
� The Neenan Company says that the school buildings are not up to their standards and is working with the school districts to repair the buildings. Repairs are expected to be complete by August.
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
Illinois Attorney General Warns of Home Repair Scams
November 27, 2013 —
CDJ STAFFAfter storms damaged homes in Illinois, Lisa Madigan, the state’s Attorney General, warned consumers “to be cautious and on alert for scammers trying to take advantage of people in need of assistance.” Ms. Madigan noted that home repair scammers go into areas with storm damage convince homeowners to pay more than they should to repair storm damage.
Read the court decisionRead the full story...Reprinted courtesy of
Mitsui Fudosan Said to Consider Rebuilding Tilted Apartments
October 28, 2015 —
Katsuyo Kuwako – BloombergMitsui Fudosan Co., Japan’s biggest developer, is considering rebuilding an apartment complex in Yokohama after one of the four buildings started to tilt, according to a person familiar with the situation.
Kiyotaka Fujibayashi, president and chief executive officer of Mitsui Fudosan Residential Co., on Thursday explained the plans to residents, according to the person, who asked not to be named because the information is private. Another option the company is studying is buying back the apartments from the residents at a price higher than what they had paid, the person said. The project was sold in 2006.
Mitsui Fudosan is the latest developer to come under scrutiny for defects at residential projects in the Tokyo area. Mitsubishi Estate Co., Japan’s biggest developer by market value, said last year it would rebuild a residential complex in the upscale Aoyama neighborhood after finding faults. Also last year, Sekisui House Ltd. said it would reconstruct a residential complex that was being built by Taisei Corp. after finding some columns were missing reinforcing metals.
Read the court decisionRead the full story...Reprinted courtesy of
Katsuyo Kuwako, Bloomberg
Public Contract Code 9204 – A New Mandatory Claims Process for Contractors and Subcontractors – and a Possible Trap for the Unwary
March 22, 2017 —
Alex R. Baghdassarian & Joseph S. Sestay – Peckar & Abramson, P.C.New California legislation affecting public works contractors was adopted pursuant to Assembly Bill 626, sponsored by the Union Trade Contractors Association of California and endorsed by various trade and contractor associations including the AGC. AB 626, which was intended to assist contractors in presenting claims against public agencies, affords new opportunities, and some potential pitfalls, to contractors and subcontractors submitting claims to public owners.
The legislation, codified at California Public Contract Code (PCC) section 9204, is effective for public works contracts entered into after January 1, 2017. All public entities (including the CSUS and the UC system), other than certain Departments of the State (CalTrans, High-Speed Rail Authority, Water Resources, Parks and Recreation, Corrections and Rehabilitation, General Services and the Military) are bound by the provisions of PCC Section 9204. PCC 9204 establishes a mandatory pre-litigation process for all claims by contractors on a public works project. It is an attempt to address the reluctance of public owners to promptly and fairly negotiate change orders on projects, putting some teeth to the mandate of existing law under PCC Section 7104, which precludes public owners from shifting to the contractor the risk of addressing differing subsurface and/or concealed hazardous site conditions.
Reprinted courtesy of
Alex R. Baghdassarian, Peckar & Abramson, P.C. and
Joseph S. Sestay, Peckar & Abramson, P.C.
Mr. Baghdassarian may be contacted at abaghdassarian@pecklaw.com
Mr. Sestay may be contacted at jsestay@pecklaw.com
Read the court decisionRead the full story...Reprinted courtesy of
BIOHM Seeks to Turn Plastic Waste into Insulation Material with Mushrooms
July 27, 2020 —
Aarni Heiskanen - AEC BusinessBIOHM is a research and development led UK start-up that aims to revolutionize the construction industry with its bio-based materials. Among their products are insulation panels made from mycelium, the root formations of fungi. Recently, the company discovered that certain fungal species can consume plastic as a food source. This invention could bring about new construction materials that originate from plastic waste.
“Evolving from eating leaf matter and the odd bit of tree bark, to eating plastic might seem like a huge jump, but for certain fungi, it can actually happen very quickly. The inhabitants of the microbial world are far more genetically flexible than humans, able to evolve and adapt to their environment within a generation, constantly modifying and improving upon their genome to maximize their productivity,” says Samantha G.R. Jenkins, Lead Biotechnology Engineer.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
No Duty to Defend Construction Defect Claims under Kentucky Law
March 25, 2024 —
Tred R. Eyerly - Insurance Law HawaiiThe federal district court determined that the insurer was not obligated to defend construction defect claims under Kentucky law. Westfield Ins. Co. v. Kentuckiana Commercial Concrete, LLC, 2023 U.S. Dist. LEXIS 222674 (W.D. Ky. Dec. 14, 2023).
HRB, the owner of an apartment complex, filed an arbitration demand against the general contractor, Doster Commercial Construction, for allegedly doing faulty concrete work in the construction of the apartments. Doster added its concrete subcontrator Kentuckiana Commercial Concrete - and 16 other subcontractors - to the arbitration. Kentuckiana tendered the claim to its insurer, Westfield. Wesfield defended. Doster claimed it was an additional insured under the Westfield policy and also sought coverage. Westfield refused the defend Doster. Westfield argued there was no "occurrence."
Westfield then sued both Doster and Kentuckiana in federal court, seeking a declaration that it had no duty to defend either. Westfield moved for a judgment on the pleadings.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Nevada Bill Would Bring Changes to Construction Defects
February 21, 2013 —
CDJ STAFFIf Nevada Senate Republicans get there way, changes are afoot for construction defect law in Nevada. Senate Minority Leader Michael Roberson has introduced a bill that, according to the Las Vegas Sun, “redefines what constitutes a construction defect, reduces the time in which lawsuits can be filed, and removed automatic awarding of attorney fees.” Roberson notes that over the last six years, construction defect claims have more than tripled.
Read the court decisionRead the full story...Reprinted courtesy of
