Tuesday, December 27, 2016
Tuesday, December 20, 2016
Hacktastrophe: How cyber-attacks on critical U.S. infrastructure could lead to catastrophic property loss
Property damage from cyber-attacks is not only possible, it has already happened.
In 2000, a hacker infiltrated the computers of a wastewater management system in Queensland, Australia. Over the course of two months, the hacker broke into the system 46 times, instructing it to spill hundreds of thousands of gallons of raw sewage into rivers, parks, and public areas.
In 2008, hackers used a program known as Stuxnet to access and disrupt the operations of an Iranian nuclear facility being used to enrich uranium. The uranium enrichment process required the operators to precisely control the speed of the centrifuges in order to produce viable uranium. Knowing that precise control over the centrifuges was absolutely critical to the enrichment process, the hackers used Stuxnet to manipulate the speed of the centrifuges, making them spin wildly out of control. At the same time, the hackers made it appear to the facility operators that the centrifuges were operating correctly, even though in reality they were tearing themselves apart. By altering the speed of the centrifuges, the hackers destroyed the operators’ ability to effectively enrich uranium.
In 2014, German officials confirmed that hackers with advanced knowledge of both IT security and industrial processes seized control over a German steel mill, compromising components and systems, rendering the mill unable to shut down a blast furnace in a regulated manner, which resulted in “massive”—though unspecified—damage to the mill.
And in 2015, hackers infiltrated the controls of three regional electric power distribution companies in the Ukraine, shutting down a power grid and impacting more than 225,000 customers. Highly sophisticated, well-trained, well-funded hackers hijacked the credentials of workers at the control center and used those credentials to access the systems that controlled the breakers. In a coordinated attack, the hackers reconfigured the systems, blocking out the operators; turned off power to the grid, plunging customers into the dark; and launched a secondary denial-of-service attack against customer call centers, preventing customers from reporting the power outage. Although the power wasn’t out for long—between one and six hours—the control centers weren’t fully operational for months after the attack.
U.S. infrastructure is vulnerable to attack.
The Department of Homeland Security lists 16 critical infrastructure sectors “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Indeed, cyber-attacks on these sectors—which include dams, energy companies, chemical facilities, nuclear facilities, and water and wastewater facilities—could be catastrophic.
It is impossible to eliminate the threat hackers pose when a system is connected to the internet. (Even when a system is “air gapped” (having no direct connection to the internet) safety from hackers, is still not assured.) Protecting these facilities is critically important, since many of them are particularly susceptible to cyber-attacks. Over the past 25 years, hundreds of thousands of old analog control systems in these facilities have been replaced with digital systems connected to the internet. Any device that is computer-controlled and connected to the internet is vulnerable to hacking.
Not only are these systems vulnerable because of their internet connectivity, but many of these systems were built without cyber security in mind. Even where security measures, such as software firewalls, are used, the software can be misconfigured or circumvented by human error, allowing hackers access.
These concerns aren’t overblown. Indeed, hackers have already targeted and accessed such systems in the U.S. Such hacks often require little more than Google searches and default passwords to succeed. Indeed, in 2013, Iranian hackers were able to access systems into the Bowman Avenue Dam in Rye Brook, N.Y. using nothing more than a simple, legal search engine that surfs for and identifies unguarded control systems online. Although hackers have not yet caused catastrophic property damage in the U.S., efforts to accomplish precisely that are clearly ongoing by various actors.
Cyber-attacks may lead to catastrophic property loss.
It’s not hard to imagine the type of catastrophic property loss that could occur if hackers effectively took control over critical infrastructure. In the real world example of the Iranian hackers who broke into the control systems of the dam in New York, the hackers could have caused a flood by manipulating the dam, damaging or destroying homes in the area.
Attacks on industrial, nuclear, or chemical facilities—similar to those on the Iranian nuclear facility and German steel mill noted above—could cause unsafe conditions that lead to a chemical spill or explosion that, in turn, leads to large scale property loss. Similarly, an attack on a railway company could cause a train carrying explosives or hazardous or combustible materials to derail, causing substantial damage to property. Indeed, there are any number of scenarios where hackers could cause catastrophic property loss by seizing control over vulnerable infrastructure.
The takeaway is this: Insurers covering the risk of property loss from cyber-attacks should be aware that the risk of loss is very real given the vulnerabilities in critical U.S. infrastructure and the increasing sophistication of cyber criminals and that the scope of property loss from a well-coordinated attack could be akin to traditional catastrophes.
Wednesday, December 14, 2016
Friday, December 9, 2016
From 1995 to 2014, fires accounted for 1.5% of insured catastrophe losses, totaling about $6.0 Billion. The majority of wildfire-related costs are suffered in the State of California.
Posted by Anaysa Gallardo Stutzman
Tuesday, November 29, 2016
In last week’s post, we discussed the rapid development of the hydraulic fracturing (“fracking”) industry in the United States, and some of the innate risks presented by those operations. In particular, the post focused on a recent study that has found a causal link between wastewater disposal/injection, a by-product of fracking, and earthquakes occurring around high-fracking areas in the United States. Initially, it was speculated that earthquakes were caused by fracking itself, a process whereby millions of gallons of water, sand and chemicals are injected underground to break apart rocks to release gas. However, it has now been proven that most of these earthquakes are caused by the underground injection of disposal water (see original post for more detail).
