Webinar - Cybersecurity - Cover Image

GW Law Webinar – Cybersecurity: Adapting Legal Solutions to New Threats and Old Adversaries

Tuesday, 2 February 2021 – 9 am ET, 15:00 CET

Join a free one-hour webinar hosted by George Washington University Law School’s Government Procurement and National Security/Cybersecurity programs, to discuss emerging threats and solutions in cybersecurity and public procurement.

Panelists:  Sandeep Kathuria (Leidos), Lisa Schenck (GW Law), Paul Rosenzweig (R Street Institute), Kate Growley (Crowell & Moring), Alexander Canizares (Perkins Coie), Moshe Schwartz (President, Etherton & Associates), Sam Singer (Boeing) and Christopher Yukins (GW Law)

  • SolarWinds hackPaul Rosenzweig (Senior Fellow, R Street) will review what happened and why, and possible legal implications.
    • In a Washington Post commentary (firewall) on the SolarWinds hack, columnist David Ignatius argued that the breach reflected a new and very dangerous kind of espionage, which calls for new legal solutions and a coordinated public-private response.
    • Tom Temin, How SolarWinds Could Have Been Prevented (Dec. 22, 2020) (NIST fellow Ron Ross on the need to assess vulnerabilities across a system).
    • Michael Garland, After Solar Winds, It’s Time for a National Software Security Act, Federal Comp. Week (Dec. 16, 2020) (arguing that “Congress should look broadly to regulating the software industry as a whole” to mitigate risks).
    • In a notice of January 25, 2021, the Administrative Office of the U.S. Courts reported that the Solar Winds breach had apparently included secure records in the federal courts’ Case Management/Electronic Case Files system (CM/ECF). As a result, the U.S. courts announced new procedures, under which “highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system.” Federal courts across the country have issued implementing orders; the U.S. District Court for the District of Columbia has ordered, for example, that classified materials and especially sensitive commercial materials under seal (which are defined as “highly sensitive”) are not to be filed on the CM/ECF online system.
  • Biden administration agenda in cybersecurity: Sandeep Kathuria will discuss the billions of dollars in cybersecurity funding proposed by the incoming Biden administration in response to the SolarWinds hack, as part of a new COVID-19 fiscal stimulus, the American Rescue Plan. Sandeep will also discuss recommendations from the Cyberspace Solarium Commission, a congressionally mandated commission which recently published a “Transition Book for the Incoming Biden Administration” which outlined potential goals in cybersecurity for the new administration.
  • National Defense Authorization Act (NDAA) for Fiscal Year 2021 – Moshe Schwartz (President, Etherton & Associates) will brief on critical cybersecurity provisions in the most recent NDAA (see analyses by CNN, FedScoop and Nextgov). For a discussion of the Act’s cybersecurity provisions (and other key elements), see Michael Schaengold, Moshe Schwartz, Melissa Prusock & Danielle Muenzfeld, Feature Comment: The Significance Of The FY 2021 National Defense Authorization Act To Federal Procurement Law – Part I, 63 Gov. Contractor para. 20 (Jan. 20, 2021), and Part II, 63 Gov. Contractor para. 24 (Jan. 27, 2021).  
  • Section 889 and the “Huawei ban” – Sam Singer (Senior Counsel, Cyber – Boeing) will address the emerging Chinese threat and compliance challenges under the interim rule implementing Section 889 of the National Defense Authorization Act (NDAA) for FY2019– the “Huawei ban” (see comments on the interim rule); in this context, the panel will discuss Great Powers and trade issues.
    • Interim rule on Transactions Involving Information and Communications Technology: Sam Singer will also address the interim rule published on January 19, 2021 by the Department of Commerce to implement Executive Order 13873, “Executive Order on Securing the Information and Communications Technology and Services Supply Chain” (May 15, 2019). This interim rule (assessed here by the Wiley law firm) describes the processes and procedures that the Department of Commerce will use to identify, assess, and address the undue or unacceptable risks that may be posed by certain transactions between U.S. persons and foreign persons that involve information and communications technology or services designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of certain foreign adversaries (identified in the interim rule as China, Russia, Iran, North Korea, Cuba, and Venezuelan politician Nicolás Maduro).
    • In an April 2019 paper, Professor Joel Trachtman (Tufts’ Fletcher School of Law & Diplomacy) assessed whether trade barriers involving the Internet of Things (IoT) — such as the Huawei ban — may violate international trade obligations.
    • The National Institutes of Standards & Technology (NIST) has published draft standards for integrating devices (such as networked cameras) from the “Internet of Things” (“IoT”) into the federal infrastructure, IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements, Draft NIST Special Publication 800-213 (Dec. 2020).
    • Thomas D. Grant (University of Cambridge, Lauterpacht Research Centre for International Law) & F. Scott Kieff (GW Law), Great Powers and New Risks: What Businesses and Regulators Should Know about China’s Strategic Ambitions (October 1, 2020). Orbis (forthcoming Volume 65, Winter 2021), published by Elsevier Ltd. for the Foreign Policy Research Institute, GWU Legal Studies Research Paper No. 2021-01, GWU Law School Public Law Research Paper No. 2021-01 (discussing new risks posed by the fusion of military and civil functions in Chinese society), available at https://ssrn.com/abstract=3761811.
  • DoD’s Cybersecurity Maturity Model Certification (CMMC)Alexander Canizares (Perkins Coie) will speak on next steps in the CMMC program; the panel will discuss trade and cooperation issues with U.S. allies and the Congressional Research Service report on CMMC. A CMMC background paper prepared for GW Law’s Procurement Reform seminar is here.
    • In a January 2021 paper, “Protectionism or Perfectionism: Exploring The International Trade Implications of DoD’s Cybersecurity Maturity Model Certification,” GW Law student Jayme Selinger (MIT Lincoln Labs) pointed out that the CMMC was not developed in accordance with international norms for transparent, nondiscriminatory technical standards; as a result, implementing CMMC could lock out foreign vendors with valuable solutions for the U.S. Defense Department. Notably, in section 850 of the most recent National Defense Authorization Act, Public Law No. 116-283, Congress — recognizing the important roles that vendors from allied nations play in the defense industrial base — called for Defense Department recommendations on how to “expand the defense industrial base to leverage . . . capabilities of allies and partner countries.”
    • The European Union is following its own strategy to bolster cybersecurity.

Immediately after the webinar, please feel free to join a separate off-the-record online meeting to discuss compliance challenges in cybersecurity. This will be an informal opportunity, co-moderated by Sandeep Kathuria and Kate Growley, to share lessons learned in addressing emerging threats and implementing new legal solutions.

Presented with the kind cooperation of several committees of the American Bar Association (ABA) Public Contract Law Section.

REGISTER HERE: FOLLOW-ON MEETING ON COMPLIANCE CHALLENGES
Registrants from five continents, across the world