Below is an excerpt of an article published in Construction Executive on April 15, 2021.

Modular construction is literally on the rise. It is rapidly displacing traditional stick-built construction for new commercial, industrial and residential buildings. Over the past decade, an increasing number of health care, education facilities and apartment buildings have been built using modular construction. As the need for housing, and especially affordable housing, has grown as a result of the COVID-19 pandemic, modular construction is becoming increasingly popular.

Recently, the Canadian government, through the Canadian Mortgage Housing Corporation, launched a “Rapid Housing Initiative,” a $1 billion program utilizing only modular construction to rapidly construct affordable housing for its citizens. Similarly, the city of Toronto (which last year approved a plan to build 250 modular homes in response to homelessness) plans to build 1,000 modular homes by 2030. The pandemic also has resulted in an urgent demand for modules for medical facilities and schools. Modular construction allows contractors to build “leaner” and “greener” buildings while increasing quality control and improving site safety and potentially saving valuable time and money.

The modular process involves unique commercial and legal challenges not present in traditional contracting. In order to successfully navigate these challenges and to properly allocate risk, a well-drafted contract is important. Key legal considerations in drafting such contracts include:  Read the article.

In an effort to keep our readers abreast of cybersecurity issues affecting companies in the construction industry, we’re sharing the below post originally published on our Data Privacy + Cybersecurity Insider blog:

The Federal Bureau of Investigations (FBI) recently issued a joint alert with the Department of Homeland Security/Cybersecurity Infrastructure and Security Agency (CISA) that “Mamba ransomware has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses.”

According to the Alert, the hacking group behind the Mamba ransomware attacks is weaponizing an open source tool used for disc encryption—DiskCryptor—to encrypt entire operating systems of victims. Once the operating system has been encrypted, a ransom note appears and demands payment for the decryption key.

The Alert states, “[T]he ransomware program consists of the open source, off-the-shelf, disk encryption software DiskCryptor wrapped in a program which installs and starts disk encryption in the background using a key of the attacker’s choosing….The ransomware extracts a set of files and installs an encryption service. The ransomware program restarts the system about two minutes after installation of DiskCryptor to complete driver installation.”

The Alert lists the key artifacts, which can be accessed here.

The FBI recommends the following mitigation:

  • Regularly back up data, utilize air gap network security measures, and password protect backup copies offline. Ensure that copies of critical data are not accessible for modification or deletion from the system where the data resides.
  • Implement network segmentation.
  • Require administrator credentials to install software.
  • If DiskCryptor is not used by the organization, add the key artifact files used by DiskCryptor to the organization’s execution blacklist. Any attempts to install or run this encryption program and its associated files should be prevented.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
  • Install updates/patch operating systems, software, and firmware as soon as they are released.
  • Use multifactor authentication where possible.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts. Implement the shortest acceptable timeframe for password changes.
  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
  • Install and regularly update anti-virus and anti-malware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

This post was authored by Linn Freedman is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

Below is an excerpt of an article co-authored with Robinson+Cole Health Law Group lawyer Conor O. Duffy and published in Healthcare Facilities Today on March 31, 2021. 

The need to update and implement new processes for delivering healthcare in response to the COVID-19 pandemic has resulted in the adoption of more automation, remote access and monitoring technologies. It also has brought data analytics into treatment and the patient environment. Healthcare providers have shifted from traditional waiting rooms and in-person visits for routine needs to remote check-ins, check-ups and updates via personal health record applications.

Providers increasingly rely on smart grid technologies, cloud computing, medical devices and health monitors connected via the internet of things (IoT), bio-sensing wearables, touchless technology, telehealth, online scheduling applications, electronic health records, virtual and remote triages, AI-based predictive analytics and machine learning, and most recently, interactive floor-plan images used by regulatory inspectors.

These technologies and care-delivery approaches depend on seamless connected systems and instant access to data that create a recipe for cybervulnerability. Decades of HIPAA and extensive penalties for non-compliance ensure that healthcare organizations are cognizant of obligations to maintain the privacy of their patients’ personally identifiable information. Read the full article.

 

Below is an excerpt of an article published in the Spring 2021 edition of Under Construction, a  newsletter publication of the American Bar Association Forum on Construction Law.

As the construction industry recovers from and adjusts to the effects of the COVID-19 pandemic and prepares for a new normal, post-COVID world, claims for losses of productivity on projects that were in progress when COVID-19 struck will likely increase due to contractors performing work under conditions far different than originally contemplated when they bid the project and signed the contract.  Consequently, as contractors pursue claims seeking compensation for adverse impacts to the productivity on projects shut down or slowed because of the COVID-19 pandemic, and owners defend such claims, documenting causation and accurately assessing loss of productivity will be vital to both parties. While COVID-19 has changed our lives and the construction industry in many ways, it has not changed the fact that claims for loss of productivity remain some of the most contentious, and most difficult to quantify and prove.
Today, contractors must balance common, but often competing, goals of progressing the work to complete projects while at the same time taking unprecedented steps to protect the safety and health of their workers and the public. In addition to impacts due to design errors and omissions, performing work out of sequence or in adverse weather conditions because of delays, or excessive overtime due to acceleration, contractors must recognize that a host of causes—impacts due to social distancing, labor unavailability due to illness, quarantine, owner restrictions and government restrictions, compliance with OSHA and other safety guidelines, medical testing, work stoppages and suspensions, and supply-chain challenges—may result in losses of productivity on projects. To maintain this balancing act, contractors often expend more actual labor hours on the project than planned, resulting in losses of productivity. Successfully identifying, quantifying and proving such losses is critical to a contractor’s financial success, especially in today’s economy.
While the right to recover for losses of productivity is well-settled, there is no universally accepted standard for calculating damages for these claims. Contractors and their experts rely upon various treatises and studies on loss of productivity to present such claims in mediation, litigation and arbitration proceedings. Over the years, courts have decided claims and awarded damages based on different methodologies for quantifying and proving such claims, often leading to inconsistent results. The American Society of Civil Engineers (ASCE), in conjunction with its Construction Institute, seeks to develop consistency and provide guidance through its soon-to-be-published standard “Identifying, Quantifying and Proving Loss of Productivity”.  Read the full article.

