Arnold & Porter fields an across-the-board Cybersecurity practice. Our team litigates data security breach cases; counsels on a full range of compliance, regulatory, and liability issues; represents government contractors in procurement-related cybersecurity matters; and advises clients on strategy and policy matters involving cyber capabilities, defensive and offensive cyber operations, and vulnerability management. Government contractors face particular cybersecurity challenges because, while they are subject to many of the same regulatory requirements and cyber challenges as other companies, they also face US government procurement mandates related to the protection of US government information and networks, and must meet requirements arising from the security clearances that the contractors hold. Our government contracts lawyers work closely with colleagues across the firm to meet the specialized cybersecurity needs of defense, aerospace, Internet, software, hardware, and other companies doing business with the federal government.
We regularly advise clients regarding privacy and data security regimes that apply to the health care, financial services, and other consumer-facing sectors. We defend data security breach cases for major corporations in the Internet, software, consumer, and government services industries. The national security, homeland security, and law enforcement government experience of our attorneys provides an additional dimension of insight and expertise. Our lawyers have served in senior US government legal and policy positions, and that experience helps them advise clients about working effectively with the government and anticipating and planning for government action. The United States and many other advanced nation-states have elevated cybersecurity and cyber operations to the highest levels of their national security, law enforcement, diplomatic, technological, and economic priorities and planning. We help clients relate their immediate cybersecurity challenges to governments' cyber strategies, plans, and procurement activities.
- Advised defense contractors and hardware manufacturers on compliance with US government cybersecurity and supply chain security requirements, including the Department of Defense (DoD) Rule on Adequate Security and Cyber Incident Reporting for unclassified controlled technical information (UCTI).
- Counseled companies involved in national security and technology regarding legal restrictions on cyber capabilities, active defense and other steps they can take to protect their networks and those of their clients under the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Stored Communications Act (SCA).
- Represented major US retailers and aerospace companies on data breaches, including customer notice requirements and government inquiries regarding such breaches.
- Developed procedures for managing vulnerability and enterprise risk related to cybersecurity issues for both government contractors and commercial technology companies.
- Advised government contractors, other companies, and individuals on issues relating to classified information, including personnel and facilities clearances, reporting of adverse information, and compliance with security requirements.
- Counseled DoD contractors on US government requirements relating to information assurance capabilities and personnel security aspects of information technology products and services used by DoD and its contractors.
- Represented a software and services company on congressional, regulatory, and government procurement issues related to responsibility and liability for the security and reliability of computer network systems and software.
- Represented a national bank in the development and US government review of privacy and security protections for outsourcing arrangements for a foreign software company to develop and maintain software involved in the delivery of services to US government customers.
- Advised clients on legislative and public policy developments related to cybersecurity, information sharing, computer crime, and electronic surveillance.
- Drafted privacy policies governing companies' collection and use of customer data.