Photo of Susan B. Cassidy

Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.

This is the thirty-third in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to

This is the thirty-second in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through November 2023.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during December 2023.  It also describes key actions taken during December 2023 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, secure software, and federal government contractors.Continue Reading December 2023 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

On January 4, 2024, the U.S. Attorney’s Office for the District of New Jersey announced that it has filed criminal wire fraud and false statement charges against the Chief Executive Officer (CEO) of a company that knowingly sold certain surveillance and security cameras to prosecutors’ offices, sheriffs’ offices, and police departments in the state of

On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, covered in a separate blog, is titled “Cyber Threat and Incident Reporting and Information Sharing,” and adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems,” covers cybersecurity contractual requirements for unclassified Federal information systems.

Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through November 2023. This blog describes key requirements imposed by the proposed “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” rule (the “Proposed Standardizing Rule”)

Proposed Cybersecurity Requirements for Unclassified Federal Information Systems

As directed by the Cyber EO, the Proposed Standardizing Rule would establish cybersecurity policies, procedures, and requirements for contractors that develop, implement, operate, or maintain Federal Information Systems (“FIS”). Under the rule, a FIS is defined as “an information system used or operated by an agency, by a contractor of an agency, or by another organization on behalf of an agency.”Continue Reading Proposed FAR Rule: “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems”

This is the thirty first in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described actions taken by various government agencies to implement the Cyber EO from June 2021 through October 2023.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during November 2023.  It also describes key actions taken during November 2023 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, secure software, and federal government contractors.Continue Reading November 2023 Developments Under President Biden’s Cybersecurity andArtificial Intelligence Executive Orders and National Cybersecurity Strategy

This is the thirtieth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to

Echoing the Obama Administration’s Better Buying Initiative, the Biden Administration announced the Better Contracting Initiative (“BCI”), a four-pronged initiative designed to ensure the Federal Government gets better, and more consistent, terms and prices when purchasing commercial goods and services, while enhancing support for small and disadvantaged businesses.  The Initiative’s four prongs include:Continue Reading More Bang for the Government’s Buck: The Biden Administration Announces the Better Contracting Initiative

This is the twenty-ninth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through August 2023.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during September 2023. Continue Reading September 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

On October 5, 2023, the Federal Acquisition Regulatory Council (FAR Council) issued an interim Federal Acquisition Regulation rule (FAR rule) that implements the Federal Acquisition Supply Chain Security Act (FASCSA).  This FAR rule implements the requirements of the Federal Acquisition Supply Chain Security Act of 2018 and the Federal Acquisition Security Council (FASC) final rule for complying with exclusion or removal orders. The FAR rule represents yet another step by the Government to mitigate the security risks that the Government perceives with the use of information technology that may be produced or provided by countries considered to be foreign adversaries.  Like similar supply chain prohibitions, the rule requires contractors to conduct diligence to ensure that articles and sources covered by a FASCA exclusion or removal order are not provided to the Government, to make an affirmative representation to the Government that such articles and sources will not be provided, and to promptly report if any are identified.  The FAR rule will become effective on December 4, 2023, and will apply to new contracts and contracts subject to extension or renewal.  The rule instructs that existing IDIQ contracts should be modified by the Government within six months of December 4, 2023 to apply the requirements to future orders.

Additional information about the rule and its relationship to existing FASCSA regulations is outlined below.Continue Reading FAR Council Issues Interim Rule Outlining Procedures Relating to Excluded Covered Articles and Sources

On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, titled “Cyber Threat and Incident Reporting and Information Sharing,” adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, which we will cover in a separate blog post, is titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” and covers cybersecurity contractual requirements for unclassified Federal information systems.

Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through September 2023. This blog describes key requirements imposed by the proposed “Cyber Threat and Incident Reporting and Information Sharing” rule.Continue Reading FAR Cyber Threat and Incident Reporting and Information Sharing Rule