Susan Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors. She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components. Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations. From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.

Subscribe to all posts by Susan Cassidy

USSC Issues RFP For Report On Supply Chain IT Vulnerabilities From China

On May 11, 2017, the U.S. China Economic and Security Review Commission (“Commission”) issued a Request for Proposal to “to provide a one-time unclassified report on supply chain vulnerabilities from China in U.S. federal information technology (IT) procurement.” Congress established the Commission in 2000 to monitor and report to Congress on the national security implications … Continue Reading

Challenges and Priorities for the New Secretary of Labor

By Jeff Bozman, Susan Cassidy and Lindsay Burke on April 28, 2017 Posted in Employment, Government Contracts Regulatory Compliance

Alex Acosta was confirmed by the Senate to be the next Secretary of Labor. He now takes responsibility for several high-profile issues with critical implications for government contractors. As we have previously written, the Labor Department was an exceptionally active regulator from 2013 through the end of the Obama Administration. Although few of us expect … Continue Reading

New FAR Rule: Government May Disqualify Contractors Who Use Standard Confidentiality Language with Employees and Subcontractors

By Susan Cassidy and Evan Sherwood on April 24, 2017 Posted in Employment, False Claims Act, Government Contracts Regulatory Compliance, Procurement Policy

Under a new FAR rule, standard language in confidentiality agreements could lead to disqualification from contracting or False Claims Act liability.… Continue Reading

DoD Further Clarifies Its DFARS Cybersecurity Requirements

By Patrick Stanton and Susan Cassidy on February 8, 2017 Posted in Commercial Items, Cybersecurity, Defense Industry, Government Contracts Regulatory Compliance, Information Technology Contracting, Procurement Policy

On January 27, 2017, the Department of Defense (DoD) issued an updated Frequently Asked Questions (FAQ) regarding the application and requirements of DFARS 252.204.7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. Though questions remain regarding various nuances of the rule, the FAQ is a helpful document for those contractors still working on implementation of … Continue Reading

More Cybersecurity Changes Expected for Contractors in 2017

By Susan Cassidy and Anuj Vohra on December 29, 2016 Posted in Cybersecurity, Defense Industry, Government Contracts Regulatory Compliance

In 2016, the dangers presented by an increasingly digital world clearly were on display. A cyber-attack using an army of Internet of Things devices interfered with the operations of major commercial websites. And the Presidential Election was plagued with allegations of state-sponsored cybersecurity hacking (for which the Obama Administration just issued sanctions against the Russian … Continue Reading

Cybersecurity Update: DoD Releases Long-Awaited Final Rule

By Susan Cassidy, Michael Wagner and Julia Lippman on October 25, 2016 Posted in Cybersecurity, Defense Industry

On October 21, 2016, the Department of Defense (DoD) issued its long-awaited Final Rule—effective immediately—imposing safeguarding and cyber incident reporting obligations on defense contractors whose information systems process, store, or transmit covered defense information (CDI). The Final Rule has been years in the making and is the culmination of an initial rule issued in November … Continue Reading

DoD Finalizes Rule on Policies for Cyber Incident Reporting

By Susan Cassidy, Ashden Fein and John Sorrenti on October 10, 2016 Posted in Cybersecurity, Government Contracts Regulatory Compliance

On October 4th, the Department of Defense (DoD) issued a Final Rule implementing mandatory cyber incident reporting requirements for DoD contractors and subcontractors who have “agreements” with DoD. The Final Rule also highlights DoD’s desire to encourage greater participation in the voluntary Defense Industrial Base (DIB) cybersecurity information sharing program. This Rule is effective on … Continue Reading

DoD Finalizes Rule Expanding Contractor Rights in Technical Data

By Susan Cassidy on September 28, 2016 Posted in Commercial Items, Data Rights, Defense Industry, Government Contracts Regulatory Compliance, Procurement Policy, Procurement Reform, Uncategorized

DoD has issued a Final Rule that gives added protections to the technical data of privately developed commercial items incorporated into major systems, including major weapon systems. This rule implements Section 813(a) of the National Defense Authorization Act (NDAA) for Fiscal Year 2016 and modifies 10 U.S.C.§ 2321(f).… Continue Reading

NARA Sets the Stage for a Final FAR Cyber Clause

By Patrick Stanton and Susan Cassidy on September 19, 2016 Posted in Cybersecurity

