Embed Size (px)
Citation preview
www.americanbar.org | www.abacle.org
Issues Relating to Cybersecurity Rules Affecting Government Contractors
Saturday, March 14, 2015, 8:30 am ABA Section of Public Contract Law Section Council Meeting
Keir Bancroft, Venable LLP
Kate M. Growley, Crowell & Moring LLP
www.americanbar.org | www.abacle.org
Cyber Requirement
• E.O. 13636, Improving Critical Infrastructure Cybersecurity.
– Joint Working Group of DoD and GSA: Prepared 6 recommendations and a plan for implementing cybersecurity in federal acquisition.
– NIST Cybersecurity Framework: Requirement for NIST to develop framework for assessing and reducing cyber risks to critical infrastructure.
The Public Contract Law Section’s Approach to Cybersecurity Rules Affecting Government Contractors
PCL Approach
• Committee on Cybersecurity, Data Protection and Privacy:
– Prepared comments responding to Joint Working Group RFI in developing recommendations.
– Prepared comments on Draft Implementation Plan.
• Joint Meetings: – Committee on Cybersecurity, Data
Protection and Privacy and Science and Technology Section’s Homeland Security Committee have met to discuss developments with the Cybersecurity Framework.
www.americanbar.org | www.abacle.org
Cyber Requirement
• DFARS 252.204-7012, Safeguarding Unclassified Controlled Technical Information.
– Applies to unclassified information systems of prime contractors, subcontractors, and outsourced IT infrastructure;
– Requires application of NIST SP 800-53 security controls;
– Requires reporting of cyber incidents within 72 hours, and preservation of images for 90 days.
The Public Contract Law Section’s Approach to Cybersecurity Rules Affecting Government Contractors
PCL Approach
• Multi-Faceted Approach. – Cybersecurity, Data Protection, and
Privacy Committee: Presentations and discussion dedicated to implications of the clause.
– Subcontracting, Teaming and Strategic Alliances Committee: Discussed in drafting of upcoming Guide to Fixed-Price Supply Subcontract Terms and Conditions.
www.americanbar.org | www.abacle.org
Cyber in 2015
• § 941, 2013 NDAA
• § 1632, 2015 NDAA
• National Cybersecurity Protection Act
• Cybersecurity Enhancement Act
• Federal Information Security Modernization Act
• Cybersecurity Workforce Assessment Act
• Executive Order & Cyber Threat Intelligence Integration Center
The Public Contract Law Section’s Approach to Cybersecurity Rules Affecting Government Contractors
PCL Approach
• Committee on Cybersecurity, Privacy and Data Protection and Science and Technology Section’s Homeland Security Committee coordinated discussions
– Hosted panel of corporate counsel regarding cybersecurity in 2015
– Hosted panel of government personnel regarding cybersecurity in 2015
• Committee on Cybersecurity, Privacy and Data Protection website maintained as current resource
www.americanbar.org | www.abacle.org
The Public Contract Law Section’s Approach to Cybersecurity Rules Affecting Government Contractors
www.americanbar.org | www.abacle.org
The Public Contract Law Section’s Approach to Cybersecurity Rules Affecting Government Contractors
www.americanbar.org | www.abacle.org
The Public Contract Law Section’s Approach to Cybersecurity Rules Affecting Government Contractors
www.americanbar.org | www.abacle.org
The Public Contract Law Section’s Approach to Cybersecurity Rules Affecting Government Contractors
www.americanbar.org | www.abacle.org
Resources
• Comments responding to Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition RFI, 78 Fed. Reg. 27966, available at: http://www.regulations.gov/#!documentDetail;D=GSA-GSA-2013-0002-0023.
• Comments on Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition, 79 Fed. Reg. 14042, available at: http://www.regulations.gov/#!documentDetail;D=GSA-GSA-2014-0002-0011.
• DoD Rule on Safeguarding Unclassified Technical Information, available at: http://www.gpo.gov/fdsys/pkg/FR-2013-11-18/pdf/2013-27313.pdf.
• § 941, 2013 NDAA, available at: http://www.gpo.gov/fdsys/pkg/BILLS-112hr4310enr/pdf/BILLS-112hr4310enr.pdf
• § 1632, 2015 NDAA, available at: https://www.congress.gov/113/bills/hr3979/BILLS-113hr3979eah.pdf
• National Cybersecurity Protection Act, available at: https://www.govtrack.us/congress/bills/113/s2519/text
• Cybersecurity Enhancement Act, available at: https://www.govtrack.us/congress/bills/113/s1353/text
• Federal Information Security Modernization Act, available at: https://www.congress.gov/bill/113th-congress/senate-bill/2521/text
• Cybersecurity Workforce Assessment Act, available at: https://www.congress.gov/bill/113th-congress/house-bill/2952/text
