Go to previous topic
Go to next topic
Last Post 11/18/2011 5:21 PM by  Leland
cyberwarfare, computer virus as proximate cause...
 5 Replies
Author Messages
Leland
Advanced Member
Advanced Member
Posts:741


--
10/01/2010 2:06 PM
     
    There's a lot of stories in the news about a computer virus that is attacking another countries nuclear facility. There is some evidence that the virus caused various motors to malfunction and may have caused some sort of small disaster in the plant. The virus has spread to many other countries.
     
    This reminds me of the doomsday scenarios predicted for Y2K (The idea that computers all over the world breakdown on Jan1, 2000 because the software was written for only two digits representing the year and not four. Airplane crashes and allkinds of things were predicted)
     
    But this damage is real, if not that widespread.
     
    Here's some coverage questions:
     
    Is damage from compuer virus covered on a typical commercial policy? Is it excluded?
     
    Does it make a difference if it is an act of war? (Remember there were big court cases about whether 9/11 was an "act of war" because acts of war are generally excluded from coverage.) Many countries have dedicated teams to wage cyberwarfare and defend against it. Sometimes individula citizens of one country have attacked other countries in organized efforts. It is not always clear whether such attacks are sponsored by any government.
     
    What if the virus is the proximate cause of some other peril, such as a fire or overflow? These new viruses can make machinery go haywire.If computer attacks are excluded, would the ensuing damage from fire still be covered? Or is there "anti-concurrent causation" language for computer attacks?
     
    Would the loss of data be covered under "books and records" coverage?
     
    What if the attack comes from a disgruntled former employee? Could it (should it) be considered "vandalism and malicious mischieif" and paid under that peril even if computer attacks are otherwise excluded?
     
    It is conceivable that a virus could spread all across the USA, crippling factories left and right. If that were to happen there could be a lot of claims. Such claims would also likely involve business income losses. Depending on the policy language and the facts of the loss, many of these claims might be denied.
     
    We all know that carriers across the US have geared up for the possibility of an earthquake, especially after carriers saw how devastating Katrina was, and they thought of other "what if" scenarios. I wonder if they have given any thought to computer viruses on a large scale.
     
    I haven't posted any policy language. I hope that if anyone is interested in discussing this topic that we get some policy language posted.
     
    If any adjusters have handled claims related to computer shutdowns I would love to see examples.
     
    Any newer adjusters that lack experience in this area could certainly advance the discussion by looking up a CP policy and posting the language. It's good practice and neccesary to read the actual policies.
    0
    CatAdjusterX
    Veteran Member
    Veteran Member
    Posts:964


    --
    10/01/2010 3:35 PM
    Hello Leland
     
    Whilst i don't have a coverage answer, you bring up a very important issue.
     
    I strongly believe that while I know we as a country can repel any conventional threat from any enemy ( foreign and domestic) our country's downfall is going to be from cyberspace.
     
    Everything from our infrastucture to our military , communications and every crucial component relies on computers, a sophisticated cyber attack will bring our country to a standstill .
     
    In relation to adjusting, think of all the brand new techys without Xactimate or any adjusting software, they will be in the dark begging for those skilled in hand written claims to show them the light.
     
    I have spoken on my site many times about the importance of knowing how to measure a roof with nothing more than a pencil, pad of paper, a tape measure, and a calculator but I get zero response from most of my members who are interested in learning the "old way".
     
     
     
    Robby Robinson
    "A good leader leads..... ..... but a great leader is followed !!" CatAdjusterX@gmail.com
    0
    CatAdjusterX
    Veteran Member
    Veteran Member
    Posts:964


    --
    10/01/2010 3:54 PM
    I found this information, check it out
     
    "A good leader leads..... ..... but a great leader is followed !!" CatAdjusterX@gmail.com
    0
    ChuckDeaton
    Life Member
    Senior Member
    Senior Member
    Posts:1110


    --
    10/01/2010 5:23 PM
    No question that Leland is right. The USA is the most computerized nation. Every thing in life runs on or is controlled by a computer. A friend of mine demonstrated this when he mislabeled a computer controlled switch, when the power company operator acted to switch power from from one grid to an other he inadvertently shut down the power to a continuous process at an oil refinery. There were people running out of the building to distance themselves from the process and people running into the building to distance themselves from the switching station.

