Supply Chain, Logistics and Cybersecurity - Regulatory and Risk Allocation Considerations in the New Normal

Transcription

1 Supply Chain, Logistics and Cybersecurity - Regulatory and Risk Allocation Considerations in the New Normal TOC Americas Lima, Peru 19 November 2017 Glenn Legge Partner HFW USA, Houston Texas

2 New technology - Critical information and control systems Digitalized integrity management systems measure and manage live data on vessels, as well as in ports, terminals and rail systems. Real-time, data driven systems are used to reduce congestion and increase cargo and supply chain efficiencies in shoreside facilities. Increasing reliance upon RFID technology to verify the location and status of assets, as well as lifecycle of assets and critical systems.

3 Recent industry developments concerning cybersecurity measures On 16 June 2017, the IMO adopted Resolution MSC.428(98) Encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of shipping companies Documents of Compliance after 1 January 2021.

4 Recent regulatory developments concerning cybersecurity measures US and UK US - USCG s Proposed Cybersecurity Regulations: 12 July NVIC proposes new controls and cybersecurity measures for shoreside facilities. UK - Code of Practice Cyber Security for Ships, 13 September Follows the UK government's cyber security code of practice for ports and port systems which was released in 2016.

5 Focus of Recent Regulatory Developments Purpose of USCG s Proposed Cybersecurity Regulations? To prevent a Transportation Security Incident ( TSI ): 46 USC 7010 Significant loss of life. Prevent catastrophic property loss/business interruption Environmental damage. Economic disruption.

6 Contractual Risk Allocation and Insurance Traditional v. New Normal Contractual Risk Allocation Warranties/Representations suitable people, equipment, capabilities, cargo contents, weight and hazards. Navigational capabilities, suitability for port/anchorage. Contractual Indemnities Knock for knock. Carve out for pollution, force majeure, consequential damage, business loss.

7 Insurance Coverage Bodily injury/death Contractual Risk Allocation and Insurance Traditional v. New Normal Property damage/business interruption Environmental damage/pollution. Liability for claims of shippers, consignees, and various damaged parties.

8 Insurance Coverage for Cyberattacks? INSTITUTE CYBER ATTACK EXCLUSION CLAUSE 1.1 Subject only to clause 1.2 below, in no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software program, malicious code, computer virus or process or any other electronic system. 10/11/03 CL380

9 Insurance Coverage for Cyberattacks? Impact of CL380 Exclusion Companies pay large premiums for catastrophic loss, pollution, business interruption resulting from product defects, negligence and natural disasters. CL380 will exclude coverage for these same damages if they arise, in whole or in part, due to the introduction of a malicious virus.

10 Good News and Bad News Good News Technology is evolving at a fast pace to improve operations, enhance safety and reduce costs. Regulators in the US and UK are implementing programs to address new technologies and address cyber threats. Bad News Vessel and terminal operators are not effectively allocating risks for cyber threats in a BYOD environment. Insurance industry is concerned about a systemic loss from cyber attacks and restricting coverage for losses due to cyberattacks.

11 Supply Chain, Logistics and Cybersecurity - Regulatory and Risk Allocation Considerations in the New Normal TOC Americas Lima, Peru 19 November 2017 Glenn Legge Partner HFW USA, Houston Texas