When it became law on July 7, 2014, the 2014 Intelligence Authorization Act (“IAA”) gave the Director of National Intelligence (“DNI”) 90 calendar days to issue new regulations addressing the requirement that “cleared intelligence contractors” report any “successful penetration” of their networks and information systems.  With the DNI on the clock, what can these contractors expect?

For one thing, following a penetration of a covered network or information system, the DNI regulations will require that a cleared intelligence contractor report the following information to a designated element of the Intelligence Community (“IC”):

  • A description of the technique or method used in such penetration;
  • A sample of the malicious software, if discovered and isolated by the contractor, involved in such penetration; and
  • A summary of information created by or for an element of the IC that has been potentially compromised.

The DNI regulations will specify the turn-around time for these reports (by comparison, under regulations for Department of Defense contracts, a report would be required within 72 hours).

Some requirements may be more onerous.  For example, the DNI regulations will implement an IAA requirement that intelligence community contractors give IC personnel access to equipment or information in the event of a “successful penetration” of a covered network so that the IC personnel can conduct a forensic analysis of the breach.  The regulations should prohibit the IC from disseminating the information from such a forensic analysis without the contractor’s consent.  Still, whether the IC will be barred from using the information for other purposes, such as for responsibility or past performance determinations, is unclear.

For more detailed information concerning the rapid reporting requirements under the IAA, please see our recent blog post addressing this topic.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government…

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.