    No doubt that any computer system that is attached to the internet can be accessed, that access can be from anywhere in the world.
    "Prattling on and on about being an ass with experience doesn't make someone experienced. It just makes you an ass." Rod Buvens, Pilot grunt
    0
    Leland
    Advanced Member
    Advanced Member
    Posts:741


    --
    10/12/2010 10:33 AM

    Marine Corps considering new class of cyber warriors

    October 12, 2010 - 10:40am

    Leaders for the Marine Corps are considering a potential new cadre of specialized cyber warriors who may never see deployment.

    The Military Times reports the group would be responsible for cyber warfare and would work the computerized front lines from desks here in the U.S.

    The Marine chief for cyber warfare, Lieutenant General George Flynn, isn't offering many specifics. But he does say the cyber warriors could face longer enlistments - two years of which would be spent just in training.

    --------------------------------------------------------------------------------------------------------------------------------

    Not very many people know the history of how insurance companies assisted the US military in WWII. U.S. and British Insurance companies opened their underwriting files to the military to help identify German industrial targets. A big part of warfare is crippling the enemies manufacturing and communications, much of which is non-government owned. The majority of the B52 bombing raids over Europe were targeting industry, for example the huge raid on Schweinfurt, which was designed to destroy Germany's ball bearing manufacturing ability.

    Any future major war will likely have a cyber warfare component that targets private businesses.

    If war is not officially declared (like Vietnam or 9/11) there could be a lot of claims that would be difficult to exclude as "Act of War". (most policies exclude "Act of War).

    On a more practical note I would like to discuss data losses and computer claims that result from storms or fires, because that is something we are more likely to encounter. When I get around to it I will post some language from the CP forms and other forms that discusses this line of coverage.

    To be a commercial claims cat adjuster we need to know how to adjust:

    books and records losses (which may involve computers, although electronic data may be excluded)
    accounts receivable losses (which often involves computer records)
    business income losses (which in some cases run longer due to computer outages)

    All three of these coverages are part of most commercial polices although the limits on the first two may be only $5000.00 on a typical policy.

    Here is a link to the New Mexico Fair Plan CP 99 form. This very common commercial form includes some coverage for computer viruses.

    http://www.nmpropertyinsurance.com/...Policy.pdf

    (you can also find a DP 01 form on this same website, I believe it is probably the same form as used by Texas Wind Pool, I'm not 100% sure)
    0
    Leland
    Advanced Member
    Advanced Member
    Posts:741


    --
    11/18/2011 5:21 PM
    One year after I started this thread...

    Russian hackers targeted U.S. water plant in apparent malicious cyber attack....

    http://www.washingtonpost.com/blogs..._blog.html

    Absent a declaration of war or a policy exclusion, damage to the water treatment plant could be covered under a commercial policy.

    And any business that is dependent on the water (such as a computer chip plant or a soft drink plant) could have a covered loss if they have contingent location business income coverage.

    This type of attack is possibly a "beta test" to see how successful it can be, to prepare for a future cyber war against the USA or some other country, also it may give "street cred" to the perpetrators, who can then command more money for their efforts. The perpetrators aren't necessarily connected to any government- they could be kids or perhaps mercenaries in the employ of a government, or maybe just pirates waging war of their on account. There are stories that US stocks were sold short and put options were placed just prior to 9/11. Somebody made money on the attack. A similar thing could occur with cybercrime.

    I believe these kinds of attacks will become more common.

    Many such losses will be covered by insurance. Insurance will also evolve to exclude them from cheaper polices and add coverage to special endorsements.
    0

    Forums Catastrophe Central, Discuss, Share, Learn General

    ---