On March 6, 2026, the Administration released “President Trump’s Cyber Strategy for America” alongside an Executive Order (entitled “Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens”) and accompanying Fact Sheet.  The framework set forth in the Strategy document is significantly shorter and higher-level than the prior National Cybersecurity Strategy issued in March 2023.  We have summarized below the highlights of the Strategy document (Part I) and the Executive Order (Part II), along with key takeaways from each and areas to watch going forward. 

Part I: Cyber Strategy for America

The Cyber Strategy signals the Administration’s focus on deploying offensive and defensive cyber capabilities, enlisting the support of the private sector, hardening and modernizing critical infrastructure and federal networks, streamlining the regulatory environment, and promoting innovation in emerging technologies.  

As detailed below, the Strategy outlines six “Pillars of Action”:  

  1. Shape Adversary Behavior: Deploy defensive and offensive cyber operations using federal resources.  Notably, under the Strategy, the government “will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities.”  The Strategy also highlights the need to dismantle criminal infrastructure, including financial infrastructure. 
  2. Promote CommonSense Regulation: Streamline cybersecurity and data regulations to reduce compliance burdens, align government and industry, and preserve Americans’ privacy.  This is consistent with the Administration’s recent efforts to align the final Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) with industry preferences to reduce regulatory burden and to harmonize reporting obligations.  (The Cybersecurity and Infrastructure Security Agency (“CISA”) plans to convene a series of public town halls to solicit stakeholder feedback on that proposal in the coming weeks.)  Prior public reporting has also suggested that the Administration intends to review a number of other key policies in connection with its release of the Strategy.  Additionally, the National Cyber Director, Sean Cairncross, indicated in remarks yesterday that the Securities and Exchange Commission’s 2023 incident disclosure rule may be revisited.
  3. Modernize and Secure Federal Government Networks: Implement zero‑trust architectures, cloud transition, AI‑powered defenses, post‑quantum cryptography, and improved procurement to accelerate the modernization, defensibility, and resilience of federal systems, and remove barriers to entry for technology procurement.
  4. Secure Critical Infrastructure: Identify, prioritize, and harden critical sectors—such as energy, finance, telecommunications, water utilities, healthcare, and data centers—while securing supply chains and reducing reliance on adversary‑linked vendors.
  5. Sustain Superiority in Critical and Emerging Technologies: Secure U.S. innovation and intellectual property, including securing cryptocurrency and blockchain technologies and promoting adoption of post-quantum cryptography and secure quantum computing.  Promote U.S. leadership in AI and other new technological innovation by securing the “technology stack” to include data centers, promoting agentic AI to scale network defense, and leveraging cyber diplomacy.  
  6. Build Talent and Capacity: Develop a strong, accessible cyber workforce pipeline through education, training, and cross‑sector collaboration and by eliminating barriers that hinder alignment between industry, government, and academia.

Key Takeaways:  The Cyber Strategy envisions a robust private sector role in “identify[ing] and disrupt[ing]” adversary networks.  Although the Cyber Strategy does not authorize private sector actors to engage in offensive cyber operations against nation-state and criminal cyber threats, offensive cyber operations are a key component of the Administration’s overall strategy.  Such efforts are also likely to be further bolstered by the $1 billion appropriation for offensive cyber operations in the One Big Beautiful Bill Act. 

Companies operating in critical infrastructure sectors and technology, defense, and cybersecurity firms should therefore anticipate possible government outreach on efforts to tackle cyber threats and should proactively consider the legal and practical risks associated with engaging in such efforts, as well as how to protect against potential risks if others do so.  These include risks under:

  • The Computer Fraud and Abuse Act (“CFAA”), which contains broad provisions that, among other things, criminalize intentionally accessing a computer without authorization, and analogous state statutes;
  • The Electronic Communications Privacy Act (“ECPA”), which prohibits unauthorized access to and disclosure of communications (in storage and in transit);
  • Rules applicable to government contractors; and
  • Risks under non-U.S. laws that may apply, depending on where the activity occurs.

In addition, the Strategy’s objective of promoting “common-sense” regulation could offer openings for private sector stakeholders to provide input on rulemaking processes that could impact the future of the cybersecurity regulatory landscape in the U.S., including the ongoing CIRCIA rulemaking.

