Cyber

Subscribe to Cyber
Photo of Nayar IslamPhoto of Stephen M. ByersPhoto of Jason CrawfordPhoto of Nkechi KanuPhoto of Brian Tully McLaughlin

A False Claims Act (FCA) settlement recently announced by the U.S. Department of Justice stands at the intersection of two evolving trends:  DOJ’s increasing focus on cybersecurity lapses by government contractors as part of its Civil Cyber-Fraud Initiative, and DOJ policies incentivizing corporations to voluntarily self-disclose violations of federal law.

On September 5, 2023, DOJ announced a $4 million settlement with Verizon Business Network Services LLC (Verizon) addressing allegations that Verizon violated the FCA because certain telecommunications services it provided to federal agencies under its General Services Administration (GSA) contracts did not comply with applicable cybersecurity requirements, namely the Office of Management and Budget’s Trusted Internet Connections (TIC) initiative.  DOJ specifically alleged that Verizon’s Managed Trusted Internet Protocol Service (MTIPS)—an information technology service that allows federal agencies to securely connect to public internet and external networks—did not comply with three security controls in the Department of Homeland Security’s TIC Reference Architecture Document, including a control that required the use of FIPS 140-2 validated cryptography.  The Verizon settlement represents the latest example of DOJ’s continued focus on cybersecurity cases, a trend that we believe will only continue to escalate going forward.

Continue Reading Civil Cyber-Fraud Settlement Highlights Potential for Cooperation Credit

Photo of Peter J. EyrePhoto of M.Yuan Zhou

This week’s episode covers two notable False Claims Act settlements and the White House National Cybersecurity Strategy Implementation Plan, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring’s “Fastest 5 Minutes” is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts

Photo of Sarah RippyPhoto of Alexander UrbelisPhoto of Evan D. WolffPhoto of Neda ShaheenPhoto of Garylene “Gage” JavierPhoto of Kate Growley

On June 18, 2023, the Biden-Harris administration announced the launch of a new “U.S. Cyber Trust Mark” program (hereinafter the “Program”). First proposed by Federal Communication Commission (“FCC”) Chairwoman Jessica Rosenworcel, the Program aims to increase transparency and competition across the smart devices sector and to assist consumers in making informed decisions about the security of the devices they purchase.

Continue Reading Biden Admin Eyes IoT Cyber Practices

Photo of Michael G. Gruden, CIPP/GPhoto of Evan D. WolffPhoto of Maida Oringher LernerPhoto of Jacob Harrison

On May 10, 2023, the National Institute of Standards and Technology (NIST) released a draft of NIST Special Publication (SP) 800-171 Revision 3, containing new and revised cybersecurity controls that, when finalized, will be required for federal contractors handling Controlled Unclassified Information (CUI).

NIST proposed five key changes to NIST SP 800-171:

  1. New controls
Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Stephanie CrawfordPhoto of Michael G. Gruden, CIPP/G

Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice,

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Maida Oringher LernerPhoto of Evan D. Wolff

Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in