The popularity of fracking as an extraction method has extended beyond the United States, and has been readily adopted in countries like Canada, Argentina and Australia with huge shale oil and gas potential. In Canada, the provinces of British Columbia, Alberta and Saskatchewan have the highest concentrations of (fracking) wells. A group of scientists from the University of Calgary has recently released a study evaluating whether there is a causal connection between fracking in western Canada, and an increase in seismic activity around the well-sites. The study revealed that unlike the United States, where earthquakes are induced by the subsoil disposal of wastewater, a series of earthquakes in Alberta within the last five years has been attributed to fracking, or hydraulic fracturing, in which water, chemicals and sand are injected at high pressure into a well drilled in a shale formation to break up the rock and release oil and gas.
According to the study, the quakes were induced in two ways: by increases in pressure as the fracking occurred, and, for a time after the process was completed, by pressure changes brought on by the lingering presence of fracking fluid. To the east in the fault zone, the earthquakes occurred during the fracking process itself, which continued for up to a month after the fracking process was completed. To the west, most earthquakes occurred intermittently over several months after the fracking ended. While Alberta and other affected areas do not have the infrastructural density that Oklahoma has, several major pipelines and operations are found within the proximity of Fox Creek, where these earthquakes have been occurring.
Last week we discussed earthquake coverage and how it may respond to losses caused by human-induced earthquakes. Another, often-forgotten, coverage that may become relevant in the next few years as the risk of earthquakes increases in these areas is Civil Authority coverage. Civil authority provisions are usually written as additional coverage provisions, not exclusions, and provide coverage for lost business income due to an action taken by a civil authority. So, how do civil authority clauses and earthquakes interact? Generally, civil authority claims arise out of the loss of business income due to mandatory curfews, evacuations, or restrictions of access (e.g. Hurricane Katrina, 9/11, etc.).
Following the occurrence of a MW 3.9 earthquake on 23 January 2015, the Alberta Energy Regulator, introduced new regulations for the notifications and monitoring of earthquakes around well areas. Included among them, was the implementation of a “traffic light protocol” that requires the immediate shutdown of hydraulic fracturing operations following an earthquake of local magnitude 4.0 or greater within 5km of an affected well. While these shutdowns tend to be temporary, an increase in occurrences or severity may result in a long period of operational shutdown. Failure to comply with these procedures may result in an enforcement action which could include the prolonged shutdown of operations.
Other jurisdictions have implemented similar protocols, and some U S. states, and countries have banned this type of operation altogether.
While it is hard to predict the likelihood of a catastrophic event resulting from a fracking-induced earthquake, several of the areas affected by this peril are pipeline and oil/gas hubs. A large enough earthquake or series of earthquakes could result in a prolonged shutdown of operations by order of the relevant regulatory body, thus causing severe business interruption losses to well and pipeline operators. Traditional civil authority provisions read: we will pay for the actual loss of Business Income you sustain and necessary Extra Expense caused by action of civil authority that prohibits access to the described premises due to direct physical loss of or damage to property, other than at the described premises, caused by or resulting from any Covered Cause of Loss. Most often, these clauses are also subject to the BI waiting period, and only offer coverage for limited periods of time.
For coverage under Civil Authority provisions, an insured is usually required to demonstrate that the physical damage to its property is the result of a peril covered under the policy. And, as discussed in our last post, insureds will first have to demonstrate that earthquake is a covered peril under the policy, and the denial of access or “action” must be the proximate cause of a loss of business income.
As the risk of fracking-induced earthquakes increases, regulatory authorities may take a harder stance against widespread fracking in the future. In the short-term, a significant enough earthquake may result in the interruption of operations of wells and pipelines surrounding the quake-affected areas. While most of the coverage issues will have to be sorted out on a case-by-case basis, insurers should be aware of this new, or at least unconventional, risk that may affect their insureds’ business operations.
Posted by Hernán Cipriotti
Friday, November 18, 2016
Tuesday, November 15, 2016
Friday, November 11, 2016
Insurance issued through AICI is compulsory for all farmers who access seasonal crop production credit from the lending institutions and is voluntary for non-loanee farmers. NAIS has three overall objectives: (1) provide a measure of financial support to farmers in the event of crop failure as a result of an insured peril; (2) to restore the credit eligibility of farmers after a crop failure for the next season; and (3) to support and stimulate the production of cereals, pulses and oilseeds.
Litigation resulting from AICI’s denial of claims resulting from the March 2014 hail storm was later considered by the Madhya Pradesh High Court. The bench of justices SK Gangele and Sheel Nagu ordered the company to process all the farmers’ claims under the scheme and compensate for the losses. This marked the first time that insurance claims for crop loss due to hailstorm were ordered to be paid by AICI.