Ashden Fein

Ashden Fein is co-chair of Covington’s Data Privacy and Cybersecurity Practice. He advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance. Ashden also serves as lead counsel in criminal, civil, and internal investigations involving cybersecurity, insider risk, and U.S. national security issues.

Ashden regularly counsels clients on preparing for and responding to cyber-based attacks, assessing security controls and practices for the protection of data and systems, developing and implementing cybersecurity risk management and governance programs, and complying with federal and state regulatory requirements. Ashden frequently supports clients as the lead investigator and crisis manager for global cyber and data security incidents, including data breaches involving personal data, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, extortion and ransomware, and destructive attacks.

Ashden also assists clients from across industries with leading internal investigations and responding to government inquiries related to U.S. national security and insider risks. He frequently represents government contractors in False Claims Act matters involving cybersecurity and national security. Additionally, he advises aerospace, defense, and intelligence contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), U.S. government cybersecurity regulations, FedRAMP, and requirements related to supply chain security.

Before joining Covington, Ashden served on active duty in the U.S. Army as a Military Intelligence officer and prosecutor specializing in cybercrime and national security investigations and prosecutions -- to include serving as the lead trial lawyer in the prosecution of Private Chelsea (Bradley) Manning for the unlawful disclosure of classified information to Wikileaks. Ashden is a retired U.S. Army officer.

Contact:

October 2024 Developments Under President Biden’s AI Executive Order

By Robert Huffman, Susan B. Cassidy, Ashden Fein, Nooree Lee, Ryan Burnette & August Gweon on November 15, 2024

Posted in Artificial Intelligence (AI), Government Contracts Regulatory Compliance

This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023. The first blog summarized the AI EO’s key provisions and related OMB guidance, and subsequent blogs described the actions taken by various government agencies to implement the AI EO from November 2023 through September 2024 . This blog describes key actions taken to implement the AI EO during October 2024. We will discuss developments during October 2024 to implement President Biden’s 2021 Executive Order on Cybersecurity in a separate post.

Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations

By Ryan Burnette, Susan B. Cassidy, Krissy Chapman, Ashden Fein, Robert Huffman & Darby Rourick on November 12, 2024

Posted in Cybersecurity, Defense Industry, False Claims Act

On Tuesday, October 22, 2024, Pennsylvania State University (“Penn State”) reached a settlement with the Department of Justice (“DoJ”), agreeing to pay the US Government (“USG”) $1.25M for alleged cybersecurity compliance violations under the False Claims Act (“FCA”). This settlement follows a qui tam action filed by a whistleblower and former employee of Penn State’s Applied Research Laboratory. The settlement agreement provides some additional insight into the priorities of DoJ’s Civil Cyber Fraud Initiative (“CFI”) and the types of cybersecurity issues of interest to the Department. It also highlights the extent to which DoJ is focusing on the full range of cybersecurity compliance obligations that exist in a company’s contract in enforcement actions.

September 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

By Robert Huffman, Susan B. Cassidy, Ashden Fein, Matthew Harden & Ryan Burnette on October 16, 2024

Posted in Cybersecurity, Government Contracts Regulatory Compliance

This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through August 2024. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during September 2024. We discuss developments during September 2024 to implement President Biden’s Executive Order on Artificial Intelligence in a separate post.

Cybersecurity Maturity Model Certification (CMMC) Program Final Rule Announced

By Robert Huffman, Susan B. Cassidy, Ashden Fein, Ryan Burnette & Darby Rourick on October 11, 2024

Posted in Cybersecurity

On October 11, 2024, the U.S. Department of Defense (“DoD”) released an unpublished version of the Cybersecurity Maturity Model Certification (“CMMC”) Program Rule. The final rule will be published in the Federal Register on October 15, 2024 and will become effective sixty days after publication. This rule formally establishes the CMMC Program for DoD and is one of two complementary sets of regulations that govern operation of the Program.

September 2024 Developments Under President Biden’s AI Executive Order

By Robert Huffman, Susan B. Cassidy, Ashden Fein, Nooree Lee, Ryan Burnette, August Gweon & Catherine Wettach on October 11, 2024

Posted in Artificial Intelligence (AI)

This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023. The first blog summarized the AI EO’s key provisions and related Office of Management and Budget (“OMB”) guidance, and subsequent blogs described the actions taken by various government agencies to implement the AI EO from November 2023 through August 2024 . This blog describes key actions taken to implement the AI EO during September 2024. It also describes related developments in California related to the goals and concepts set out by the AI EO. We will discuss developments during September 2024 to implement President Biden’s 2021 Executive Order on Cybersecurity in a separate post.

August 2024 Developments Under President Biden’s AI Executive Order

By Robert Huffman, Susan B. Cassidy, Ashden Fein, Ryan Burnette & August Gweon on September 10, 2024

Posted in Artificial Intelligence (AI), Cybersecurity

This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023. The first blog summarized the AI EO’s key provisions and related OMB guidance, and subsequent blogs described the actions taken by various government agencies to implement the AI EO from November 2023 through July 2024 . This blog describes key actions taken to implement the AI EO during August 2024. It also describes key actions taken by NIST and the California legislature related to the goals and concepts set out by the AI EO. We will discuss developments during August 2024 to implement President Biden’s 2021 Executive Order on Cybersecurity in a separate post.

August 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

By Robert Huffman, Susan B. Cassidy, Ashden Fein, Matthew Harden & Ryan Burnette on September 9, 2024

Posted in Cybersecurity, Government Contracts Regulatory Compliance

This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021through July 2024. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during August 2024. We discuss developments during August 2024 to implement President Biden’s Executive Order on Artificial Intelligence in a separate post.

July 2024 Developments Under President Biden’s Cybersecurity Executive Order and AI Executive Order

By Robert Huffman, Susan B. Cassidy, Nooree Lee, Ashden Fein, Ryan Burnette, Matthew Harden & Catherine Wettach on August 5, 2024

Posted in Artificial Intelligence (AI), Cybersecurity, Information Technology Contracting, Internet of Things (IoT)

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through June 2024. This blog describes key actions taken to implement the Cyber EO during July 2024. It also describes key actions taken during July 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.

June 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

By Robert Huffman, Susan B. Cassidy, Ashden Fein & Ryan Burnette on July 3, 2024

Posted in Artificial Intelligence (AI), Cybersecurity, Government Contracts Regulatory Compliance, Internet of Things (IoT), Procurement Policy, Supply Chain

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through May 2024. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during June 2024. It also describes key actions taken during May 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.

May 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

By Robert Huffman, Susan B. Cassidy, Ashden Fein & Ryan Burnette on July 3, 2024

Posted in Artificial Intelligence (AI), Cybersecurity

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through April 2024. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during May 2024. It also describes key actions taken during May 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.