Below in an excerpt from a legal update authored by Robinson+Cole Labor and Employment Group lawyers Natale V. DiNatale and Kayla N. West that was issued on March 10, 2021.

On March 9, 2021, the United States House of Representatives passed the Protecting the Right to Organize (PRO) Act. The PRO Act (the Act), if it becomes law, would make vast, union-friendly changes to the National Labor Relations Act (NLRA). The House originally passed the Act in 2019, but it did not make any progress in the Senate. This time, its fate may depend on whether the Senate eliminates the filibuster. Even if the Act doesn’t get through the Senate in its entirety, it may be possible for parts of the Act to pass the Senate and reach President Biden, who has already spoken emphatically about his support for unions and union organizing. Passage of the PRO Act would represent the biggest change in labor law in decades.

Below is a summary list highlighting some of the changes the Act would bring to existing labor law. Read the full update.

Published in the “Legal Beat” column of the Winter 2021 issue of PE, the flagship publication of the National Society of Professional Engineers (NSPE), this article focuses on COVID-19’s impact to the common law as it affects the design professional’s standard of care. Joe and Niel offer a primer on the design professional’s standard of care and share insight on how it’s measured, how COVID-19 might change the standard of care, and how it may impact design professionals’ future engagements. Read the full article.

As was recently reported in Robinson+Cole’s Data Privacy + Cybersecurity Insider, the Federal Aviation Administration (FAA) issued two Final Rules for unmanned aircraft systems (UAS), i.e., drones: (1) requiring Remote Identification (Remote ID Rule), and (2) authorizing small UAS (weighing less than 55 pounds) to fly over people and at night under certain conditions (Operations Over People and at Night Rule). While both new Rules are relevant to the real estate development and construction industry, the Operations Over People and at Night Rule has particular significance, offering many benefits. Continue Reading New FAA Drone Rules Clear the Path for Use in Development and Construction

ICYMI, on Wednesday, January 6, 2021, the United States Department of Justice (DOJ) issued an update about what it termed “a major incident under the Federal Information Security Modernization Act”: the global SolarWinds cyberattack that had compromised its email system. (SolarWinds is a software provider. In December, 2020, SolarWinds revealed that cybercriminals had injected malware into its Orion® Platform software, a platform used for centralized IT monitoring and management. In doing so, the cybercriminals were able to attack subsequent users of the software, i.e., SolarWinds’ clients, including multiple federal agencies and technology contractors.) The DOJ’s update advised that after removing the malware, it determined that 3 percent of the DOJ’s O365 mailboxes were potentially accessed, albeit there was no indication that any classified systems were impacted. This update was covered by Robinson+Cole’s Data Privacy + Cybersecurity Insider.

Cyber-crime continues to permeate all industries, including real estate development and construction. The SolarWinds incident could just as easily have occurred with a construction management company or general contractor using the construction industry’s various project management software programs. Digital attacks can intercept sensitive information, divert funds and hold hostage a company’s computer systems. Robinson+Cole’s Construction Group is available to discuss the value of adding data privacy and cybersecurity protocols to design and construction agreements, and its Data Privacy + Security Team is available to assist businesses in determining their current risks and liability exposure as well as the benefits of having cyber-liability insurance coverage.

In December 2020, the United States Department of Transportation (DOT) amended the small business size limit under the Disadvantaged Business Enterprise (DBE) program (section 1101(b) of the Fixing America’s Surface Transportation (FAST) Act (Pub. L. 114-94, Dec. 4, 2015).  The rule, which goes into effect on January 13, 2021, increases the DBE gross receipts cap (averaged over the firm’s previous three fiscal years) to $26,290,000 for Federal Highway Administration (FHWA) and Federal Transit Administration (FTA) related work. This inflationary-based adjustment is an increase over the prior gross receipts cap of $23,980,000 enacted in 2015. The effect of this rule, which is “not considered a significant economic impact on a substantial number of size entities”, is to allow “some small businesses to continue to participate in the DBE programs by adjusting for inflation.” This adjustment should provide relief for some DBEs that were close to exceeding the limits from 2018-2020. Continue Reading DBE Gross Receipts Cap Adjusted for Inflation

Below is an excerpt of an article published in Healthcare Facilities Today on January 11, 2021.

“The current health crisis has healthcare institutions altering their approach to facility design and construction. Equity investors and contractors are also ready to familiarize themselves with healthcare construction. While opportunities abound, certain legal considerations are of paramount importance for a successful healthcare construction project. Here are seven considerations when embarking on this new venture.” Read the full article.