Photo of Michael G. Gruden

Admitted in New York only; practicing under the supervision of DC Bar members

With even DoD officials acknowledging cyber threats ranging from exfiltrating our top military secrets (“the terabyte of death” per DISA’s Director) to seizing control of SECDEF’s car to sinking Navy vessels with critical infrastructure attacks, both federal agencies and government contractors are in the pressure cooker.  For contractors, bad cybersecurity not only opens the door to cyber espionage and privacy breaches followed by costly clean-up and lost trade secrets, but now – with the latest DoD guidance – may put critical contract awards at risk.  Join us this Thursday, May 17, at 1:00 PM Eastern, as Crowell & Moring attorneys Paul Rosen, Evan Wolff, David Bodenheimer, and Michael Gruden lead a discussion highlighting recent developments impacting the volatile privacy and cybersecurity sector.  Specific topics include:

  • Navigating Government Contracts Information Security and Privacy Risks:  Updates to NIST Cybersecurity Standards, Pending FAR Cyber Clauses, and DFARS Safeguarding Clause New Developments
  • Trekking the  Internet of Things (IoT) Cyber Frontier
  • Managing Effective Cyber Incident Response: Preparing Incident Response Plans, Practicing Tabletop Exercises, and Executing Effective Cybersecurity Defense

For more information and to register for OOPS, please click here.

In Matter of: First Fin. Assocs., Inc., B-415713, Feb. 16, 2018, the Government Accountability Office (GAO) denied a protest filed by First Financial Associates, Inc. (FFA)  against an award by the Department of Homeland Security, U.S. Secret Service (DHS/USSS) to FEEA Childcare Services, Inc. (FEEA) for the administration of a childcare subsidy program.  FFA alleged that their proposal was not evaluated consistently with the RFP’s evaluation criteria regarding the protection of personally identifiable information (PII) incident reporting requirements.

Continue Reading How Quickly Should Contractors Report Data Breaches? GAO Denies Protest Finding 12 Hours Is Not Fast Enough

The National Institute of Standards and Technology (NIST) recently published a draft special publication titled Systems Security Engineering: Resiliency Considerations for the Engineering of Trustworthy Secure Systems (Volume 2), which provides guidance to professionals responsible for the activities and tasks related to the system life cycle processes in NIST’s flagship publication, NIST Special Publication 800-160 Volume 1 (Volume 1).  Volume 2 is the first in a series of systems security engineering publications supplementing Volume 1, and describes how to apply cyber resiliency concepts, constructs, and engineering practices, as part of systems security engineering.

Volume 1 built upon well-established international standards for systems and software engineering to describe the actions necessary to develop more defensible and survivable systems.  Volume 2 describes cyber resiliency principles that organizations can select and apply to their own systems based on the organization’s threat environment.   These principles help organizations address certain types of advanced cyber-threats that have the capability to breach critical systems, establish a presence within those systems often undetected, and inflict immediate and long-term damage to economic and security interests.  Among other things, developers could look to the draft publication for guidance on how to increase the security of older legacy systems in order to limit potential hackers’ access in the event of a data breach.   NIST is accepting public comments until May 18, 2018.