On September 14, 2016, the National Archives and Record Administration (“NARA”) issued a Final Rule, effective November 13, 2016, establishing cross-agency practices and procedures for safeguarding, disseminating, controlling, destroying, and marking Controlled Unclassified Information (CUI). Although the Final Rule only applies directly to executive branch agencies that designate or handle information that meets the standards … Continue Reading

DOD Final Rule Addresses Source Requirements and Cost Recovery for Use of Counterfeit Electronic Parts

By Patrick Stanton and Susan Cassidy on August 31, 2016 Posted in Cybersecurity, Defense Industry, Information Technology Contracting

Supply chain protection has been a point of increasing emphasis by the Government and especially the Department of Defense (“DoD”) in recent years. In no area is this more true than ensuring that Government systems and equipment are free from counterfeit electronic parts, which can raise both security and defect concerns. DoD has accordingly taken several steps, many of which have taken the form of new requirements on contractors, to protect against counterfeit electronic parts. With these requirements has come added risk to contractors that even mistakenly use electronic parts in the goods they sell to DoD. However, an August 30, 2016, final DFARS rule (implemented at DFARS 2301.205-71) seeks to mitigate some of this risk by allowing contractors to recover the cost of replacing counterfeit electronic parts, as long as the contractor has taken certain steps to prevent the use of such parts.… Continue Reading

DoD Finally Issues Proposed Rule Addressing 2012 NDAA Changes to Technical Data Rights

By Susan Cassidy and Terra White Fulham on July 12, 2016 Posted in Data Rights, Defense Industry, Intellectual Property Rights and Internal Investigations

On June 16, 2016, the Department of Defense (DoD) issued a proposed rule to implement Section 815 of the National Defense Authorization Act for Fiscal Year 2012, which was originally enacted in December 2011. Under the proposed rule, DoD would be given additional flexibility to release technical data or computer software to third parties (including … Continue Reading

Supreme Court on False Claims Act: Implied Certification OK, But Materiality Is No Gimme

By Susan Cassidy, Jason Workmaster, Michael Wagner and Alexander Hastings on June 20, 2016 Posted in False Claims Act

Last week, in Universal Health Services Inc. v. U.S. ex rel. Escobar, the Supreme Court unanimously affirmed the viability of the “implied false certification” theory of False Claims Act liability, at least in certain circumstances. Writing for a unanimous Court, Justice Thomas explained that a defendant can face FCA liability under an implied certification theory … Continue Reading

Final FAR Cyber Rule Issued on Basic Safeguarding Requirements

By Susan Cassidy on May 17, 2016 Posted in Cybersecurity

On May 16, 2016, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a Final Rule to add a new subpart and contract clause (52.204-21) to the Federal Acquisition Regulation (FAR) “for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract … Continue Reading

DoD Rule Would Help Contractors Protect Their Technical Data Rights in Commercial Items Used in Major Systems

By Alex Sarria, Kathy Brown and Susan Cassidy on May 13, 2016 Posted in Commercial Items, Data Rights, Defense Industry, Government Contracts Regulatory Compliance, Procurement Policy, Procurement Reform

The Department of Defense (DoD) is considering a proposed rule that would help contractors protect their technical data rights in privately-developed commercial items that are incorporated into major systems, including major weapons systems. The proposed rule likely will be welcomed news to the defense industry, which has long sought to defend contractors’ intellectual property rights … Continue Reading

Civil Penalties Across All Federal Agencies Set to Increase Significantly by August 2016

By Susan Cassidy and Catlin Meade on May 6, 2016 Posted in False Claims Act

On May 3, 2016, the U.S. Railroad Retirement Board (“RRB”) issued an interim final rule adjusting civil False Claims Act (“FCA”) and Program Fraud Civil Remedies Act (“PFCRA”) monetary penalty amounts for the RRB. The interim final rulemaking resulted in an increase of the PFCRA maximum to $10,781 and a new FCA range of $10,781-$21,563. … Continue Reading

DHS Seeking Input on ISAO Standards

By Susan Cassidy on April 28, 2016 Posted in Cybersecurity, Defense Industry

The Department of Homeland Security (DHS) has announced a public meeting on May 18-19, 2016 to “discuss and debate Voluntary Standards for Information Sharing and Analysis Organizations (ISAOs) as they relate to” Executive Order 13691 (EO 13691). See 81 Fed. Reg. 23506. This meeting follows the recent passage of the Cybersecurity Act of 2015, which … Continue Reading