Part II: Executive Order on Combating Cybercrime, Fraud, and Predatory Schemes

Together with the Cyber Strategy, an Executive Order published on the same day directs the Attorney General and the Secretaries of War, Homeland Security, and State (in consultation with the Office of the National Cyber Director and the Assistant to the President and Homeland Security Advisor) to take steps to combat cybercrime and fraud schemes that victimize Americans, including schemes involving ransomware and malware, phishing, financial fraud, “sextortion” and other extortion, and impersonation.  The Order notes that such schemes are often perpetuated by Transnational Criminal Organizations (“TCOs”), which may enjoy the support of foreign regimes. 

In particular, the Order provides for the following:

  • Interagency Plan and Operational Coordination: The Order requires the submission of an action plan within 120 days “that identifies the TCOs responsible for scam centers and cybercrime and proposes solutions to prevent, disrupt, investigate, and dismantle these TCOs.”  The action plan should also provide for the creation of an operational cell within the National Coordination Center (“NCC”) that will coordinate the government’s efforts to address these threats.  The operational cell is to “involve[e] the private sector as appropriate” in efforts to detect, disrupt, dismantle, and deter cyber-enabled criminal activity.
  • Public-Private Engagement: The action plan must also describe how the Attorney General and Secretary of Homeland Security, supported by the Secretary of War, will use “relevant technical capabilities, threat intelligence, and operational insights from commercial cybersecurity firms and other non-Federal entities . . . to enhance attribution, tracking, and disruption of malicious cyber actors and enabling infrastructure engaged in cybercrime, fraud, and predatory schemes.”
  • Enforcement Priorities: Federal prosecutors are directed to prioritize cyber-enabled fraud schemes, including scam centers and sextortion schemes.  This follows the Justice Department’s announcement of a Scam Center Strike Force last year.
  • Support for State and Local Partners: Federal agencies are directed to provide State, local, tribal, and territorial partners with training, resilience and technical assistance with a focus on hardening critical infrastructure.
  • Victims Restoration Program: Within 90 days, the Attorney General is directed to establish a “Victims Restoration Program” to provide “restoration or remission to victims of cyber-enabled fraud schemes from funds clawed back, forfeited, or seized” from cyber criminals that perpetuate such schemes.
  • International Engagement: The Secretary of State is instructed to, in coordination with the NCC, engage with foreign governments “to demand enforcement actions” against criminal organizations operating in their countries and cooperation with U.S. law enforcement.  In addition, the Secretary of State is to consider deploying other tools to impose consequences on nations that tolerate these criminal organizations, including by limiting foreign aid, imposing sanctions and trade penalties, restricting visas, and expelling foreign officials and diplomats.  

Key Takeaways: Taken together, the Order and Fact Sheet underscore the Administration’s continued focus on combating TCOs, including those engaged in cybercrime and fraud targeting American citizens.  While the Order mentions ransomware schemes, it also highlights sextortion schemes and scam centers as targets of the Administration’s proposed activities.  

In addition to the actions mentioned above, the Order follows several additional steps the Administration has taken to address these threats in the last year, including:

  • The publication of an advisory by the Treasury Department’s Financial Crimes Enforcement Network to help financial institutions detect and disrupt financially motivated sextortion networks; and
  • The Treasury Department’s designation of Southeast Asian cyber scam networks.

As with the Cyber Strategy, the Order and Fact Sheet also envision significant private sector involvement in efforts to counter these threats, and private companies should expect continued government engagement on addressing these criminal cyber and cyber-enabled threats.

Tags: critical infrastructure, Cybersecurity
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ashden Fein Ashden Fein

Ashden Fein is co-chair of Covington’s Data Privacy and Cybersecurity Practice. He advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance. Ashden also serves as lead counsel…

Ashden Fein is co-chair of Covington’s Data Privacy and Cybersecurity Practice. He advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance. Ashden also serves as lead counsel in criminal, civil, and internal investigations involving cybersecurity, insider risk, and U.S. national security issues.

Ashden regularly counsels clients on preparing for and responding to cyber-based attacks, assessing security controls and practices for the protection of data and systems, developing and implementing cybersecurity risk management and governance programs, and complying with federal and state regulatory requirements. Ashden frequently supports clients as the lead investigator and crisis manager for global cyber and data security incidents, including data breaches involving personal data, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, extortion and ransomware, and destructive attacks.

Ashden also assists clients from across industries with leading internal investigations and responding to government inquiries related to U.S. national security and insider risks. He frequently represents government contractors in False Claims Act matters involving cybersecurity and national security. Additionally, he advises aerospace, defense, and intelligence contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), U.S. government cybersecurity regulations, FedRAMP, and requirements related to supply chain security.

Before joining Covington, Ashden served on active duty in the U.S. Army as a Military Intelligence officer and prosecutor specializing in cybercrime and national security investigations and prosecutions — to include serving as the lead trial lawyer in the prosecution of Private Chelsea (Bradley) Manning for the unlawful disclosure of classified information to Wikileaks. Ashden is a retired U.S. Army officer.

Read more about Ashden FeinEmail
Show more Show less
Photo of Caleb Skeath Caleb Skeath

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of…

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of cybersecurity and privacy risk—from governance and preparedness through incident response, regulatory engagement, and follow‑on litigation. A Certified Information Systems Security Professional (CISSP), he is trusted by clients across highly regulated and technology‑driven sectors to provide clear, practical guidance at moments when legal judgment, technical understanding, and business realities must be aligned.

Caleb has deep experience leading and overseeing responses to complex cybersecurity incidents, including ransomware, data theft and extortion, business email compromise, advanced persistent threats and state-sponsored threat actors, insider threats, and inadvertent data loss. He regularly helps in‑house counsel structure and manage investigations under attorney‑client privilege; coordinate with internal IT, information security, and executive stakeholders; and engage with forensic firms, crisis communications providers, insurers, and law enforcement. A central focus of his practice is advising on notification obligations and strategy, including the application of U.S. federal and state data breach notification laws and requirements along with contractual notification obligations, and helping companies make defensible, risk‑informed decisions about timing, scope, and messaging.

In addition to his work responding to cybersecurity incidents, Caleb works closely with clients’ legal, technical, and compliance teams on cybersecurity governance, regulatory compliance, and pre‑incident planning. He has extensive experience drafting and reviewing cybersecurity policies, incident response plans, and vendor contract provisions; supervising cybersecurity assessments under privilege; and advising on training and tabletop exercises designed to prepare organizations for real‑world incidents. His work frequently involves translating evolving regulatory expectations into actionable guidance for in‑house counsel, including in highly-regulated sectors such as the financial sector (including compliance with NYDFS cybersecurity regulations, the Computer Security Incident Notification Rule, and GLBA guidelines and guidance) and the pharmaceutical and healthcare sector (including compliance with GxP standards, FDA medical device guidance, and HIPAA).

Caleb’s practice also addresses evolving and emerging areas of cybersecurity and data security law, including advising clients on compliance with the Department of Justice’s Data Security Program, CISA‑related security requirements for restricted transactions, and preparation for new regulatory regimes such as the CCPA cybersecurity audit requirements and federal incident reporting obligations. He regularly counsels clients on how artificial intelligence and connected devices intersect with cybersecurity, privacy, and consumer protection risk, and how to support innovation while managing regulatory exposure.

Caleb also has extensive experience helping clients navigate high-stakes cybersecurity-related inquiries from the Federal Trade Commission, state Attorneys General, and other sector-specific regulators, including incident-specific inquiries as well as broader inquiries related to an entity’s cybersecurity practices and the security of product or service offerings. For companies that have entered into cybersecurity-related settlement agreements with regulators, Caleb has helped guide them through compliance with settlement agreement obligations, including navigating required third-party assessments and strategically responding to cybersecurity incidents that can arise while a company is subject to a settlement agreement. Caleb also routinely works hand-in-hand with colleagues in Covington’s class action litigation, commercial litigation, and insurance recovery practices to prepare for and successfully navigate incident-related disputes that can devolve into litigation.

Read more about Caleb SkeathEmail
Show more Show less
Photo of Susan B. Cassidy Susan B. Cassidy

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply…

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply chain risk management for companies that sell products and services to the U.S. Government. Susan advises contractors at all phases of the procurement cycle, and regularly:

advises clients on compliance obligations imposed by the FAR, DFARS, and other agency regulatory requirements;
leads internal and government False Claims Act (FCA) investigations addressing allegations of violations of government cybersecurity, national security, supply chain, quality, and MIL-SPEC requirements; and
advises clients who have suffered a cyber breach where U.S. government information may have been impacted.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 252.204-7012, FedRAMP, controlled unclassified information (CUI), and NIST SP 800-171 requirements;
Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 semiconductor product and service restrictions, and limitations on sourcing a variety of products from China; and
Federal Acquisition Security Council (FASC) regulations and product exclusions.

 

Susan previously served as senior in-house counsel for two major defense contractors (Northrop Grumman Corporation and Motorola Incorporated) and is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. Chambers USA has quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Susan’s pro-bono work extends to assisting veterans in a variety of matters, as well as providing advice to elderly clients on their wills and other end-of-life planning documents.

Read more about Susan B. CassidyEmail
Show more Show less
Photo of Robert Huffman Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing…

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under President Trump’s AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice’s Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Read more about Robert HuffmanEmail
Show more Show less
Photo of Ryan Burnette Ryan Burnette

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain…

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain, artificial intelligence, and software development requirements.

Ryan also advises on Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) compliance, public policy matters, agency disputes, and government cost accounting, drawing on his prior experience in providing overall direction for the federal contracting system to offer insight on the practical implications of regulations. He has assisted industry clients with the resolution of complex civil and criminal investigations by the Department of Justice, and he regularly speaks and writes on government contracts, cybersecurity, national security, and emerging technology topics.

Ryan is especially experienced with:

Government cybersecurity standards, including the Federal Risk and Authorization Management Program (FedRAMP); DFARS 252.204-7012, DFARS 252.204-7020, and other agency cybersecurity requirements; National Institute of Standards and Technology (NIST) publications, such as NIST SP 800-171; and the Cybersecurity Maturity Model Certification (CMMC) program.
Software and artificial intelligence (AI) requirements, including federal secure software development frameworks and software security attestations; software bill of materials requirements; and current and forthcoming AI data disclosure, validation, and configuration requirements, including unique requirements that are applicable to the use of large language models (LLMs) and dual use foundation models.
Supply chain requirements, including Section 889 of the FY19 National Defense Authorization Act; restrictions on covered semiconductors and printed circuit boards; Information and Communications Technology and Services (ICTS) restrictions; and federal exclusionary authorities, such as matters relating to the Federal Acquisition Security Council (FASC).
Information handling, marking, and dissemination requirements, including those relating to Covered Defense Information (CDI) and Controlled Unclassified Information (CUI).
Federal Cost Accounting Standards and FAR Part 31 allocation and reimbursement requirements.

Prior to joining Covington, Ryan served in the Office of Federal Procurement Policy in the Executive Office of the President, where he focused on the development and implementation of government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year.  While in government, Ryan helped develop several contracting-related Executive Orders, and worked with White House and agency officials on regulatory and policy matters affecting contractor disclosure and agency responsibility determinations, labor and employment issues, IT contracting, commercial item acquisitions, performance contracting, schedule contracting and interagency acquisitions, competition requirements, and suspension and debarment, among others.  Additionally, Ryan was selected to serve on a core team that led reform of security processes affecting federal background investigations for cleared federal employees and contractors in the wake of significant issues affecting the program.  These efforts resulted in the establishment of a semi-autonomous U.S. Government agency to conduct and manage background investigations.

Read more about Ryan BurnetteEmail
Show more Show less
Photo of Ali Cooper-Ponte Ali Cooper-Ponte

Ali Cooper-Ponte draws on her experience at the U.S. Department of Justice to advise clients on complex and sensitive national security, cybersecurity, and online safety matters across regulatory, investigations, enforcement, and litigation contexts.

In her investigations and litigation practice, Ali guides clients through…

Ali Cooper-Ponte draws on her experience at the U.S. Department of Justice to advise clients on complex and sensitive national security, cybersecurity, and online safety matters across regulatory, investigations, enforcement, and litigation contexts.

In her investigations and litigation practice, Ali guides clients through both internal and government investigations. She helps clients across industries navigate significant enterprise risks, including insider, criminal, and advanced persistent or nation-state threats, as well as challenges relating to emerging technologies. She has also helped clients proactively engage with or respond to inquiries by the U.S. Department of Justice, state Attorneys General, and the Federal Trade Commission.

In her advisory practice, Ali helps clients strategically manage rapidly-changing regulatory and technological landscapes. She counsels clients on compliance with national security, cybersecurity, data privacy, content moderation, and child exploitation laws. She has particular expertise on issues relating to government access to data, including the Electronic Communications Privacy Act and the Foreign Intelligence Surveillance Act and the Fourth Amendment. She also has significant experience with new Federal and state laws implicating Section 230 of the Communications Decency Act and the First Amendment. Here, her experience spans industries (including the technology, healthcare, cryptocurrency and financial services, and aerospace and defense industries) and includes providing practical advice on new legislation, regulatory frameworks, and court rulings as well as developing legislative proposals and potential challenges to new legislation and government action.

