President Obama unveiled on February 9, 2015 his Cybersecurity National Action Plan (CNAP), a combination of near-term actions and long-term strategy to “enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.”  In conjunction with this unveiling, President Obama signed two Executive Orders directed at improving cybersecurity in both the private and public sectors by establishing groups of informed stakeholders to issue federal recommendations for cybersecurity and privacy protections.

The first Executive Order established the Commission on Enhancing National Cybersecurity to promote and improve cybersecurity awareness and protections throughout the private sector and at all levels of government.  The Commission will be comprised of 12 experts appointed by the President with knowledge of cybersecurity, the digital economy, and related areas.  The Speaker of the House of Representatives, the Minority Leader of the House of Representatives, and both the Majority and Minority Leaders of the Senate are invited to recommend one individual for membership on the Commission.  Federally registered lobbyists and current federal government employees are prohibited from  serving on the Commission

At a minimum, the Commission is charged with developing recommendations that address the following:

  1. increased protections for systems and data, including how to advance identity management, authentication, and cybersecurity of online identities;
  2. ensuring that cybersecurity is a core element of the technologies associated with the Internet of Things and cloud computing;
  3. appropriate investments in research and development initiatives that can enhance cybersecurity;
  4. increasing the quality, quantity, and level of expertise of the federal government cybersecurity workforce, including through education and training;
  5. improving broad-based education of commonsense cybersecurity practices for the general public; and
  6. any other issues that the President, through the Secretary of Commerce, requests the Commission to consider.

President Obama’s second Executive Order establishes a Federal Privacy Council – an interagency support structure tasked with ensuring privacy in agencies that collect, maintain and use citizens’ information and data.  Pursuant to the Order, the head of each agency is required to designate or re-designate a Senior Agency Official for Privacy with the experience and skills necessary to manage an agency-wide privacy program.  In addition, to the extent permitted by law and consistent with ongoing activities, , the head of each agency is required to work with the Council.

The Chair of the Council will be the Deputy Director for Management of the Office of Management and Budget (OMB). The Chair may designate a Vice Chair, establish working groups, and assign responsibilities for operations of the Council as he or she deems necessary.  In addition to the Chair, the Council will include the Senior Agency Officials for Privacy of twenty-four Executive agencies across the federal government.  The Council is tasked with:

  1. developing and recommending new government-wide privacy recommendations to the OMB;
  2. coordinating and sharing ideas, best practices and approaches for protecting privacy and implementing appropriate privacy safeguards;
  3. assessing and recommending how best to address the hiring, training and professional development needs of the federal government with respect to privacy matters; and
  4. performing other privacy-related functions as designated by the chair of the Council.

In addition to the Commission and the Council, the CNAP intends to: propose a $3.1 billion Information Technology Modernization Fund to enable the retirement, replacement, and modernization of legacy IT throughout the government; create the position of the Federal Chief Information Security Officer to drive and implement IT changes government-wide; launch a National Cybersecurity Awareness Campaign to, among other things, encourage citizens to secure their online accounts through multi-factor identification; and invest over $19 billion for cybersecurity in the Fiscal Year 2017 budget.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors…

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.