U.S. Congress Introduces Bill that Would Require Mandatory 24 Hour Cyber Breach Notification for Government Agencies, Contractors, and Operators of Critical Infrastructure

This week, U.S. Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and a broad group of bipartisan co-sponsors, introduced legislation that would require government agencies, contractors, and operators of critical infrastructure to report cyber incidents to the U.S. Cybersecurity and Infrastructure Security …›

Executive Order on Cybersecurity Expands Mandatory Breach Notification and Supply Chain Security Requirements for Government Contractors

On May 12, 2021, the Biden administration issued an ambitious Executive Order on Improving the Nation’s Cybersecurity (EO) declaring the prevention, detection, assessment, and remediation of cyber incidents to be a “top priority and essential to national and economic security.” Over 8,000 words long, …›

Data Rights: Current Developments & Pending DOD Changes

Jay DeVecchio recently published a Briefing Paper for Thomson Reuters covering recent developments in the Department of Defense’s (DOD) Defense Federal Acquisition Regulation Supplement (DFARS) data rights provisions. Dissecting the DOD’s recent actions and attitudes, this article contextualizes the upcoming DOD proposal as it …›

U.S. Government Responds to SolarWinds Hack, Seeks to Establish New Norms for Cyber Espionage

After much anticipation and hints, the U.S. Government announced a series of measures to respond to recent Russian actions against the United States, including the SolarWinds intrusion campaign. The measures underscore that companies are not in a position and should not be left to …›

U.S. District Court for the District of Columbia Finds That Alleged Cybersecurity Vulnerability Is Not Material Under False Claims Act

In a decision sure to bring some comfort to contractors providing information technology equipment and services to the federal government, a U.S. district court judge recently granted a motion to dismiss a False Claims Act (FCA) suit, finding that the relator both failed to …›

September 30, 2020 - Cybersecurity & Data Privacy

Department of Defense Issues CMMC Interim Rule, Setting up a Two-Part Process for Review of Contractor IT Systems

On September 29, 2020, the Department of Defense (DoD) issued a long-anticipated interim rule implementing its Cybersecurity Maturity Model Certification (CMMC) program. The rule introduces a new mandatory construct, the DoD Assessment Methodology, to serve as an interim certification process before contractors undergo …›