Photo of Trisha Anderson

Trisha Anderson, an experienced national security and cybersecurity lawyer, advises clients on white collar investigations and national security issues, including national security surveillance and law enforcement compliance and litigation, cybersecurity and data privacy, and CFIUS, with a particular focus on information and communications technologies.

Ms. Anderson rejoined the firm after over a decade of service in the federal government. She held senior positions at the Department of Justice and the Department of the Treasury. Most recently she served as Principal Deputy General Counsel at the Federal Bureau of Investigation, where she handled complex and sensitive matters relating to national security and cyber intrusions.

On May 12, the Biden Administration issued an “Executive Order on Improving the Nation’s Cybersecurity.”  The Order seeks to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by modernizing federal networks, enhancing the federal government’s software supply chain security, implementing enhanced cybersecurity practices and procedures in the federal government, and creating government-wide plans for incident response.  The Order covers a wide array of issues and processes, setting numerous deadlines for recommendations and actions by federal agencies, and focusing on enhancing the protection of federal networks in partnership with the service providers on which federal agencies rely.  Private sector entities, including federal contractors and service providers, will have opportunities to provide input to some of these actions.

In particular, and among other things, the Order:

  • seeks to remove obstacles to sharing threat information between the private sector and federal agencies;
  • mandates that software purchased by the federal government meet new cybersecurity standards;
  • discusses securing cloud-based systems, including information technology (IT) systems that process data, and operational technology (OT) systems that run vital machinery and infrastructure;
  • seeks to impose new cyber incident[i] reporting requirements on certain IT and OT providers and software product and service vendors and establishes a Cyber Safety Review Board to review and assess such cyber incidents and other cyber incidents, and;
  • addresses the creation of pilot programs related to consumer labeling in connection with the cybersecurity capabilities of Internet of Things (IoT) devices.

The Order contains eight substantive sections, which are listed here, and discussed in more detail below:

  • Section 2 – Removing Barriers to Sharing Threat Information
  • Section 3 – Modernizing Federal Government Cybersecurity
  • Section 4 – Enhancing Software Supply Chain Security
  • Section 5 – Establishing a Cyber Safety Review Board
  • Section 6 – Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents
  • Section 7 – Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
  • Section 8 – Improving the Federal Government’s Investigative and Remediation Capabilities
  • Section 9 – National Security Systems

The summaries below discuss highlights from these sections, and the full text of the Order can be found here.


Continue Reading President Biden Signs Executive Order Aimed at Improving Government Cybersecurity

On February 24, 2021, President Biden signed an Executive Order entitled “Executive Order on America’s Supply Chains” (the “Order”). Among other things, the Order is an initial step toward accomplishing the Biden Administration’s goal of building more resilient American supply chains that avoid shortages of critical products, facilitate investments to maintain America’s competitive edge, and

On May 5, 2020 the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management (“SCRM”) Task Force (the “Task Force”) released a six-step guide for organizations to start implementing organizational SCRM practices to improve their overall security resilience.  The Task Force also released a revised fact sheet to further raise awareness about ICT supply chain risk.

As we discussed in a prior blog post on the Task Force’s efforts, the Task Force was established in 2018 with representatives from 17 different defense and civilian agencies, as well as industry representatives across the information technology and communications sectors.  The Task Force has been focused on assessing and protecting security vulnerabilities in government supply chains.  Since its founding, the Task Force has inventoried existing SCRM efforts across the government and industry, including some of the practices reflected in the guide.
Continue Reading CISA Information and Communications Technology Supply Chain Risk Management Task Force Releases New Guidance on Security Resiliency

On March 13, the President declared a national emergency in response to the COVID-19 pandemic.  Doing so activated the authorities available to the President under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. §§ 5121-5207 (the “Stafford Act”) to provide federal assistance to state and local governments responding to the emergency, including financial assistance.

The federal assistance is coordinated and provided through the Federal Emergency Management Agency (“FEMA”) under the National Response Framework.  Although the Stafford Act generally does not make funding directly available to private businesses, a large portion of the nearly $50 billion that the President said will be available to FEMA may be used to procure goods and services from contractors assisting the relief effort.


Continue Reading State of Emergency: COVID-19, the Stafford Act, and What It All Means for Contractors