chevron-down Created with Sketch Beta.

Procurement Lawyer Newsletter

The Procurement Lawyer Spring 2024

Cybersecurity Committee Drafts Comments to Proposed Rules, Plans Panels

Stacy Hadeka, Craig Schwartz, and Sarah Burgart

Summary

  • The Cybersecurity Committee provides information on developments involving cybersecurity, privacy, and emerging technology in the context of government contracting.
  • Past committee panels and other events addressed government perspectives on cyber, perspectives on the DHS Controlled Unclassified Information (CUI) Protection Rule.
  • Upcoming panel discussion topics include software attestation requirements, in-house cyber perspectives, and election security.
Cybersecurity Committee Drafts Comments to Proposed Rules, Plans Panels
Yuichiro Chino via Getty Images

Jump to:

The Cybersecurity, Privacy & Emerging Technology Committee

As co-chairs of the Cybersecurity, Privacy & Emerging Technology Committee (hereinafter the Cybersecurity Committee), we are delighted to turn the spotlight on this committee for The Procurement Lawyer. The Cybersecurity Committee focuses on providing timely information to the legal community on developments involving cybersecurity, privacy, and emerging technology in the context of government contracting, commenting on developments in these areas, and proposing best practices and practical solutions to legal and contractual challenges associated with government contracting in these areas. Each program year (September to August), the Cybersecurity Committee holds monthly meetings with substantive panels discussing topics of interest to the committee. Through these discussions, we assess recent developments to provide quality insight on cybersecurity, privacy, and emerging technology updates, learning from knowledgeable and diverse subject matter experts as panelists. We also focus on incorporating emerging technology issues into programming, for example, artificial intelligence, drones, and small satellites. We discuss best practices and emerging trends in all of these areas. The committee also coordinates with other Section committees to provide joint programming on the cross-section of cybersecurity and other areas of government contracting law. Members are concentrated in the Washington, DC, area, but we have members stretching across the country. We offer hybrid programs to allow members to participate in person or remotely.

We have had a great lineup of programs this year, with plenty of upcoming opportunities to engage.

On September 21, 2023, the Cybersecurity Committee hosted one of its more popular annual panel discussions addressing Government Perspectives on Cyber. This panel heard from top government executives on the latest cyber issues affecting their agencies and the private sector. Panelists included officials from the White House Office of the National Cyber Director, DHS Cybersecurity and Infrastructure Security Agency, FBI Cyber Division, and DoD. The panel was followed by a no-host happy hour at The Hamilton, allowing for the panelists and attendees to network following the event.

On October 18, 2023, the Cybersecurity Committee held a panel on Perspectives on the DHS Controlled Unclassified Information (CUI) Protection Rule. This panel discussed emerging issues involving government contracting and protecting sensitive information, with a particular focus on the DHS final rule amending its acquisition supplement to the FAR, which adds or updates three contract clauses to enhance rules for safeguarding of CUI on DHS contracts. The new clauses are designed to improve privacy and cybersecurity measures to better protect CUI. The panel included representatives from the Executive Director of Acquisition, Policy, and Legislation (APL) within the DHS Office of the Chief Procurement Officer.

OnOctober 24, 2023, the Cybersecurity Committee hosted a joint panel on The Impact of CUI on Contractor Ownership and Use of Contractor Created Intellectual Property. This joint meeting with the IP Committee discussed Executive Order 13556, under which executive agencies were required to implement policies to protect CUI “consistent with law, regulations, and Government-wide policies.” The panel discussed understanding what information is, or may be, considered “CUI”; what that designation actually means, if anything, outside of the information security and handling perspective; and whether the designation ends up being too long and seemingly unending. The panel also outlined the potential for CUI safeguards and controls to interfere with intellectual property that contractors may generate under a contract. The panel included industry representatives from Lockheed Martin and Boeing and was followed by a networking happy hour.

On November 9, 2023, the Cybersecurity Committee held a joint meeting discussing A Journey Through Recent Developments in Cybersecurity. This joint meeting with the Commercial Products and Services Committee explored recent developments in cybersecurity. The government’s focus on cybersecurity has only continued to grow, impacting commercial products and services contractors that are not exempt from ever-increasing cybersecurity requirements and enforcement in the government contracting sector. The panel discussed recent False Claims Act cases focusing on cybersecurity, the latest on the Cybersecurity Maturity Model Certification (CMMC) program, and the FAR Council’s two newly proposed cybersecurity rules: Cyber Threat and Incident Reporting and Information Sharing and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems.

Most recently, on January 26, 2024, the committee hosted a Fireside Chat on CMMC: Perspectives on the Proposed Rule/DIBCAC Speaker on NIST SP 800-171 Assessments in coordination with the Commercial Products and Services Committee. This meeting involved a timely discussion on the CMMC program’s proposed rule, and attendees heard from industry experts at The Coalition for Government Procurement, Baker Tilly, and Lockheed Martin.

Looking further out in the second half of the program year, the group is planning panel discussions on the following topics:

  • The committee will host a Cybersecurity and M&A panel in coordination with the Mergers & Acquisitions Committee to discuss common cybersecurity pitfalls in merger and acquisition transactions.
  • Other planned panel topics for the upcoming year include new Software Attestation requirements, In-House Cyber Perspectives, Election Security, and an update on the DOJ’s Civil Cyber Fraud Initiative.

All committee members are welcome and encouraged to participate in our upcoming events.

The Cybersecurity Committee has also been busy this year drafting comments related to two newly proposed FAR rules, which will broadly impact companies across the government contracts community. In coordination with the Legislative and Regulatory Coordinating Committee, the Cybersecurity Committee prepared and submitted Comments in response to (1) the proposed FAR rule, Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems (FAR Case 2021-019), and (2) the proposed FAR rule, Cyber Threat and Incident Reporting and Information Sharing (FAR Case 2021-017).

As we look back on the first half of the program year, we are proud of the committee’s efforts in creating opportunities for Section members to hear about the latest developments in cybersecurity, privacy, and emerging technologies. The Cybersecurity Committee continues to foster collaboration across the private sector and government through its programming. It offers rewarding opportunities to connect with colleagues both near and far that share a common interest, allowing for timely discussions on such topics.

  • Susan Ebner, a partner at Stinson LLP and former co-chair and vice chair of the committee, explains that “[w]ith so many emerging issues and requirements, it is imperative that Public Sector counsel have a place to find out what is happening and what they need to do to ensure compliance. The ABA PCLS Cybersecurity Committee provides a venue for government, industry, and private practitioners to come together to learn about the rules and requirements being proposed and implemented, and identify potential implementation issues. The committee works diligently to host meetings and prepare comments on proposed rulemakings. As a member of the Public Sector bar and long-time member of the PCLS, the Cybersecurity Committee is one of my go-to groups to help me keep a pulse on emerging issues in this area.”
  • Sandeep Kathuria, former co-chair of the committee and Assistant General Counsel at L3Harris, has expressed that “[w]orking in fast-paced and evolving areas like cyber and tech, I find it incredibly valuable to benchmark with my peers to be able to better support and advise my in-house clients. I have met so many outstanding people through the committee and the Public Contract Law Section who have helped me both personally and professionally. The committee also engages in thought leadership through cutting-edge programming and regulatory comments. I strongly recommend anyone working at the intersection of government contracting and cybersecurity or interested in these areas to consider joining and participating in our committee’s work.”

As the committee looks forward, we are excited for more opportunities to gather and continue to build our community. For more information on our committee, you can find us here.

    Authors