Tag Archives: obama

Infrastructure: Risks and Opportunities

One of President Trump’s stated goals is to initiate significant investment in U.S. infrastructure — bridges, roads, airports, seaports, pipelines, fiber optic cables and water projects. As with any major spending measure — and the most common number being tossed around for this one is $1 trillion — there will be political hurdles. However, the U.S. House of Representatives Transportation and Infrastructure Committee just launched its #building21 campaign effort to promote its vision for 21st Century American infrastructure, calling for significant investment.

Infrastructure spending of such magnitude will bring many opportunities for construction and infrastructure companies. Organizations need to be strategically positioned to capitalize on the opportunity, well-prepared to engage in the heightened competition facing the industry and flexible enough to absorb an increasing level of risk.

Infrastructure Plans

In December 2015, Congress passed and President Obama signed the Fixing America’s Surface Transportation Act (the FAST Act), which increased the collection of gasoline taxes to pay for transportation infrastructure projects. The FAST Act authorized $305 billion for highway and motor vehicle safety, public transportation, motor carrier safety, hazardous materials safety, rail and research, technology and statistics programs. Although FAST Act funds are to be allocated to rehabilitate the country’s transportation network, there remains a significant infrastructure deficit in the country.

During his campaign, Trump called for $1 trillion in infrastructure investment in transportation, telecommunications, water, power and energy. Before his inauguration, Trump’s transition team circulated a list of 50 priority emergency and national security projects. Since then, Trump has given every indication that he plans to continue pushing to enhance infrastructure. For example, on Jan. 25, he signed an executive action related to one of the more controversial project proposals, a wall along the U.S.-Mexican border that many experts suggest would cost $15 billion to $25 billion.

See also: Insurtech Investment to Flourish in 2017  

Against the same funding challenges the Obama administration faced, Trump’s plan calls for much of the infrastructure investment to be driven by the private sector through a series of tax credits and private funding as a means to encourage infrastructure investment in a revenue-neutral fashion. Trump’s plan also calls for the relaxation of various regulations to accelerate project delivery times and reduce cost.

Challenges and Headwinds

Most Democrats and Republicans agree on the need to improve this country’s infrastructure. A key difference, however, is how to pay for the upgrades.

On Jan. 24, Senate Minority Leader Charles Schumer introduced a $1 trillion infrastructure plan that relies heavily on direct government funding rather than on tax credits and private investment. Democrats generally argue that, although tax breaks may encourage investment, they will not necessarily bring about those infrastructure projects that are most needed, because the underlying economics may not make such projects profitable.

Despite these political differences, it is likely that some form of Trump’s plan will secure support as infrastructure renewal is a common interest. If an infrastructure spending bill is passed by Congress, organizations in the construction and infrastructure industries will be affected in a number of ways, including:

  • Increased competition: With an economic slowdown in some areas of the world and with increasing volatility, a large inflow of foreign capital will likely occur as international contractors seek opportunities to invest in and build U.S. infrastructure projects. Consolidation of market share in the sector is also likely.
  • Talent and labor shortage: Already facing a shortage of skilled professionals, the construction industry will need to compete with other industries to attract and retain talent.
  • Private investment: Regardless of which infrastructure plan takes hold, public-private partnerships will be a pivotal model to deliver infrastructure in the immediate future. Consider that more than 30 states have enabling legislation in place and are poised to act immediately on already-identified projects.
  • Increased risk: We are witnessing an ever-increasing trend of infrastructure projects being delivered through complex delivery methods, including design-build; design, build, operate and maintain; and integrated delivery. All such contracts result in increased risk being assumed by contractors. With competition expected to heat up, contractors will be expected to have greater risk-bearing capacity. Another consideration is that infrastructure and construction companies are increasingly tied to the “Internet of Things” through operational technology, electronics, software and network connections; this brings significant cyber exposures. And infrastructure itself is increasingly a target of cyber criminals.
  • Risk financing: Insurers and others continue to develop new risk consulting and risk transfer products and services. Not only do insurers absorb performance and hazard risks associated with infrastructure development, they are increasingly becoming infrastructure investors, as well. It remains to be seen how this level of infrastructure exposure will lead to new products and services or new alternative risk structures.

See also: New Wellness Scam: Value on Investment  

The American Society of Civil Engineers (ASCE) estimates that the U.S. will face a $1.6 trillion infrastructure deficit in 2020. Although it is too early to know exactly how the new Congress and the Trump administration will proceed, we believe it’s safe to expect that infrastructure and development will be a hot topic this year and for many to come. If you’re not doing so already, now is the time to discuss with your advisers the risk and insurance considerations at the advent of a likely major U.S. infrastructure investment initiative.

Has an International Cyber War Begun?

Cyber attacks were once on the periphery of American business consciousness. That mindset changed over the past two years. A series of devastating events, including the 2014 cyber attack against Sony, catapulted cyber liability concerns from an IT department issue to a major priority for boardrooms across America. As U.S. government officials concluded that North Korea was behind the attack, many C-suite executives suddenly found themselves asking questions. Is this the start of a cyber war? Could we be the next victim? If we are, how will it affect our operations and our bottom line? Do our insurance policies cover any of these costs?

g1

Today, many insurance buyers look to their cyber insurance policies to fill coverage gaps that often exist in other policies. For example, a property policy may respond to physical damage from a named peril, but it will likely exclude loss for non-tangible assets as a result of a cyber attack. Similarly, a commercial general liability policy will likely provide liability coverage for causing bodily injury because of negligence but exclude coverage for liability because of a failure to secure sensitive data from hackers.

Many policyholders may be unaware that some, though not all, of these cyber policies contain specific terrorism and war exclusions. As a result, gaps in cyber insurance coverage can exist in cases like the Sony breach, where government agencies, like the FBI, conclude that a foreign government or terrorist organization is responsible for the attack.

Is a Cyber Attack “Terrorism” or “War”?

Immediately following the Sony attack, President Obama referred to it by saying, “I don’t think it was an act of war . . . but cyber vandalism.” Then, on April 1, 2015, President Obama signed the Executive Order on Cybersecurity with the goal of protecting the private sector against hackers and thereby bolstering national security. The order seeks to identify and punish individuals behind attacks, but it could also lead some to categorize an apparent hacking event or act of cyber terrorism as an “act of war.”

Changes in government definitions trickle down into coverage disputes because many policies that exclude or include “war,” “terrorism” or “cyber terrorism” either fail to define those terms or define them by referring to standard government definitions.

Government Definitions of Terrorism, Cyber Terrorism and War

THE TERRORISM RISK INSURANCE ACT (TRIA)

“Act of terrorism” is defined as any act certified by the secretary of the Treasury in concurrence with the secretary of State and the attorney general of the U.S. to be:

» an act of terrorism

» a violent act or an act that is dangerous to human life, property or infrastructure

» an act resulting in damage within the United States or Outside (on a U.S.-flagged vessel, aircraft or U.S. mission)

» an act committed by an individual or individuals acting on behalf of any foreign person or foreign interest, as part of an effort to coerce the civilian population, U.S. policy or the U.S. government.

The secretary of the Treasury may not delegate his certification authority, and his decision to certify an act or not is not subject to judicial review.

DEPARTMENT OF DEFENSE (DOD)

The DOD defines “terrorism” as “the unlawful use of violence or threat of violence, often motivated by religious, political or other ideological beliefs, to instill fear and coerce governments or societies in pursuit of goals that are usually political.” The term “act of war” is understood to mean “a use of force [that may] invoke a state’s inherent right to lawful self-defense.”

DEPARTMENT OF JUSTICE (DOJ)/FEDERAL BUREAU OF INVESTIGATION (FBI)

The FBI defines “cyber terrorism” as “the premeditated, politically motivated attack against information, computer systems, computer programs and data [that] results in violence against non-combatant targets by subnational groups or clandestine agents.”