President Obama Unveils Cybersecurity National Action Plan and Issues Two New Executive Orders Directed at Cybersecurity and Privacy Concerns

By Susan Cassidy and Catlin Meade on February 15, 2016 Posted in Cybersecurity, Privacy

President Obama unveiled on February 9, 2015 his Cybersecurity National Action Plan (CNAP), a combination of near-term actions and long-term strategy to “enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” In conjunction with this unveiling, … Continue Reading

District Court Invalidates Important FHWA Exemptions to the “Buy America” Requirement

By Susan Cassidy and Frederick Benson on February 10, 2016 Posted in Construction Contracting

On December 22, 2015, the U.S. District Court for the District of Columbia invalidated a Federal Highway Administration (FHWA) memorandum setting out the Agency’s position on the “Buy America” waiver for steel manufactured products. The decision creates uncertainty as to the proper administration of Buy America requirements, and will likely reduce demand for steel and … Continue Reading

Inside New FAR Whistleblower Rule: Key Takeaways for Contractors

By Susan Cassidy and Michael Wagner on February 5, 2016 Posted in Procurement Fraud and Internal Investigations, Procurement Policy

On January 22, 2016, the FAR Council published a proposed rule that, if adopted, would impose a government-wide prohibition on contracting with companies that limit the ability of employees or subcontractors to lawfully report fraud, waste, and abuse to the government. Given the proposed rule’s near-universal application and potentially devastating consequences for violators, contractors would … Continue Reading

Time Is On My Side: DoD Hears Industry Concerns – Additional Time Provided to Implement Security Controls Under New Cyber Rule

By Susan Cassidy and John Sorrenti on December 30, 2015 Posted in Cybersecurity, Defense Industry, Government Contracts Regulatory Compliance, Information Technology Contracting

On December 30th, the Department of Defense (DoD) issued a Second Interim Rule amending its “Network Penetration Reporting and Contracting for Cloud Services” Interim Rule and giving contractors until December 31, 2017 to implement the NIST SP 800-171 security controls required by DFARS 252.204-7012. As noted in a previous post, DoD has already issued a … Continue Reading

High Court to Resolve Split of Authority on “Implied” False Claims

By Jeff Bozman and Susan Cassidy on December 13, 2015 Posted in False Claims Act, Government Contracts Regulatory Compliance, Jurisdiction

On December 3rd, the Department of Justice released its annual summary of recoveries in False Claims Act (FCA) cases. Although down from last year’s $5.69 billion, this year’s recoveries of $3.5 billion demonstrate the power that the government wields to drive settlements of fraud allegations. Of the $3.5 billion, $1.1 billion in recoveries are attributable … Continue Reading

Contractor Defeats Government’s Opportunistic Allegations of Fraud

By Susan Cassidy and Jade Totman on November 16, 2015 Posted in Claims and Contract Disputes, False Claims Act

On October 31, 2015, the U.S. Court of Federal Claims (CoFC) in Horn & Associates, Inc. v. United States (No. 08-415C) rejected three fraud-based counterclaims that were filed by the U.S. Government in response to a breach of contract action brought by the plaintiff, Horn & Associates (Horn), through a certified claim under the Contract … Continue Reading

DoD Issues Final Rule Addressing Exclusion of Contractors that Present Supply Chain Risk in National Security System Procurements

By Susan Cassidy and Alexander Hastings on November 2, 2015 Posted in Uncategorized

On October 30, 2015, the Department of Defense (“DoD” or the “Department”) issued a Final Rule amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) and clarifying the scope of the DoD’s ability to evaluate and exclude contractors that represent “supply chain risks” in solicitations and contracts involving the development or delivery of IT products and … Continue Reading

DoD Issues Targeted Class Deviation Updating Recently Adopted Cybersecurity DFARS Clauses

By Susan Cassidy, Alex Sarria, Patrick Stanton and Catlin Meade on October 12, 2015 Posted in Cybersecurity, Defense Industry, Government Contracts Regulatory Compliance, Information Technology Contracting, Privacy, Procurement Policy, Procurement Reform

Last week, on October 8th, DoD issued a class deviation replacing DFARS 252.204-7012 and 252.204-7008 with revised clauses that give covered contractors up to nine (9) months (from the date of contract award or modification incorporating the new clause(s)) to satisfy the requirement for “multifactor authentication for local and network access” found in Section 3.5.3 … Continue Reading