Previously, Ali served in the U.S. Department of Justice as Senior Counsel in the Office of the Assistant Attorney General for the Criminal Division, where she focused on the cyber and child exploitation portfolios, and as a Trial Attorney in the National Security Division’s National Security Cyber Section and the Criminal Division’s Computer Crime and Intellectual Property Section. She joined the Justice Department as part of its inaugural class of Cyber Fellows, which gave her broad exposure to the Department’s work to address cyber and cyber-enabled threats.

Earlier in her career, Ali clerked for Judge José A. Cabranes on the U.S. Court of Appeals for the Second Circuit. Prior to law school, Ali worked as a legal investigations specialist focused on electronic surveillance and law enforcement access issues at a large technology company.

In addition to her regular practice, Ali leverages her experience to counsel pro bono clients engaged in work to protect children and civil liberties.

Read more about Ali Cooper-PonteEmail
Show more Show less
Photo of Matthew Harden Matthew Harden

Matthew Harden is a cybersecurity and litigation associate in the firm’s New York office. He advises on a broad range of cybersecurity, data privacy, and national security matters, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, and regulatory inquiries. He…

Matthew Harden is a cybersecurity and litigation associate in the firm’s New York office. He advises on a broad range of cybersecurity, data privacy, and national security matters, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, and regulatory inquiries. He works with clients across industries, including in the technology, financial services, defense, entertainment and media, life sciences, and healthcare industries.

As part of his cybersecurity practice, Matthew provides strategic advice on cybersecurity and data privacy issues, including cybersecurity investigations, cybersecurity incident response, artificial intelligence, and Internet of Things (IoT). He also assists clients with drafting, designing, and assessing enterprise cybersecurity and information security policies, procedures, and plans.

As part of his litigation and investigations practice, Matthew leverages his cybersecurity experience to advise clients on high-stakes litigation matters and investigations. He also maintains an active pro bono practice focused on veterans’ rights.

Matthew currently serves as a Judge Advocate in the U.S. Coast Guard Reserve.

Read more about Matthew HardenEmail
Show more Show less
Photo of Shayan Karbassi Shayan Karbassi

Shayan Karbassi helps clients across industries navigate complex national security and cybersecurity matters to include government and internal investigations, incident and crisis response, regulatory compliance, and litigation.

As part of his cyber practice, Shayan assists clients with cybersecurity incident response and notification obligations…

Shayan Karbassi helps clients across industries navigate complex national security and cybersecurity matters to include government and internal investigations, incident and crisis response, regulatory compliance, and litigation.

As part of his cyber practice, Shayan assists clients with cybersecurity incident response and notification obligations, government and internal investigations of False Claims Act (FCA) issues and insider threats, and compliance with new and evolving federal and state cybersecurity regulations. Shayan also advises U.S. government contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), Federal Risk and Authorization Management Program (FedRAMP), and other U.S. government cybersecurity regulations.

More broadly, Shayan helps clients navigate potential civil and criminal legal risks stemming from operations in certain high-risk jurisdictions. This includes advising clients on U.S. criminal and civil antiterrorism laws, conducting internal investigations of terrorism-financing and related issues, and litigating Anti-Terrorism Act (ATA) claims.

Shayan maintains an active pro bono litigation practice with a focus on human rights, freedom of information, and free media issues.

Before joining Covington, Shayan served as a member of the U.S. intelligence community, where he routinely provided strategic analysis to the President and other senior U.S. policymakers.

Read more about Shayan KarbassiEmail
Show more Show less
Photo of Grace Howard Grace Howard

Grace Howard is an associate in the firm’s Washington, DC office. She represents and advises clients on a range of cybersecurity, data privacy, and government contracts issues including cyber and data security incident response and preparedness, regulatory compliance, and internal investigations including matters…

Grace Howard is an associate in the firm’s Washington, DC office. She represents and advises clients on a range of cybersecurity, data privacy, and government contracts issues including cyber and data security incident response and preparedness, regulatory compliance, and internal investigations including matters involving allegations of noncompliance with U.S. government cybersecurity regulations and fraud under the False Claims Act.

Prior to joining the firm, Grace served in the United States Navy as a Surface Warfare Officer and currently serves in the U.S. Navy Reserve.

Read more about Grace HowardEmail
Show more Show less