GAO Report Slams Department of Defense Cybersecurity Practices

Securing the upcoming election against cyberattack or influence is rightfully garnering a great deal of attention, but a recent General Accounting Office (GAO) report indicates the United States is doing a poor job building weapon systems resistant to cyberattack. The report noted that the very aspects that make some of the nation’s most dangerous weapons […]

Nearly All New U.S. Weapons Systems Have ‘Critical’ Cybersecurity Problems, Auditors Say

Almost all of the U.S. military’s newly developed weapons systems suffer from “mission-critical cyber vulnerabilities,” a review of government security audits conducted from 2012 to 2017 found, suggesting military agencies have rushed to computerize new weapons systems without prioritizing cybersecurity. The findings were released Tuesday in a report from the Government Accountability Office. The report drew on […]

Without Handcuffs: Creating A Culture of Compliance

Over the years, I have met with hundreds of security teams. One of the most common complaints, that comes up in meetings with companies of all sizes and across all industries, is that security teams feel helpless to enforce the policies they put in place. Multiple security officers have described it as feeling like “cops […]

October is National Cybersecurity Awareness Month

Connected devices are essential to our professional and personal lives, and criminals have gravitated to these platforms as well. Many common crimes—like theft, fraud, harassment, and abuse—are now carried out online, using new technologies and tactics. Others, like cyber intrusions and attacks on critical infrastructure, have emerged as our dependence on connected systems revealed new […]

JVP, SOSA Partner With City of New York on Cybersecurity Initiative

Called Cyber NYC, the new initiative will receive a $30 million investment from the city of New York and intends to raise an additional sum of up to $70 million from private investors New York City Economic Development Corporation (NYCEDC) announced a new cybersecurity initiative Tuesday, naming Israeli venture capital firm Jerusalem Venture Partners (JVP) […]

White House Touts Release of National Cyber Strategy

Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by enforcing global […]

State Department Email Breach Leaks Employee PII

The State Department was hit with an email breach which exposed the personal information of some of its employees. The agency sent a notice dated Sept. 7 which described the incident as “activity of concern … affecting less than 1% of employee inboxes” adding the breach did not affect the agency’s classified email server, according […]

Cybersecurity Could Make or Break Defense Contractors’ Chances of Future Awards

Cost, schedule, and performance, the three pillars of defense procurement, may soon be accompanied by a fourth pillar: cybersecurity. As the nature of warfare evolves away from pure kinetic capabilities to the asymmetric, cyber realm, the Department of Defense (“DoD”) has had to grapple with the reality that its defense contractors are prime targets for […]

The Export Control Reform Act and Possible New Controls on Emerging and Foundational Technologies

Key Points ECRA became law on August 13, 2018. It is the permanent statutory authority for the EAR, which is administered by the U.S. Department of Commerce’s BIS. The new law codifies long-standing BIS policies and does not require changes to the EAR, such as to its country-specific licensing requirements. However, as part of the […]

Hiring US Citizens Only for ITAR Compliance Can Violate the Immigration and Nationality Act

The Department of Justice (DOJ), Civil Rights Division, announced on August 29, 2018, its civil settlement with the international law firm, Clifford Chance US LLP, for violations of the Immigration and Nationality Act (INA), 8 U.S.C. 1324b, attributable to Clifford Chance’s overly restrictive interpretation of who can work on projects involving data controlled by the International Traffic […]

Mergers, Acquisitions And Investments Involving U.S. Companies With Chinese & Other Foreign Parties

The United States has enacted laws that expand U.S. government screening of certain transactions involving foreign companies and governments as well as regulation of the transfer and use of sensitive U.S. goods and technologies in the United States and abroad. The impetus for this new legislation is the changed national security landscape resulting from the […]

Meet the man who might have brought on the age of ‘downloadable guns’

During the summer of 2012, Cody Wilson hung around J&J, a car-repair shop run by two “goofy” guys in their late 20s. The Austin warehouse was crowded with engine blocks, car parts and Pelican boxes that never seemed to have been opened, but the 24-year-old came as he pleased, with access to shop machinery. He […]

U.S. Commerce Department says export controls to align with security review legislation

The U.S. Commerce Department said on Friday it has begun a review of export controls that will be aligned with new legislation to strengthen national security reviews of foreign acquisitions of American firms, rather than China-specific curbs. In a statement to Reuters, the department said the review would establish changes to the controls “based on […]