DEPARTMENT OF HOMELAND SECURITY (DHS)

The National Infrastructure Protection Center (NIPC), (formally a branch of DHS), defines “cyber terrorism” as “a criminal act perpetrated through computers resulting in violence, death and/or destruction and creating terror for the purpose of coercing a government to change its policies.”

Cyber Terrorism and the ‘Act of War’ Exclusion

Cyber policies are relatively new and manuscript products; as such, the wording varies significantly. Many policies contain a standard exclusion for “war, invasion, acts of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, military or usurped power, confiscation, nationalization, requisition, or destruction of, or damage to, property by or under the order of any government, public or local authority…” An attack by the Taliban, for example, would probably fit within the exclusion as an act sponsored by a “public or local authority.”

Traditionally, war exclusions were relatively narrow; they required an actual war or, at the very least, “warlike operations”; “for there to be a ‘war,’ a sovereign or quasi-sovereign must engage in hostilities.” Pan Am. World Airways, Inc. v. Aetna Cas. & Sur. Co., 505 F.2d 989, 1005 (2d Cir. 1974) (finding that a Jordanian terrorist group that hijacked a plane was not a de facto government for the purposes of applying the war exception).

However, the events of Sept. 11, 2001, changed the way certain events and groups were perceived and classified, ultimately leading many to label the 2014 cyber attack on Sony an “act of war.”

Screen Shot 2015-12-22 at 1.53.07 PM

Litigation surrounding the Sept. 11 attacks led directly to an expanded view of the war exclusion. For one thing, the Second Circuit Court of Appeals ruled that the attacks were an “act of war.” In re Sept. 11 Litig., 931 F. Supp. 2d 496, 512 (S.D.N.Y. 2013), an owner of a building near the site of the World Trade Center attacks sought to recover cleanup and abatement expenses for removing pulverized dust that infiltrated into the owner’s building after the collapse of the Twin Towers. He sued under the Comprehensive Environmental Response, Compensation, and Liability Act [CERCLA], which allows strict liability claims in pollution cases, but the court applied CERCLA’s “act of war” exception to strict liability.

In concluding that the attacks were an act of war, the court commented that “Al Qaeda’s leadership declared war on the United States, and organized a sophisticated, coordinated, and well-financed set of attacks intended to bring down the leading commercial and political institutions of the United States,” id. at 509, and that “as we learned in the twentieth century, and as has been true throughout history, war can take on a formal structure of armies in contrasting uniforms confronting each other on battlefields, and war can persist for years, fought by irregular, insurgent forces and capable of causing extraordinary damage,” id. at 511.

This expansion of the legal definition of “act of war” to include acts by “irregular, insurgent forces and capable of causing extraordinary damage” could lead to attacks by hacktivist groups or foreign intelligence services being considered acts of war and therefore excluded from cyber policies.

Cyber Insurance and TRIA

The Terrorism Risk Insurance Act (TRIA) is a government program designed to provide a backstop for reinsurers in the event of large terrorism-related losses (more than $100 million). There is debate over whether TRIA applies to cyber policies at all. TRIA applies to commercial property and casualty insurance coverage, but some cyber policies are written as another line of coverage, such as professional liability, which is not included in TRIA.

Even assuming that TRIA would apply to cyber insurance, for TRIA coverage to be in effect, (1) there must be losses, resulting from property damage, exceeding $100 million; and (2) they must be caused by a certified terrorism event:

(1) Property Damage: For TRIA to apply, physical property damage must occur, and what constitutes “physical damage” in the context of a cyber attack remains an open question. What we do know is that TRIA will probably not cover business interruption or reductions in business income absent some physical loss or property damage. Many cyber attacks do not involve any physical damage, which would exclude TRIA coverage.

