Capabilities
National Security

Cybersecurity

Arnold & Porter fields an across-the-board Cybersecurity practice. Our team litigates data security breach cases, counsels on a full range of compliance, regulatory, and liability issues, represents government contractors in procurement-related cybersecurity matters, and advises clients on strategy and policy matters involving cyber capabilities, defensive and offensive cyber operations, and vulnerability management. Government contractors face particular cybersecurity challenges because, while they are subject to many of the same regulatory requirements and cyber challenges as other companies, they also face US government procurement mandates related to the protection of US government information and networks, and must meet requirements arising from the security clearances that the contractors hold. Our government contracts lawyers work closely with colleagues across the firm to meet the specialized cybersecurity needs of defense, aerospace, Internet, software, hardware, and other companies doing business with the federal government.

We regularly advise clients regarding privacy and data security regimes that apply to the health care, financial services, and other consumer-facing sectors. We defend data security breach cases for major corporations in the Internet, software, consumer, and government services industries. The national security, homeland security, and law enforcement government experience of our attorneys provides an additional dimension of insight and expertise. Our lawyers have served in senior US government legal and policy positions, and that experience helps them advise clients about working effectively with the government and anticipating and planning for government action. The United States and many other advanced nation-states have elevated cybersecurity and cyber operations to the highest levels of their national security, law enforcement, diplomatic, technological, and economic priorities and planning. We help clients relate their immediate cybersecurity challenges to governments' cyber strategies, plans, and procurement activities, and we help clients identify and pursue areas of shared interests and mutual opportunity.

Highlights of Recent Achievements:

  • Advised defense contractors and hardware manufacturers on compliance with US government cybersecurity and supply chain security requirements, including the Department of Defense (DoD) Rule on Adequate Security and Cyber Incident Reporting for unclassified controlled technical information (UCTI).
  • Counseled companies involved in national security and technology regarding legal restrictions on cyber capabilities, active defense and other steps they can take to protect their networks and those of their clients under the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and the Stored Communications Act (SCA).
  • Represented major US retailers and aerospace companies on data breaches, including customer notice requirements and government inquiries regarding such breaches.
  • Developed procedures for managing vulnerability and enterprise risk related to cybersecurity issues for both government contractors and commercial technology companies.
  • Advised government contractors, other companies, and individuals on issues relating to classified information, including personnel and facilities clearances, reporting of adverse information, and compliance with security requirements.
  • Counseled DoD contractors on US government requirements relating to information assurance capabilities and personnel security aspects of information technology products and services used by DoD and its contractors.
  • Represented a software and services company on congressional, regulatory, and government procurement issues related to responsibility and liability for the security and reliability of computer network systems and software.
  • Represented a national bank in the development and US government review of privacy and security protections for outsourcing arrangements for a foreign software company to develop and maintain software involved in the delivery of services to US government customers.
  • Advised clients on legislative and public policy developments related to cybersecurity, information sharing, computer crime, and electronic surveillance.
  • Drafted privacy policies governing companies' collection and use of customer data.

Experience

National bank Privacy and security implications of non-US outsourcing arrangement

Development and government review of privacy and security protections for a foreign software company to develop and maintain software involved in the delivery of services to US government customers.

International business and technology consultants Security clearance and acquisition supply chain security matters

Advised companies with direct or indirect non-US ownership on security clearance and acquisition supply chain security matters.

Private equity investment firm Security clearance and acquisition supply chain security matters

Advised companies with direct or indirect non-US ownership on security clearance and acquisition supply chain security matters.

Major technology and management consulting firm Security clearance and acquisition supply chain security matters

Advised companies with direct or indirect non-US ownership on security clearance and acquisition supply chain security matters.

International IT and network solutions company Security clearance and acquisition supply chain security matters

Advised companies with direct or indirect non-US ownership on security clearance and acquisition supply chain security matters.

More

Perspectives

Trump Administration Imposes Sanctions for Russia's 2016 Election Interference and Cyber-Attacks
Advisory
Next Steps In Cybersecurity Under President Trump
Aerospace & Defense Law360, Consumer Protection Law360, Cybersecurity & Privacy Law360, Public Policy Law360, Technology Law360
What Does Trump’s First 100 Days Look Like Relative to Cyber?
Battling Corruption: Lessons Learned and Legal Insights into Investigations
CBI’s Global Anti-Corruption & FCPA Compliance Congress and Latin America Compliance Congress for Life Sciences, Miami, FL
Two More Years: DoD Gives Defense Contractors Until December 31, 2017, to Comply With Baseline “Adequate” Cybersecurity Requirements
Arnold & Porter Advisory
More

Recognition

Chambers Global
Privacy & Data Security (USA) (2010-2018)
The Legal 500 US
Media, Technology and Telecoms: Data Protection and Data Breach Response (2014-2017)
Media, Technology and Telecoms: Cyber Law (including Data Protection and Privacy) (2016-2017)
Overview

Email Disclaimer