Cybersecurity & Critical Infrastructure Protection
Cybersecurity is an ever-evolving dynamic to protect networks, systems, programs and data from attack, damage or unauthorized access. Enhancing the security of your critical infrastructure will help reduce risk, increase detection and mitigate a known or suspected cybersecurity threat or security vulnerability.
The Cybersecurity Act of 2015 creates a legal framework to facilitate and encourage the confidential sharing of private sector cybersecurity threat information with the Federal government and specifically with the Department of Homeland Security (DHS). While the Act emphasizes that the information sharing framework is voluntary – Federal agencies may require the private sector to participate in cyber threat information sharing based upon contractual relationships or sector-specific oversight mechanisms. The law also requires privacy protection measures be taken prior to sharing information with the government. The statute also authorizes businesses to engage in cybersecurity monitoring and take “defensive measures” to protect its rights and property. Additionally, the Cybersecurity Act provides certain liability protections for the private sector entity related to cybersecurity information sharing and authorized network monitoring.
Likewise, new cybersecurity rules have also been included in FAR 52.204–21, addressing the safeguarding of “covered contractor information systems,” and DFARS 252.204-7012, that focuses on safeguarding and reporting breaches of “covered defense information.”
Long Law Firm can advise your company on the implications and requirements of cybersecurity laws, regulations and policies. We can help your company safeguard sensitive information and formulate or revise policies, to include privacy policies, to comply with the new laws, new technologies or changes in your business operations.
We can help you identify cyberthreat information that can be legally shared and interface with the appropriate government entities to facilitate sharing and ensure your information is protected from disclosure under the Freedom of Information Act (FOIA) and other open-government laws. Long Law Firm can also advise you on meeting federal acquisition and contracting cybersecurity requirements.
Insider Threat Programs
In today’s ever-advancing technological age, industry and corporations must be vigilant to protect their sensitive and proprietary information. Developing plans and programs to detect, deter and mitigate the unauthorized access of individuals that have or gain access to your systems and information is a key security component of any successful business. We can advise you on developing an insider threat plan/program.
The National Industrial Security Program Operating Manual (NISPOM) requires government contractors to establish and maintain a program to detect, deter and mitigate insider threats. Although cleared contractors are already obligated to protect classified information, updates to the NISPOM in May 2016 imposed new requirements for contractors to implement insider threat programs. These new NISPOM changes are narrowly focused on classified contracts; however, cleared government contractors may wish to consider implementing an insider threat program as part of an overall effort to meet the new cybersecurity requirements in the Federal Acquisition Regulations (FAR) that address the safeguarding of covered contractor information systems, and the Defense Federal Acquisition Supplement, that focuses on safeguarding and reporting breaches of covered defense information.
Long Law Firm can advise you in developing plans and programs to protect sensitive business information or to meet federal contract requirements.