Photo of Kate M. Growley, CIPP/G, CIPP/US

Kate M. Growley is a counsel in the Washington, D.C. office of Crowell & Moring, where she is a member of the firm's Privacy & Cybersecurity, Government Contracts, and Litigation groups. Her practice covers a wide range of counseling and litigation engagements, including cybersecurity compliance reviews, risk assessments, incident response, law enforcement cooperation, regulatory investigations, data breach class actions, trade secrets litigation, and health care disputes.

Kate is a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/US, CIPP/G) and has been named a “Rising Star” by both Law360 (2018) and the American Bar Association's Science & Technology Section (2016).

 

 

In conjunction with his remarks at the White House Summit on Cybersecurity at Stanford University earlier this month, President Obama signed Executive Order 13691, entitled “Promoting Private Sector Cybersecurity Information Sharing.”  Published in the Federal Register last week, the Order is intended to encourage and facilitate cybersecurity information sharing within the private sector, and

After a year of development, NIST has released the long-awaited Cybersecurity Framework, which promises to have significant implications for the public and private sectors alike. The final version retains much of the Framework Core set forth in its draft version and provides a blueprint to align cybersecurity efforts, along with the accompanying Roadmap document

The executive cyber machine continues to hum along. Last month, the White House previewed possible “cyber incentives” that could coax private industry into following the cyber “best practices” that the government will promulgate in the not-too-distant future. The target audience is critical infrastructure: private companies that provide services so vital to the nation’s day-to-day function that the government feels obligated to ensure their resilience. Think standard utilities like water and electricity, cell phone and internet service, and banking.

Seven months ago, on February 12, 2013, President Obama signed Executive Order 13636, which called for a three-part approach to mitigating the cyber threats that the nation’s critical infrastructures face – information sharing, privacy, and cybersecurity practices. In an effort to promote the last of these three, the White House has been working with critical industry owners and operators to define a set of best practices that it will eventually consolidate into a “Cybersecurity Framework.” The Framework would become the standard for a “Voluntary Program” in which critical infrastructure companies participate. The hitch, however, is how to convince those private sector companies to actually join the Program.
Continue Reading

2013 has been a historic year for cybersecurity, privacy and data breach issues. From the President’s Executive Order, to the revised NIST security & privacy controls, and to the groundbreaking Mandiant report on cyber espionage, the pressure is on for companies to secure their handling of sensitive data.

In order to mitigate the risk of data breach, cyber theft, and the loss of trade secrets and other intellectual property, both the government agencies and private companies need to understand the sector-specific rules and requirements for information security, privacy, and data protection. Only after the rules of the road are fully understood can agencies and contractors implement policies to mitigate the risks posed by cyber threats.
Continue Reading

On February 12, 2013, President Obama signed Executive Order 13636 for Improving Critical Infrastructure Cybersecurity (EO), along with Presidential Policy Directive-21 on Critical Infrastructure Security and Resilience (PPD-21). Now, some 120 days later, federal agencies are feeling the crunch to report back to the White House with their findings on the state of federal cybersecurity and their recommendations going forward.

Among those with a June 12, 2013, deadline are the Department of Defense and the General Services Administration. Under Section 8(e) of the EO, the two agencies were to consult with the Department of Homeland Security (DHS) and the Federal Acquisition Regulation (FAR) Council to craft recommendations regarding how to improve cybersecurity within federal procurement. Specifically, their June 12 report should inform the President on the feasibility of incorporating cybersecurity standards into federal acquisitions, along with the security benefits and other relative merits of doing so.
Continue Reading

After years of abortive attempts by Congress to enact comprehensive cybersecurity legislation, the President took matters into his own hands on February 12, signing an Executive Order, Improving Critical Infrastructure Cybersecurity.  Identifying the cyber threat as “one of the most serious national security challenges we must confront,” this Order, along with its contemporaneous Presidential

Just before the closing bell for 2012, the federal government gave its first approval for government-wide security authorization to a cloud service provider.  On December 26, the General Services Administration (GSA) certified its first cloud service provider under the Federal Risk and Authorization Management Program, more commonly known as FedRAMP.  The GSA expects last month’s

As a part of the Senate’s recent passage of the 2013 National Defense Authorization Act, Senator Carl Levin (D-MI) has introduced an amendment that would direct the Department of Defense to establish procedures requiring contractors with security clearances to make disclosures when their covered networks have been successfully breached. Amendment 3195 appears to be the

Proponents of the Cyber Intelligence Sharing and Protection Act (more commonly known as CISPA) won a small battle last month when the House of Representatives passed the proposed bill by a vote of 248 to 168, with 42 yays from Democrats.  Yet the war for comprehensive cybersecurity legislation is far from over, as CISPA’s next

In an effort to comply with the 2011 Budget Control Act, the Department of Defense has proposed a “difficult but manageable” budget that will save approximately $259 billion over the next five years, totaling $487 billion in savings within a decade. Coordinated with President Obama’s defense strategy guidance, this new budget provides a glimpse into