DoD

This is the second blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in March 2025. 

Trump Administration Executive Order on Achieving Efficiency

On March 19, 2025, the Trump

Continue Reading March 2025 Cybersecurity Developments Under the Trump Administration

On April 9, 2025, President Trump issued an Executive Order (“EO”), “Modernizing Defense Acquisitions and Spurring Innovation In the Defense Industrial Base,” that may have significant implications for federal government contractors doing business with the Department of Defense (“DoD”), and particularly those with touchpoints to Major Defense Acquisition Programs (“MDAPs”).Continue Reading Trump Administration Issues Executive Order Aimed At Modernizing Defense Acquisitions And Spurring Innovation

On April 1, the Office of Strategic Capital (OSC) announced that it received more than 200 applications, totaling over $8.9 billion in financing requests, across 38 states for the inaugural solicitation under OSC’s Domestic Manufacturing Loan Program.  As covered in a prior post, under the Notice of Funding Availability (NOFA) released last fall, OSC plans to loan up to $984 million to eligible companies to expand the U.S. industrial base, with individual loans ranging between $10 million to $150 million.  These OSC loans will support advanced manufacturing, cybersecurity, decision science, edge computing, mesh networks, microelectronics, solar, and quantum computing technologies, and eligible investments must have both a defense and a commercial application.   Continue Reading DoD’s Office of Strategic Capital Reports Significant Interest in Domestic Manufacturing Loan Program

This is the first in a new series of Covington blogs on cybersecurity policies, executive orders, and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in January and February 2025.  Below, we outline three developments affecting cybersecurity in January and February 2025, including one from the Biden Administration, which has not been rescinded.

Biden Administration Issues Second Cybersecurity Executive Order

On January 16, in one of the final acts of the Biden Administration, the White House issued Executive Order (”EO”) 14144 on “Strengthening and Promoting Innovation in the Nation’s Cybersecurity.”  EO 14144 expands on the National Cybersecurity Strategy and EO 14028, Improving the Nation’s Cybersecurity, which we first previously wrote about here.  This new EO requires a range of additional security enhancements to U.S. government and supporting digital infrastructure, including improving accountability for software and cloud service providers, strengthening the security of Federal communications and identity management systems, and promoting innovative developments and use of emerging technologies for cybersecurity across agencies and with the private sector. Continue Reading January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations

This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken

Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

On November 15, 2024, the Department of Defense (“DoD”) published a Notice of Proposed Rulemaking (“Proposed Rule”) entitled “Defense Federal Acquisition Regulation Supplement: Disclosure of Information Regarding Foreign Obligations.”  The Proposed Rule would impose new disclosure obligations on “Offeror[s]” (pre-award) and “Contractor[s]” (post-award) that are triggered in certain

Continue Reading Department of Defense Publishes Notice of Proposed Rulemaking on Disclosure of Computer and Source Code to Foreign Entities

This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by

Continue Reading October 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

On Tuesday, October 22, 2024, Pennsylvania State University (“Penn State”) reached a settlement with the Department of Justice (“DoJ”), agreeing to pay the US Government (“USG”) $1.25M for alleged cybersecurity compliance violations under the False Claims Act (“FCA”).  This settlement follows a qui tam action filed by a whistleblower and former employee of Penn State’s Applied Research Laboratory.  The settlement agreement provides some additional insight into the priorities of DoJ’s Civil Cyber Fraud Initiative (“CFI”) and the types of cybersecurity issues of interest to the Department.  It also highlights the extent to which DoJ is focusing on the full range of cybersecurity compliance obligations that exist in a company’s contract in enforcement actions.Continue Reading Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations

The Office of Strategic Capital (“OSC”) within the Department of Defense (“DOD”) has launched a Credit Program, under which it will provide debt financing in critical technology areas that drive national and economic security.  As an initial step, OSC is soliciting applications for equipment loans, which may be submitted between

Continue Reading DOD Office of Strategic Capital Begins Its Direct Lending Efforts to Secure U.S. Industrial Base

On October 11, 2024, the U.S. Department of Defense (“DoD”) released an unpublished version of the Cybersecurity Maturity Model Certification (“CMMC”) Program Rule.  The final rule will be published in the Federal Register on October 15, 2024 and will become effective sixty days after publication.  This rule formally establishes the CMMC Program for DoD and is one of two complementary sets of regulations that govern operation of the Program.  Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Final Rule Announced