On September 14, 2022, the Director of the Office of Management and Budget (“OMB”) issued a memorandum to the heads of executive branch departments and agencies addressing the enhancement of security of the federal software supply chain. The memorandum applies to all software (other than agency-developed software) developed or experiencing major version changes to be operated “on the agency’s information systems or otherwise affecting the agency’s information,” and requires new self-attestations from software vendors before that software can be used by agencies.
Bob Huffman represents defense, health care, and other companies in contract matters and in disputes with the federal government and other contractors. He focuses his practice on False Claims Act qui tam investigations and litigation, cybersecurity and supply chain security counseling and compliance, contract claims and disputes, and intellectual property (IP) matters related to U.S. government contracts.
Bob has leading expertise advising companies that are defending against investigations, prosecutions, and civil suits alleging procurement fraud and false claims. He has represented clients in more than a dozen False Claims Act qui tam suits. He also represents clients in connection with parallel criminal proceedings and suspension and debarment.
Bob also regularly counsels clients on government contracting supply chain compliance issues, including cybersecurity, the Buy American Act/Trade Agreements Act (BAA/TAA), and counterfeit parts requirements. He also has extensive experience litigating contract and related issues before the Court of Federal Claims, the Armed Services Board of Contract Appeals, federal district courts, the Federal Circuit, and other federal appellate courts.
In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial items and services. He handles IP matters involving government contracts, grants, Cooperative Research and Development Agreements (CRADAs), and Other Transaction Agreements (OTAs).
On March 15, 2022, President Biden signed the Consolidated Appropriations Act 2022, a $1.5 trillion omnibus spending package to fund the government through September 2022. The omnibus spending package includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Act”), which establishes two cyber incident reporting requirements for covered critical infrastructure entities: a 24-hour requirement to report any ransomware payments to the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) and a 72-hour requirement to report all covered cyber incidents to CISA. These requirements will take effect upon the issuance of implementing regulations from the Director of CISA. …
Continue Reading President Biden Signs Critical Infrastructure Ransomware Payment and Cyber Incident Reporting into Law
This is the sixth in the series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the second, third, fourth, and fifth blogs described the actions taken by various federal agencies to implement the EO during June, July, August, and September 2021, respectively. This blog summarizes key actions taken to implement the Cyber EO during October 2021.
Although the recent developments this month are directly applicable to the U.S. Government, the standards being established for U.S. Government agencies could be adopted as industry standards for all organizations that develop or acquire software similar to various industries adopting the NIST Cybersecurity Framework as a security controls baseline.
Continue Reading October 2021 Developments Under President Biden’s Cybersecurity Executive Order
On May 12, the Biden Administration issued an “Executive Order on Improving the Nation’s Cybersecurity.” The Order seeks to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by modernizing federal networks, enhancing the federal government’s software supply chain security, implementing enhanced cybersecurity practices and procedures in the federal government, and creating government-wide plans for incident response. The Order covers a wide array of issues and processes, setting numerous deadlines for recommendations and actions by federal agencies, and focusing on enhancing the protection of federal networks in partnership with the service providers on which federal agencies rely. Private sector entities, including federal contractors and service providers, will have opportunities to provide input to some of these actions.
Continue Reading President Biden Signs Executive Order Aimed at Improving Government Cybersecurity