Monthly Archives: October 2018

Cybersecurity Is Important For Everyone

By David J. Rosenbaum, Citrin Cooperman & Co.

Why is an article on cybersecurity appearing in a blog and newsletter on energy and environmental matters? Because this is a situation of grave concern to all companies, municipalities, etc. As engineers, we are involved in compiling and managing data, mainly through complex computer systems. However, data is now at risk of being stolen, altered or deleted, and this can have mammoth impacts on all kinds of firms.

Who is at risk? Any entity…
• connected to the Internet
• storing data electronically or in the Cloud
• involved with the Internet of Things (IoT).
Who may pose the threat to you and your data? Hackers, like you read about in the news. But employees, clients, and regulators, too.

What must cybersecurity protect?
• “Computers”, such as desktops, laptops, tablets, smart phones
• Networks, such as servers, firewalls, peripheral devices, IoT
• Data at rest (on computer hard drives, removeable media, in the Cloud)
• Data in motion (email, the web, wifi, phones)

What are the objectives of cybersecurity?
• Confidentiality: safeguarding records and information
• Integrity: protecting data from unauthorized access, change, or destruction
• Availability: ensuring that data is available to those authorized to view it.

Whether you are a big firm or a one-person shop, your data is vulnerable. Cybersecurity does not/cannot prevent a breach; it enables you to manage the risk. If you think spending money on cybersecurity is an issue, think of the costs of a breach including forensics, technology expenditures, notification, legal, system downtime, fines and penalties, and reputational.

A key to cybersecurity is employees. Users, often, unknowingly introduce threats by opening emails or clicking on links. Therefore, training is important.

To begin a cybersecurity assessment, the entity must understand:
• What information is maintained that needs to be protected
• Which systems maintain the information and who controls it
• How the information is currently protected
• Which rules/standards apply to data in question (i.e., HIPAA, PCI, privacy, etc.)

National Institute of Standards and Technology (NIST) framework for improving critical infrastructure cybersecurity. Core:
• Identify. Develop organizational understanding to manage cybersecurity risk
• Protect. Develop and implement appropriate safeguards of infrastructure
• Detect. Develop and implement appropriate activities to detect an event
• Respond. Develop and implement appropriate actions once event detected
• Recover. Develop and implement appropriate activities to restore capabilities.

Cybersecurity Best Practices:
• Assess your risk
• Determine applicable rules/standards to comply with
• Develop written cybersecurity policies. Must be written.
• Implement Best Practices (i.e., complex passwords, firewalls, antivirus, backups)
• Train employees to be aware and alert and implement best practices
• Audit, test, and upgrade policies, practices, and security

Yes, cybersecurity is another responsibility and headache for managers already overwhelmed with responsibilities. But given the costs listed earlier, this needs to be done. Remember, it is not a matter of if, but when you’ll be subject to a cyber attack.

Citrin Cooperman’s Technology Consulting group has a practice focused on cybersecurity. Its TRAC Cybersecurity Services include risk assessment, penetration testing services, and remediation strategy. Contact David Rosenbaum at 914-693-7000 or at drosenbaum@citrincooperman.com.

Some Thoughts on Hurricane Michael

This month Hurricane Michael caused widespread destruction on the Florida panhandle, southern Georgia, and the Carolinas, entering as a Category 4 hurricane with 155 mph winds and storm surges of many feet. Now the process of assessing the personal and property losses and rebuilding is beginning. Total losses for property damage and disruption of business are likely to be in the billions of dollars. It will likely take months for power and services to be fully restored, and years to rebuild and recover.

Insurance

Many properties suffered damage from both the high wind and water surge. There is confusion and heartbreak as some property owners may not be covered by their insurance policies, which, in some cases, cover losses caused by wind (and wind-driven water), but not damage caused by “flooding” (defined to include “storm surge”). Some property owners will only receive payment for damage demonstrated to be covered by the wind only, and not subsequent flooding. For example, if extreme wind removes the roof from a building and the policy covers wind damage, then the homeowner is clearly entitled to a new roof. But if the subsequent rain and storm surge, which may not be covered in some policies, damages the inside of the house, that damage may not be covered. There is litigation ongoing concerning insurance coverage for “concurrent” actions of wind and water acting independently, but causing damage. There are lessons to be learned for anybody in a hurricane zone wishing to be properly covered.

Did Climate Change Cause Hurricane Michael?

The consensus from the scientific and, specifically, the meteorological community, is that Hurricane Michael would likely have happened anyway, but reached its extreme intensity because of climate change. The Gulf of Mexico contained much more energy in heat and warm water, than normal for this time of year, making the hurricane more water-intensive and stronger. This also accounted for the speed of its intensification. It was originally predicted to be a low-level hurricane, strength-wise. But in the last couple of days before landfall, it intensified greatly due to the high energy in the Gulf, surprising many residents and prognosticators. This complicated evacuation efforts, as officials did not communicate the true intensity of Michael until the last moments before landfall.

Building to Withstand Extreme Storms – It Can Be Done

It was interesting to see that so many of the homes in the path of Michael were not just torn away, but leveled into little bits and splinters. Yet, in Mexico Beach, one home survived with minimal damage, while neighboring homes were completely destroyed. This NY Times article describes this building: https://www.nytimes.com/2018/10/14/us/hurricane-michael-florida-mexico-beach-house.html?action=click&module=Most%20Popular&pgtype=Homepage   The owners built this home anticipating storms in the future, and built this to withstand such wind speeds (up to 250 mph) and on stilts well above any anticipated storm surge. The building was more expensive than the others in the area, but was obviously worth it given how it needs minimal repair, while the neighboring buildings were completely destroyed.

CCES can help your firm understand and cope with Climate Change better. Contact us today at 914-584-6720 or at karell@CCESworld.com.

Insurance Industry Urged To Divest From Fossil Fuel Activities and Firms

A coalition of NGOs, including the Sierra Club, the Waterkeeper Alliance, the Rainforest Action Network, and Greenpeace, has been putting pressure on certain industries to encourage renewable energy and end support of the fossil fuel industry for some time. The latest industry to be targeted is insurance based on the logic that while attempting to protect us from catastrophic risk, supporting the dirtiest fossil fuel industries is, instead, adding to worldwide climate change adverse risk.

These NGOs sent letters to the CEOs of 22 major US insurance companies, urging them to stop insuring projects of and to start divesting from companies that produce coal and those that extract and transport tar sands. These US insurers hold hundreds of billions of dollars in coal, oil, gas and electric utility stocks and bonds. Similarly, the letter requested that these major insurance companies underwrite and invest in more clean energy companies and projects.

In addition, these NGOs recommended that these insurance companies insist that all insured quantify the carbon footprint of their projects as a prelude to being insured. Campaign leaders claimed that several insurance companies have divested about $30 billion from coal companies and stopped or limited insuring the coal industry in recent years.

Climate change-caused or -enhanced incidents pose great risk to insurance companies. More than 10,000 claims were filed from the Carr and Mendocino fires, whose intensity were said to be contributed to by climate change, totaling $845 million in insured losses.

Insurance industry leaders, regulators, and business leaders acknowledge that climate change is a major strategic issue for the industry, and are beginning to be addressed in terms of their business model. As we see with the intense recent storms of Florence and Michael in the US, not to mention recent very deadly storms, tsunamis, and typhoons in Indonesia, the Phillipines, and India, there is an increase in the frequency and intensity of storms, and in particular, more rain, which has caused widespread flooding and destruction. The insurance industry is being hit hard by this increase in destruction and is being urged to take more steps to both add climate change to their risk equations and to take an active part in investing in a future to mitigate climate change.

CCES has the experience to help your firm cope with climate change, evaluate risk and protections for your business and asset, and reduce your carbon footprint. Contact us today at 914-584-6720 or at karell@CCESworld.com.

90% Of World’s Population Breathe Polluted Air

Data from the World Health Organization shows that in 2016 over 3 billion people were exposed to air containing dangerous levels of pollutants. An estimated 7 million people die every year from ailments related to outdoor or indoor air pollution. See: http://www.who.int/phe/health_topics/outdoorair/databases/cities/en/

The air pollutant with the greatest impact is fine particulates that penetrate our defenses and settle deep into the lungs and can enter the cardiovascular system, causing stroke, heart disease, lung cancer, asthma, and respiratory infections, including pneumonia. The WHO estimates that nearly one-quarter of adult deaths from non-communicable diseases (heart disease, stroke, lung cancer, etc.) comes from exposure to air pollutants.

The biggest cause of this exposure to dangerous concentrations of fine particles is from combustion from inadequate stoves inside the home or uncontrolled combustion of solid waste outdoors. More than 40% of the world’s population must cook with dirty cooking fuels and/or uses cooking devices that do not shephard away the byproducts of combusting those fuels. While several programs have brought cleaner burning fuels and devices to many people, population growth has not reduced the level of exposure.

While natural elements can contribute to air emissions, such as desert sand and dust, other major sources of fine particulates include industrial emissions, agriculture, dirty burning cars, trucks and buses, and coal-fired power plants.

Air pollution does not recognize borders. Countries implementing and enforcing new programs and rules to reduce air emissions within their borders are often inundated by air pollution coming from other nations. Wind can take fine particulates and gaseous pollutants long distances from their sources.

CCES has the expertise and experience to help your firm assess what your air pollution emissions inventory is and (from a technical point of view) how your facility stands in terms of compliance with applicable federal, state, and local air quality regulations. We can develop economic options for you to consider to reduce emissions to improve the health of your employees and neighbors and comply with regulations. Contact us today at 914-584-6720 or karell@CCESworld.com.