Failure to Consider US Export Control Regulations Can Be Costly

Export controls are laws and regulations that regulate and restrict the release of sensitive technologies and information to foreign countries and foreigners, both within and outside of the United States, for reasons of national security and foreign policy. U.S. export control laws are often overlooked by companies of all sizes despite the serious repercussions for […]

Flir to pay $30 million fine for federal trade violations

Thermal imaging company Flir Systems Inc. must pay a $30 million fine to settle hundreds of international violations of federal trade rules. In total, Wilsonville-based Flir (NASDAQ: FLIR) received a $30 million penalty after the U.S. Department of State Directorate of Defense Trade Controls said violated the International Traffic in Arms Regulation, or ITAR. These […]

Inconsistencies Persist With Final DFARS Commercial Items Rule

On January 31, 2018, the Department of Defense (“DoD” or the “Department”) published a final rule regarding commercial item purchasing requirements.  Among other key amendments, the final rule modifies the Defense Federal Acquisition Regulation Supplement (“DFARS”) by:  (i) formalizing a presumption of commerciality for items that DoD previously treated as commercial; (ii) providing commercial item treatment to […]

Supreme Court Says No to 3-D Printed Guns, For Now

The Supreme Court turned down its chance to weigh-in on regulations for 3-D printed firearms — for now. The high court announced its decision Jan. 8, sending Defense Distributed v. State back to the western district of Texas to be heard on its merits. Cody Wilson, Defense Distributed’s founder, told Guns.com Friday he’s undeterred by the rejection. “I […]

DoD Updates Internal Guidance on DFARS Cyber Rule

The Department of Defense (“DoD”) has updated portions of its internal guidance addressing compliance with the requirements of Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” In particular, on December 1, 2017, the office of Defense Procurement and Acquisition Policy updated its Procedures, Guidance and Information (“PGI”) with […]

Putting Cybersecurity at the Top of the Board’s Agenda

Was cybersecurity at the top of your priority list when the WannaCry attack hit? When a cyberattack strikes it can quickly become headline news, causing serious disruption to an organisation for days on end and costing hundreds of thousands of dollars in lost data, reputational damage, lost customers and regulatory fines. WannaCry, one of the […]

Airbus Corruption Scandal Widens as Firm Admits US Arms Trafficking Filing ‘Inaccuracies’

Airbus said on Tuesday it had uncovered problems involving the use of sales agents to sell US arms technology, dragging the United States for the first time into a growing corruption scandal at Europe’s largest aerospace firm. Airbus also warned of a material impact from potential fines resulting from existing bribery investigations in the UK […]

Recent ITAR Case Sends Important Message to Small/Midsized Government Contractors

A State Department ITAR enforcement case announced last week involving a supplier of military spare parts sends a valuable message to small and mid-sized government contractors of every type. The case involves Bright Lights USA, Inc. (the “Company”), a small New Jersey defense manufacturer.  According to the Directorate of Defense Trade Controls (“DDTC”) Charging Letter, […]

DFARS Cyber Compliance Deadline Is Approaching

Many people are unaware that a significant number of U.S. companies are subject to regulations that share some similarities with the European General Data Protection Regulation (which has companies that handle European data scrambling to get into compliance). Specifically, government contractors have obligations pursuant to Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7000 et. seq. The DFARS regulations […]

BIS Revises the EAR to Implement 2016 Wassenaar Agreements

On August 15, 2017, the Bureau of Industry and Security (BIS) published in the Federal Register a final rule[Docket No. 170309249-7249-01] that revises the Commerce Control List (CCL), as well as corresponding parts of the Export Administration Regulations (EAR), to implement changes made to the Wassenaar Arrangement List of Dual-Use Goods and Technologies (WA List) maintained and agreed to by […]

Why Good Companies End Up On the Wrong Side of the Law

You might easily believe that the world is in the grip of a pandemic of corporate fraud and corruption. One after another, countries are launching anti-corruption campaigns or introducing new regulatory measures to combat attempts by dubious executives – aided and abetted by venal public officials – to steal money and undermine public ethics. Different […]

Nine HIPAA Settlements So Far This Year

We’re past the halfway point of 2017. And in the world of health IT, there have already been a plethora of HIPAA settlements. Here are the nine that have occurred during the first six months of this year. Chicago, Illinois-based Presence Health agreed to pay a $475,000 HIPAA settlement. In 2013, the health system found paper operating room schedules containing […]