(2) A Certified Terrorism Event: For TRIA to apply to any event, the event would need to be certified as an act of terrorism. This onerous and political certification process requires the secretary of the Treasury, secretary of State and attorney general to agree that an incident was an “act of terrorism.” Many political and economic issues factor into certifying a terrorism event, which can lead to counterintuitive results. For instance, as of the date of this publication, the April 2013 Boston Marathon bombing has not been certified as a terrorist act.

Conclusion

To ensure coverage for cyber terrorism and cyber warfare, buyers of cyber insurance will need to seek out a cyber risk insurance policy that explicitly includes this coverage in the broadest terms possible. As more insurance carriers enter the cyber insurance market, one must be wary that policy terms will vary from one policy form to the next, and some will have coverage terms superior to others.

Geopolitical Goals for Healthcare Hacking?

Did China orchestrate the massive hack of Anthem, the nation’s No. 2 healthcare insurer, to steal intellectual property it needs to jump start a domestic healthcare system?

That’s one scenario being discussed by the security community and would fit the pattern of not just China, but other nations, stepping up cyber attacks to pursue geo-political goals.

CrowdStrike’s 2014 Global Threat Report details how China remains by far the most active nation conducting cyber espionage campaigns. Hot on China’s heels, in terms of executing concerted hacks for nationalistic gain, are Russia, Iran and North Korea, the nation President Obama blamed for the Sony Pictures hack.

“China is a giant vacuum cleaner for intelligence,” Adam Meyers, CrowdStrike’s vice president of intelligence, tells ThirdCertainty. “They’re targeting dozens and dozens of organizations, going after intellectual property and trade secrets.”

3C’s  newsletter: Free subscription to fresh analysis of emerging exposures

One particularly active Chinese hacking collective, dubbed Hurricane Panda, specializes in cracking the networks of Internet services, engineering and aerospace firms. Hurricane Panda uses “an arsenal of exploits” and has pioneered ways to slip into a network, then stealthily escalate privileges to roam deeper.

While some of the data stolen by nation state-backed hackers most likely gets sold for profit, these attackers exist primarily to pursue strategic goals — in China’s case to accelerate the development of domestic infrastructure to serve its massive population, which is rapidly becoming more Westernized.

CrowdStrike’s threat report follows news pointing to Chinese hackers, referred to as Deep Panda, as the culprits behind stealing healthcare personal information for 80 million Anthem plan members and employees.

CrowdStrike is not directly involved in the Anthem investigation. That said, Myers tells ThirdCertainty that his firm has monitored Deep Panda targeting other healthcare organizations in the past.

China is dealing with a rising middle class for the first time in its history, he says. Smoking, drinking and poor eating habits are on the rise, with associated medical conditions sure to follow that are all too familiar in the West.

“They are dealing with diabetes, heart conditions and cancers at a large scale for the first time,” Meyers said. Rather than import healthcare services, China prefers to rapidly build a homegrown system and appears to be willing to steal intellectual property to do so.

“They want to be able serve their own domestic market for heart splints, diagnostic equipment and the like,” Meyers says. Hacking healthcare organizations could give China “the ability to leapfrog the design, test and build phases.”

New attack model

While China may run the most focused cyber spying operation, smaller nations, like Iran and North Korea, are discovering how cyber attacks can tilt the balance in geo-political disputes against a much more powerful adversary, namely the U.S.

In response to economic sanctions imposed by the U.S. to stem Iran’s development of nuclear capability, Iran-backed hacking groups heavily targeted the financial sector in 2013, and in 2014 turned their focus to U.S. aerospace, defense and energy targets, CrowdStrike reports.

And North Korea appears to have derived a model that could stir smaller nations to develop cyber attack strategies to gain political leverage on the global stage. The Sony Pictures hack embarrassed a Fortune 100 company and compelled President Obama to chastise North Korea.

Cyber attacks have become a kind of twisted diplomacy. “It’s a viable way to coerce an adversary into doing something,” Meyers says. “I think we’re going to see this practice continue.”

