Photo of Susan B. Cassidy

Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain, cybersecurity and FedRAMP requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information, as well as representing contractors facing allegations of cyber fraud under the False Claims Act. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan's in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
Federal Acquisition Security Council (FASC) regulations and product exclusions,
Controlled unclassified information (CUI) obligations, and
M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

Procurement fraud and FAR mandatory disclosure requirements,
Cyber incidents and data spills involving sensitive government information,
Allegations of violations of national security requirements, and
Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.

On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144”) (the “Order”) that modifies certain initiatives in prior Executive Orders issued by Presidents Obama and Biden and highlights key cybersecurity priorities for

Continue Reading White House Issues New Cybersecurity Executive Order

On May 22, 2025, the Cybersecurity and Infrastructure Security Agency (“CISA”), which sits within the Department of Homeland Security (“DHS”) released guidance for AI system operators regarding managing data security risks.  The associated press release explains that the guidance provides “best practices for system operators to mitigate cyber risks through

Continue Reading CISA Releases AI Data Security Guidance

This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in April 2025. 

NIST Publishes Initial Draft of Guidance for High Performance Computing Systems

U.S. National

Continue Reading April 2025 Cybersecurity Developments Under the Trump Administration

This is the second blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in March 2025. 

Trump Administration Executive Order on Achieving Efficiency

On March 19, 2025, the Trump

Continue Reading March 2025 Cybersecurity Developments Under the Trump Administration

President Trump has issued two new Executive Orders (“EOs”) that seek to reshape federal procurement.  The much anticipated “Restoring Common Sense To Federal Procurement” EO (the “FAR Reform EO”) seeks to “create the most agile, effective, and efficient procurement system possible” by revising the Federal Acquisition Regulation (“FAR”)

Continue Reading Trump Administration Issues Two Executive Orders Seeking To Remake Federal Procurement

On March 20, 2025, President Trump issued executive order (“EO”) Eliminating Waste and Saving Taxpayer Dollars by Consolidating Procurement, which will have significant effects on federal government contracting.  The EO is intended to consolidate “domestic Federal procurement” within the General Services Administration (“GSA”) to “eliminate waste and duplication.”

The EO has two primary objectives:

  1. It grants GSA an increased role in the U.S. Government’s acquisition of “common goods and services”.
  2. It designates the GSA Administrator as “the executive agent for all Government-wide acquisition contracts for information technology” pursuant to 40 U.S.C. § 11302(e).[1]

We have summarized key provisions and potential effects of the EO further below.Continue Reading Executive Order Issued To Expand GSA’s Role in Acquisition of “Common Goods and Services” and Information Technology

This is the first in a new series of Covington blogs on cybersecurity policies, executive orders, and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in January and February 2025.  Below, we outline three developments affecting cybersecurity in January and February 2025, including one from the Biden Administration, which has not been rescinded.

Biden Administration Issues Second Cybersecurity Executive Order

On January 16, in one of the final acts of the Biden Administration, the White House issued Executive Order (”EO”) 14144 on “Strengthening and Promoting Innovation in the Nation’s Cybersecurity.”  EO 14144 expands on the National Cybersecurity Strategy and EO 14028, Improving the Nation’s Cybersecurity, which we first previously wrote about here.  This new EO requires a range of additional security enhancements to U.S. government and supporting digital infrastructure, including improving accountability for software and cloud service providers, strengthening the security of Federal communications and identity management systems, and promoting innovative developments and use of emerging technologies for cybersecurity across agencies and with the private sector. Continue Reading January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations

The FY 2025 National Defense Authorization Act (“NDAA”) sustains Congress’s continued focus on countering China’s expanding influence and enhancing U.S. resilience in an era of great power competition.  This year’s legislation reflects the practice of carrying the State Department and Intelligence Authorization Acts within the NDAA—marking the third consecutive year that these critical measures have been advanced in tandem.  The Foreign Relations and Intelligence Committees in both chambers of Congress have increasingly adopted the Armed Services Committees’ playbook, embedding China-focused legislation modeled on past defense measures in their respective authorizations.  This blog examines key provisions designed to address what Congress views as strategic challenges posed by China while closing loopholes that could confer military, economic, or technological advantages to Beijing.  We divide these provisions into the following five categories:  (1) provisions that address potential security risks linked to Chinese-origin technology; (2) provisions that limit the transfer of U.S. technology or data to China; (3) so-called “time to choose” provisions that curtail Department of Defense (“DoD”) engagement with third parties that engage with China; (4) provisions that tackle a range of broader geopolitical concerns; and (5) studies and reports to identify emerging issues and concerns.
Continue Reading FY2025 NDAA: Congressional Efforts to Bolster U.S. Resilience Against Chinese Tech and Influence

On January 15, 2025, the Federal Acquisition Regulation (“FAR”) Council proposed a new FAR Controlled Unclassified Information (“CUI”) rule (“proposed rule”) to establish uniform requirements for handling CUI with broad applicability to solicitations and contracts across the federal government.

The proposed rule, in development for roughly a decade, represents a

Continue Reading FAR Council Proposes New FAR CUI Rule

This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken

Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy