1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

2017 Cybersecurity in Government Contracts Series: Developments and Practical Steps for Compliance

 

chip

Join Dentons’ Government Contracts practice and the Public Contracting Institute (PCI) for the final four parts of our six-part webinar series. Presented monthly, each session will address key cybersecurity requirements for federal government contractors.

Prime and subcontractors both large and small, will gain important guidance for complying with the US government’s rapidly expanding cybersecurity requirements. The 2017 schedule and topics are below.

Taught by lawyers from Dentons’ Government Contracts practice and Privacy and Security practice, these sessions will help contractors meet their current obligations and position themselves competitively for the future.

12–1:15 p.m. ET

January 12: The DoD network penetration clause

February 9: Breach investigation and response

March 9: The National Archives and Records Administration Rule / SP 800-171

April 27: Information sharing: CISA and beyond

Register now for the 2017 Cybersecurity in Government Contracts Series. All sessions are complimentary for Dentons clients.

Each webinar will provide CLE credit and will be recorded and available online. For more information, please contact Sofia Abraham Mendoza at sofia.mendoza@dentons.com

 

2017 Cybersecurity in Government Contracts Series: Developments and Practical Steps for Compliance

Webinar: The 2016 Presidential and Congressional Elections: Impacts on DoD’s Technology Innovation Initiative

Silicon Valley Institute on Government and Technology

Dentons’ Silicon Valley Institute on Government and Technology is pleased to invite you to participate in the webinar “The 2016 Presidential and Congressional Elections: Impacts on DoD’s Technology Innovation Initiative.”

Please join us for an executive briefing that will cover:

  • The presidential and congressional election results, and leading contenders for prominent defense and national security roles in the Trump Administration
  • The defense sector and policy priorities in 2017
  • An update on Defense Innovation Unit Experimental (DIUx) and assessment of support for DoD’s innovation initiatives during the Trump Administration and next Congress

For more information and to register, please click here.

 

Webinar: The 2016 Presidential and Congressional Elections: Impacts on DoD’s Technology Innovation Initiative

DoD Clarifies Covered Defense Information Definition in Final Cyber Reporting Rule

The Department of Defense (DoD) on October 4, 2016, issued a rule finalizing cyber reporting regulations applicable to DoD contractors and subcontractors set forth in 32 CFR Part 236.  The rule finalizes an interim rule DoD issued on October 2, 2015 and  addresses cyber incident reporting obligations for DoD prime contractors and subcontractors.

Notably, the final rule clarifies the by now well-known definition of the term ‘covered defense information’ (“CDI”).  This same term is used in DFARS 252.204-7012.  This DFARS clause defines CDI to include four different categories: (1) covered technical information (“CTI”); (2) operations security; (3) export controlled information; and (4) any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies.

Given the similarities of this final category to the definition of controlled unclassified information (“CUI”) promulgated in connection with the National Archives and Records Administration’s (NARA)  rule, we have understood this latter category to include CUI identified by NARA pursuant to its efforts under EO 13556.  The DoD’s new final rule provides support for this understanding because it narrows the definition of CDI to only two categories:  (1) CTI and (2) CUI.  This modification accordingly appears to make clear that the “catch-all” category of CDI contained in DFARS 252.204-7012 was intended to align with NARA’s CUI efforts.

Importantly, this final rule makes no changes to the DFARS clause itself,  and it is likely that conforming changes will be made to the DFARS clause in a future revision.  The December 2015 version of the DFARS clause remains effective.  Nevertheless, in light of the final rule contractors and subcontractors seeking to understand the scope of the CDI  under the DFARS clause should include CUI in their review as they await further revision to the clause.

DoD Clarifies Covered Defense Information Definition in Final Cyber Reporting Rule

Protecting Your IP as a Government Contractor

chip

Date: September 21, 2016
Time:
12:00 PM – 01:30 PM PDT
Venue:
Dentons’ San Diego office
4655 Executive Drive
Suite 700
San Diego, CA 92121
United States

Please join us for a complimentary networking lunch and presentation on intellectual property (IP) and the federal contracting process. The 90-minute lunch program will provide practical information on how companies that provide products or services to the government, as well as their investors, can best manage IP rights, from the bidding stage to project closeout and with regard to the full-range of contracts and other funding vehicles.

The program will be led by skilled Government Contracts lawyers from our offices across the nation. CLE credit is pending.

Overview of IP issues for emerging technologies: patents, copyrights, trademarks

  • Background on the IP rules in government contracts that impact emerging technologies
  • The government’s expectations regarding allocation of IP rights (patents, copyrights and trademarks) developed under government contracts
  • How to address IP in contracts, Small Business Innovative Research (SBIR) agreements, grants, cooperative agreements and “other transactions”

To register or for questions on the event, please email Sofia Abraham Mendoza at sofia.Mendoza@dentons.com.

Protecting Your IP as a Government Contractor

Dentons’ Silicon Valley Institute on Government and Technology: Protecting Your IP Program Series

Silicon Valley Institute on Government and Technology

Date: September 22, 2016
Time:
12:00 PM – 01:30 PM PDT
Venue:
Dentons’ Palo Alto office
1530 Page Mill Road
Suite 200
Palo Alto, CA 94304
United States

Protecting your intellectual property: A series of monthly programs presented by our Government Contracts team

Please join us for the first installment of a new series of programs on intellectual property (IP) and the federal contracting process. These 90-minute complimentary lunch programs will provide practical information on how companies that provide products or services to the government, as well as their investors, can best manage IP rights, from the bidding stage to project closeout, and with regard to the full range of contracts and other funding vehicles.

Our kickoff program, in September, will provide a high-level overview of the issues every company needs to consider. Our second program, in October, will focus on the protection of commercial software and data rights.

Additional programs to take us through year-end (dates TBD) will include a session on noncommercial software development issues and one on effective alternatives for handling disputed rights in software and technology under federal contracts.

All programs will be led by skilled Government Contracts lawyers from our offices across the nation and will be held in an informal setting: the new Accelerator Space in Dentons’ Silicon Valley office. CLE credit is pending.

Program 1: Overview of IP issues for emerging technologies: patents, copyrights and trademarks

The program will cover the following topics:

  • Background on the IP rules in government contracts that impact emerging technologies
  • The government’s expectations regarding allocation of IP rights (patents, copyrights and trademarks) developed under government contracts
  • How to address IP in contracts, Small Business Innovative Research (SBIR) agreements, grants, cooperative agreements and “other transactions”

Program 2: Rights in commercial data and commercial software

Scheduled for October 20, 2016; more information to follow

  • How tech companies should navigate government rights in commercial data and commercial software
  • Practical suggestions for maximizing protection of data and software rights under various forms of government agreements

To attend, please register here. For questions about the program series, please contact Sofia Abraham Mendoza at sofia.mendoza@dentons.com.

Dentons’ Silicon Valley Institute on Government and Technology: Protecting Your IP Program Series

Cybersecurity and your supply chain: What you don’t know may hurt you

Recently revised cybersecurity regulations affecting US defense contractors and their subcontractors seek to address gaps in government contractor supply chains and expand the breadth of regulations in this area. In the February issue of Contract Management magazine, Dentons Partners Phillip Seckman and Erin Sheppard and Counsel Michael McGuinn provide guidance to contractors seeking to enhance subcontractor compliance under these regulations. In the attached article, entitled “Cybersecurity and your supply chain: What you don’t know may hurt you,” the authors provide a three-step approach to ensuring compliance with the updated Defense Federal Acquisition Regulation Supplement (DFARS) covered defense information regulations within a contractor’s supply chain. Please feel free to contact the authors with questions.

Cybersecurity and your supply chain: What you don’t know may hurt you

DHS’ Silicon Valley office issues first Innovation OTS Award to security startup

As part of its burgeoning push to purchase emerging technology from Silicon Valley startups, the Department of Homeland Security (DHS) awarded $200,000 to a Santa Clara-based company called Pulzze Systems, Inc. for Internet of Things (IoT) security systems development. The award took less than two weeks and is the first of its kind coming out of the Silicon Valley DHS office. DHS aims to develop a foothold in Silicon Valley that will allow it to “cultivate a pipeline for non-traditional partners, folks who have typically never done business with the government, to develop solutions for our toughest homeland security challenges.” See https://www.dhs.gov/science-and-technology/blog/2015/10/14/silicon-valley-office. The office wants to “bridge the gap between the department and the creative thinkers in Silicon Valley,” according to a statement by Reginald Brothers, DHS Undersecretary for Science and Technology. This initial award and its procedural efficiency “proves DHS can keep pace with the innovation community and is moving in the right direction to become a viable partner,” Brothers added.

Pulzze responded to the first call under the agency’s Innovation Other Transaction Solicitation (dedicated to protection technology for IoT security) and received the award as part of DHS’ deliberate effort to enhance and improve the government’s access to cutting-edge private sector technology and tech talent. DHS has developed a special program designed to utilize novel procurement authorities in helping startups do business with the federal government by implementing faster and more streamlined methods without all the traditional requirements of procurement contracts. The award process was remarkably rapid in this case. DHS issued the solicitation in December with Pulzze delivering its pitch on Feb. 1 and earning the award on Feb. 12, thereby “demonstrating [DHS’] ability to adapt to new ways of doing business,” according to the managing director of the Silicon Valley office for DHS’ Science & Technology Directorate. The Pulzze award is one of a number of DHS programs targeting early-stage companies for support where a startup otherwise could not afford to utilize traditional government contracting methods.