CEOs Defy Common Sense on Wellness

By now, readers of this and many other outlets know that conventional workplace wellness doesn’t work. Period. It’s not that there is no evidence for it. It’s that all the evidence is against it. The “evidence” in favor of conventional wellness is easily disproven as being the result of gross incompetence or dishonesty. Occasionally, as in the American Journal of Health Promotion, investigators even manage to disprove their own savings claims without intending to. As we say in Surviving Workplace Wellness: “In wellness, you don’t have to challenge the data to invalidate it. You merely have to read the data. It will invalidate itself.”

Just before Thanksgiving, both Health Affairs (with our blog post) and Soeren Mattke, the often-misquoted author of multiple RAND studies (in a comment to that post), weighed in with the same conclusion, as described in the headline: “Workplace Wellness Produces No Savings.”

No longer can anyone claim with a straight face that “pry, poke, prod and punish” wellness programs saved money, or were even beneficial for employee health.

And yet…

Within one business day of the posting, Reuters’ Sharon Begley reported that on Tuesday, Dec. 2, the Business Roundtable’s (BRT) CEO is having a sit-down meeting with President Obama to demand exactly the opposite of what all the evidence shows: He wants more flexibility on wellness. In particular, the BRT wants the administration to call off the EEOC watchdogs, who have recently attacked Honeywell  and others for forcing employees into medical exams that appear to violate the Americans with Disabilities Act.

The BRT’s goal is to allow companies to punish unhealthy workers to the limits of the Affordable Care Act’s wellness provision. (Recall from our earlier postings that the ACA wellness provision was modeled after the Safeway wellness program, which Safeway later admitted did not even exist during the period for which the company claimed it saved money.) In essence, the BRT leadership wants to make their employees love wellness whether they like it or not.

This complete disconnect between the data and the BRT demands can be explained only one of two ways.

(1)    The CEOs who compose the Business Roundtable have been duped into thinking wellness saves money, because they aren’t bright enough to Google it for themselves and learn that it doesn’t.

(2)    The CEOs who compose the Business Roundtable are very bright and have figured out that the only way they can seriously manage their healthcare costs is by fining or shaming employees with chronic disease or obesity into leaving their companies…or at the very least collecting large fines from them.

Let’s examine each possibility in turn.

As to the first, people don’t get to the C-Suite by simply accepting information that their vendors tell them, especially when the numbers obviously don’t add up. Events that can be prevented by wellness programs, like heart attacks, account for only about 8.4% of  hospital spending, or less than 4% of total medical spending in the commercially insured population. The C-suite also must know that, as with the tobacco industry years ago, when the only people defending an industry are people who make their living from it, then the industry is a wholly illegitimate enterprise. The first possible explanation would therefore need to be termed an impossibility.

The second alternative seems like something only a conspiracy theorist could conjure, but as Sherlock Holmes said: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.”

These CEOs must know that these “let’s play doctor” programs and fines are expensive, intrusive, ineffective and embarrassing for the employees…and take a major toll on morale. One organization, Penn State University, faced an employee revolt and backed down. Vik is currently in a wellness program that is eerily Penn State-like, and he is documenting his experiences.

And surely someone has informed the BRT that the heart attack rate is only about 1 in 800 annually in the commercially insured population, while using wellness programs to identify all the other diseases they hope to prevent or control will merely drive up employers’ drug spending; these nascent conditions wouldn’t become debilitating until years into retirement. Guidelines promulgated by the U.S. Preventive Services Task Force (USPSTF) call for judicious use of clinical screenings in various at-risk subpopulations, (with a few exceptions, such as blood pressure). By contrast, wellness screening is done to all employees usually at least once a year. That screening frequency multiplies the odds of false positives, especially in younger populations.

So why go to the mat with the president over these programs? Perhaps CEOs believe that fatter employees have lower productivity, which is probably the case – if you happen to own a package delivery service or a ballclub. Otherwise, it’s hard to imagine that weight affects one’s ability to answer the phone, conduct a meeting or handle almost any other task commonly required in today’s workplace. And these CEOs’ own actions contradict any claims about how weight loss leads to greater productivity: Most of the growth in line manufacturing jobs takes place in states with high obesity rates…but lower wages. Obviously, the tangible benefit of the latter overwhelms any offset by the former, or hiring practices would be different.

Unless there is an alternate explanation (or the BRT simply doesn’t understand the data), this BRT demand of the president must be interpreted more cynically: It’s the opening salvo in an attack against aging and chronically ill employees whom employers simply aren’t allowed to fire any more. Employers want to get rid of these employees because – often due to circumstances beyond these employees’ control – their healthcare expenses are believed to be higher.

Obamacare Backlash: What Comes Next?

The firestorm over comments made by MIT economist Jonathan Gruber has not helped the cause of the White House and defenders of the ACA in Congress. The historical landslide in the recent mid-term elections will also bring a major legislative backlash in the new House of Representatives and U.S. Senate early in 2015.

I had high hopes for the ACA. I have been a supporter of healthcare reform dating back to my college days and at graduate school many decades ago. The goals of universal coverage, elimination of pre-existing condition limitations and allowing dependents to stay on their parents plan until age 26 are all things I fully support.

However, the rollout of the ACA was a debacle. The campaign promise that, “You can keep your plan if you like it” and that “you can keep your doctor” was given 4 Pinocchios by the Washington Post, not exactly a friend of the GOP. Ask Nixon.

Now after the self-proclaimed architect of the ACA touts the lack of transparency in the design of the ACA to fool the American voters and how stupid “we” are, don’t expect a warm and fuzzy reaction in a GOP-controlled Congress. House Democratic leader and the White House are now busy “misremembering” the major role that Gruber played in drafting the ACA and are hoping the public will eventually, too.

What’s next? Both the House and the Senate will vote to repeal Obamacare in January. The House has already done this a few dozen times, but now Harry Reid can’t block a vote in the Senate. The president will veto this legislation. There will be political grandstanding with press conferences and dire predictions on both sides. Nothing will happen. There is a very little, if any chance, the GOP will have the votes to override a presidential veto.

What will most likely pass is a repeal of the tax on medical device manufacturers, which reportedly has bipartisan support. This will be problematic to the president and ACA supporters, because this will directly affect the proposed financing of the ACA. That lost revenue will have to be accounted for. Let me guess? Higher costs to consumers and companies providing health benefits to employees and their families? Is that correct, Mr. Gruber?

What will also likely pass Congress is a bill repealing the little-known provision providing a safe harbor to health insurance companies under the ACA, which essentially allowed a federally financed bailout if they end up losing money.

The ACA is here to stay, in my opinion, but incremental changes will be attempted. The GOP will support legislation to lower malpractice costs, allow small employers to band together in purchasing cooperatives, allow health insurance to be sold across state lines and make the implementation and administration of the ACA a state responsibility and not run by the federal government.

The president’s own recent in-house advisory group recommended that the ACA be run by the states, because healthcare, like politics, is all local. This received very little, if any, play in the mainstream media. In fact, at least two major, national, mainstream news outlets have yet to even mention the controversy surrounding Jonathan Gruber’s videotaped comments and the firestorm it has created.  I guess they misremembered to run the story.

Finally, for other possible changes, see a previous article of mine at Insurance Thought Leadership on April 9, 2014, regarding how the ACA has gutted major elements of the bipartisan healthcare reform efforts in Massachusetts by virtually eliminating experience rating for small to mid-size employers.

Gruber predicted health insurance premiums are going down because of the ACA. Please tell that to all the small and mid-sized employers across the U.S.  I have not heard from one whose costs are going down. Maybe they misremembered.

It’s time to fix the ACA with a bipartisan effort and study what works and what doesn’t, and certainly not be based on what someone in an ivory tower believes. He thinks we all are stupid anyway.