Topic Archives: Cybersecurity & Data Privacy

October 14, 2021Cybersecurity & Data Privacy

DOJ Cyber-Fraud Initiative Highlights Potential Civil Liability for Failing to Meet Federal Cybersecurity Requirements

The Department of Justice (DOJ) has created a new Civil Cyber-Fraud Initiative to use the power of the False Claims Act (FCA) to initiate suits against federal contractors and grant recipients that fall short of their regulatory and contractual cybersecurity obligations. This initiative, announced on October 6, 2021, builds on the Biden administration’s efforts to protect federal ...›

U.S. Congress Introduces Bill that Would Require Mandatory 24 Hour Cyber Breach Notification for Government Agencies, Contractors, and Operators of Critical Infrastructure

This week, U.S. Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and a broad group of bipartisan co-sponsors, introduced legislation that would require government agencies, contractors, and operators of critical infrastructure to report cyber incidents to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours. The bill is a response to incidents ...›

June 1, 2021Cybersecurity & Data Privacy

Executive Order on Cybersecurity Expands Mandatory Breach Notification and Supply Chain Security Requirements for Government Contractors

On May 12, 2021, the Biden administration issued an ambitious Executive Order on Improving the Nation’s Cybersecurity (EO) declaring the prevention, detection, assessment, and remediation of cyber incidents to be a “top priority and essential to national and economic security.” Over 8,000 words long, the EO establishes a series of initiatives designed to better equip ...›

May 18, 2021Cybersecurity & Data Privacy

Data Rights: Current Developments & Pending DOD Changes

Jay DeVecchio recently published a Briefing Paper for Thomson Reuters covering recent developments in the Department of Defense’s (DOD) Defense Federal Acquisition Regulation Supplement (DFARS) data rights provisions. Dissecting the DOD’s recent actions and attitudes, this article contextualizes the upcoming DOD proposal as it relates to commercial space and offers guidance to contractors on responding ...›

U.S. Government Responds to SolarWinds Hack, Seeks to Establish New Norms for Cyber Espionage

After much anticipation and hints, the U.S. Government announced a series of measures to respond to recent Russian actions against the United States, including the SolarWinds intrusion campaign. The measures underscore that companies are not in a position and should not be left to defend against nation state actors on their own, and that the ...›

January 11, 2021Cybersecurity & Data Privacy

Top Cybersecurity Considerations for Government Contractors in 2021

Although it was already apparent, recent events have made it even clearer that cybersecurity is an essential concern for government contractors.  The coming year is poised to include many cybersecurity-related changes and developments.  Below we highlight just a few: Continued Rollout of Department of Defense’s CMMC Program The Department of Defense (DoD) interim rule for ...›

November 23, 2020Cybersecurity & Data Privacy

Deadline Fast Approaching for DoD Contractors and Subcontractors to Report Cyber Compliance

As we previously reported, the Department of Defense (DoD) has issued an interim rule that requires all contractors and subcontractors that store, process, generate, transmit or access “covered defense information” to conduct a self- assessment of compliance with NIST SP 800-171 using the DoD Assessment Methodology.  Contractors must post their self-assessment scores on the Defense ...›

Breaking DOD’s Code: How to Figure Out and Resist What DOD Really, Truly Wants to Do to Your Data Rights

Your rights in technical data and software are at greater risk today than at any time during the last 25 years.  The Department of Defense (“DOD”) is proposing the authority to rewrite commercial software licenses in ways never before seen and guaranteed to be rejected by your software suppliers, as well as proposing authority to ...›


U.S. District Court for the District of Columbia Finds That Alleged Cybersecurity Vulnerability Is Not Material Under False Claims Act

In a decision sure to bring some comfort to contractors providing information technology equipment and services to the federal government, a U.S. district court judge recently granted a motion to dismiss a False Claims Act (FCA) suit, finding that the relator both failed to establish materiality under the FCA and failed to prove the necessary scienter on the part of the contractor. ...›

September 30, 2020Cybersecurity & Data Privacy

Department of Defense Issues CMMC Interim Rule, Setting up a Two-Part Process for Review of Contractor IT Systems

On September 29, 2020, the Department of Defense (DoD) issued a long-anticipated interim rule implementing its Cybersecurity Maturity Model Certification (CMMC) program.  The rule introduces a new mandatory construct, the DoD Assessment Methodology, to serve as an interim certification process before contractors undergo a full CMMC review.  A full description of the interim rule and ...›