Major cyber-attacks on Target, Anthem, and Sony, received international attention and instigated serious conversations about cyber-security that transcended industries. While those major attacks were well known, few people heard about the 2013 cyber-attach on the Australian Secret Intelligence Organization (“ASIO”). When a new ASIO headquarters was being built in Canberra, Chinese hackers gained access to the digital files of a “prime contractor.” The hackers stole floor plans and other information related to data and communications systems. This attack goes to show that design professionals are not excluded from those who need to actively protect themselves from cyber-attacks.
In addition to floor plans, the ASIO hackers also obtained communications-cable layouts, server locations, and security-system designs. Part of the blame for the leaks was attributed to security practices on the jobsite, which were limited to the contractor’s employing only government-supplied “sanitized” computers on the jobsite, using only hard-copy prints and plans, which were not allowed to leave the site, and checking all mobile phones at the gate. Security experts worried that the leak would compromise the building’s physical and network security.
Similarly, in 2013 Forbes magazine published design plans for the United States National Security Agency’s (“NSA”) Utah data center while it was still under construction. The undisclosed source for those diagrams is unknown. While there was no evidence of an “attack,” this particular incident further illustrates a lack of protection of design plans.
Cyber-attacks and leaks such as these can cause extensive economic damage to construction firms. The Department of Homeland Security is working on addressing cyber security issues through its Computer Emergency Readiness Team (“US-CERT”), and is expected to revise compliance and reporting standards to ensure cyber-attack incidents are not swept under the rug for the purpose of protecting reputations.
Currently, federal laws that deal with cyber-security in the U.S. only specifically address healthcare organizations, financial institutions, and federal agencies. There is no accurate record of the number of security breaches and cyberattacks on design and construction firms, and insurance data is proprietary. Design professional’s need to share information about these types of leaks and breaches in order to help other similarly situated professionals in the industry gauge potential exposure to cyber-attacks, and effectively fend off future hacks.
PIB Law represents design professionals, national banks, retailers, reinsurers, insurers, mortgage lenders and financial services companies from its offices in California, New Jersey, New York City, Philadelphia, Boston, San Antonio, and Chicago. Our Design Professionals team recognizes the legal issues confronting design professionals and takes a proactive approach toward mitigating risks. For more information, contact PIB Law at 908-725-9700.
Anthony W. Vaughn, Jr. is a Partner with PIB Law, and focuses his practice on the representation of financial institutions in the mortgage banking industry. He also represents architects and engineers providing litigation and ...