DHS’ Silicon Valley office issues first Innovation OTS Award to security startup

2015–2016 Cybersecurity Compliance and New Developments Series

Dentons government contracts lawyers and the Public Contracting Institute (PCI) presents this  new webinar series addressing cybersecurity requirements for federal government contractors. This six-part series, useful to both large and small contractors alike and at both the prime and subcontract level, provides important guidance for contractors who are seeking to ensure compliance with the government’s rapidly expanding cybersecurity requirements. Contractors learn about the statutory and regulatory requirements applicable to contractors, including key agency-specific regulations; cyber requirements applicable to owners and operators of critical infrastructure, including the defense base; best practices for cyber breach investigation and response; and recent and future cyber developments, including the National Archives and Records Administration’s (NARA) efforts to establish a government-wide system for identification and protection of controlled unclassified information. The series is an invaluable resource for contractors who want to ensure compliance with existing cyber obligations while best positioning themselves competitively for future developments in the government contracts industry.

This series is taught by lawyers from our government contracts practice in tandem with lawyers from our global privacy and security practice. A schedule of the sessions is below.

First Tuesday of the month

1:00 p.m. to 2:30 p.m. ET

November 3, 2015 – Overview of the cyber legal and regulatory maze

December 1, 2015 – Critical infrastructure cybersecurity, Executive Order 13636

January 5, 2016 – The Department of Defense (DOD) network penetration clause

February 2, 2016 – Breach investigation and response

March 1, 2016 – The NARA rule/SP 800-171

April 5, 2016 – Cybersecurity outlook: Predictions on cyber policies in federal procurement

For more information, or if you would like to attend a course(complimentary to Dentons’ clients), please reach out to Sofia Abraham Mendoza at sofia.mendoza@dentons.com. All webinars offer CLE credit. They are recorded and available to watch online for one year after the live date.

2015–2016 Cybersecurity Compliance and New Developments Series

The gift of time: A second DOD interim rule grants contractors additional time to comply with cyber security requirements

The US Department of Defense (DOD) earlier today issued a second interim rule, effective immediately, that gives affected contractors until December 31, 2017, to implement fully compliant cyber security controls.

The cyber security requirements, contained in the National Institute of Standards and Technology (NIST) Special Publication (SP) No. 800-171, were part of a prior interim rule issued in August 2015. Sometimes referred to as the Network Penetration Rule, DOD’s first interim rule had required immediate compliance with NIST SP 800-171 at both the prime and subcontract levels. Although DOD’s second interim rule gives contractors additional time to implement the requirements of NIST SP 800-171, the rule as revised still imposes certain near-term burdens on affected contractors and subcontractors. Read the full article.

The gift of time: A second DOD interim rule grants contractors additional time to comply with cyber security requirements

Department of Defense seeks to clarify contractor cybersecurity obligations

Earlier this year, we reported on the Department of Defense’s (DOD) imposition of new and revised cybersecurity requirements on DOD prime and subcontractors. The new requirements reflected in DOD’s interim rule, among other things, expanded the clause governing unclassified controlled technical information to cover all “covered defense information,” replaced old safeguarding requirements, and expanded contractors’ reporting obligations in the event of a cyber incident. Since DOD released these new and revised requirements, which took effect immediately, contractors have been hustling to understand the requirements and to ensure full compliance.

Just last week, likely in an attempt to address some of the confusion surrounding the new and revised requirements in the interim rule, DOD released (1) updated Defense Federal Acquisition Regulation Supplement (DFARS) Procedures, Guidance and Information (PGI), and (2) Frequently Asked Questions (FAQs) covering network penetration reporting, safeguarding covered defense information, and cloud services. These two documents shed light on the manner in which DOD is implementing the cybersecurity requirements. For example, together the FAQs and the PGI:

• Explain why DOD replaced the security protections from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 with the NIST SP 800-171;

• Provide DOD’s interpretation of the security controls outlined in NIST SP 800-171;

• Describe how covered defense information and operationally critical support will be identified;

• Provide examples of operationally critical support;

• Clarify that the DOD Cyber Crime Center is the “operational focal point” for receiving reports of cyber threats and cyber incidents; and

• Dictate the roles and responsibilities of the Contracting Officer and/or the requiring activity in, among other things, identifying and marking unclassified controlled technical information, handling a reported cyber incident, and conducting damage assessment activities.

Contractors struggling with how, precisely, to implement DOD’s cybersecurity requirements should look to this issued guidance to see if it addresses the questions they have and use it in formulating their own compliance plans. Additionally, contractors should consider attending DOD’s recently-announced “Industry Implementation Information Day” on December 14, 2015, wherein the department will present a briefing regarding DOD’s new and revised cybersecurity requirements. Information on the industry day, including registration information, can be found here.

Dentons lawyers will continue to monitor key developments in this area and will be providing more information about contractors’ compliance obligations and best practices as part of the Public Contracting Institute’s series on government contracts cybersecurity. More information on the series can be found here.

Department of Defense seeks to clarify contractor cybersecurity obligations