Photo of H. Michael O'Brien

Michael O’Brien is a member of the firm’s Executive Committee and co-chair of the firm’s Product Liability and Class Action Defense practices. With more than 30 years of experience in product liability defense, Michael focuses on representing U.S.and Asia-based manufacturers and distributors as national counsel in litigation, pre-suit investigations and class actions. He also advises clients on reporting obligations to the U.S. Consumer Product Safety Commission (CPSC) and counsels them on voluntary recall issues.

The recent WannaCry ransomware cyberattack provided another chilling reminder of the potential disruptive power behind the Internet of Things. Even before the WannaCry attack in May 2017, a distributed-denial-of-service (DDoS) attack on a domain name server provider, Dyn, Inc., took place in October 2016, pushing many popular internet services offline for hours. The Dyn attack, which utilized the malware Mari as the supporting agent, was a sea-change event carried out by hundreds of thousands of internet-connected devices, such as routers, security cameras and DVRs, that rely on default factory user names and passwords coupled with weak or nonexistent security protections. It illustrated that hackers can now target vulnerable low-hanging fruit and turn it into a super botnet to carry out the DDoS attack. One takeaway from the Dyn attack is that the exponential growth of devices coming online, some 5.5 million per day according to Gartner, creates an unparalleled ecosystem for malevolent actors to find and weaponize the Internet of Things (IoT).
Continue Reading The Internet of Things: A Trifecta of Cyber and Physical Threat Risks

532174354When the failure of a smart product leads to a fire, the challenge of how smart home applications should be evaluated and examined as a potential cause becomes a more complex undertaking than the failure of a similar but dumb product.
 
Continue Reading The Impact of the Smart Home Revolution on Product Liability and Fire Cause Determinations

iStock_000074015155_LargeThe phenomenal growth of the Internet of Things (IoT), widely hailed in 2015, has been greater than originally forecast. Gartner, Inc. estimates a 30 percent increase in IoT devices connected to the Internet in 2016, which equates to 6.4 billion devices, and forecasts that more than 20 billion devices will be connected to the Internet before 2020. On average, 5.5 million new devices are connected to the Internet each day. As the IoT becomes part of the everyday lexicon, there remains a need to examine the myriad risks associated with this explosive growth across multiple industry sectors to address the inevitable weaknesses with software and security that will be part of the foreseeable future of the IoT. In turn, these vulnerabilities can and will lead to property damage, bodily injuries and deaths. Internet attacks leading to physical damage date back to the 2010 cyberattack on the Iranian nuclear energy plant in Natanz that destroyed or disabled centrifuges. Later, in 2014, a German steel foundry was the target of a cyberattack leading to the destruction of a blast furnace.
Continue Reading The Internet of Things: The Cyber Vulnerability Landscape Emerges

The rapid emergence of the Internet of Things (IoT) led to the establishment of the Industrial Internet Consortium (IIC) in the spring of 2014 by five primary stakeholders: AT&T, Cisco, General Electric, IBM and Intel. IIC now claims a membership of 211 in more than 26 countries. Each of the five founding members, like many other companies, is undergoing significant transformations within their core business platforms to take advantage of the immense growth opportunities with IoT.

On November 3, 2015, the IIC held its initial Industrial Internet Security Forum at IBM’s New York City headquarters. Not surprisingly, security, security and more security was the theme du jour.

Continue Reading The Internet of Things and the Inevitable Collision with Product Liability PART 5: Security and the Industrial Internet Consortium

Spherical VideoWallThe exponential growth of the Internet of Things (IoT) is far outpacing the ability of stakeholders to address safety standards and security concerns. This is not unusual as rapidly developing technology often challenges regulators and standards organizations to develop a framework for consensus governance. However, because the IoT transcends so many industries, there will be unprecedented difficulties with respect to harmonization of standards that will apply from one industry sector to another.

The efforts to develop and implement safety standards and government regulations have been taking place globally, albeit in fits and starts and not necessarily in synchronization among the developed countries. Nonetheless, as governments take note of the IoT, the number of threats identified continues to multiply.

Red Flags for Datamining
On September 10, 2015, the Federal Bureau of Investigation (FBI) posted online a public service announcement warning of IoT risks for cybercrime, which include vulnerabilities to individuals’ and businesses’ personal data as well as the potential for “compromising the IoT device to cause physical harm.” [Emphasis added.] Universal Plug and Play (UPnP) protocol used to access many IoT devices was identified as being especially vulnerable to exploitation.

Continue Reading The Internet of Things and the Inevitable Collision with Product Liability PART 4: Government Oversight