On February 28, 2024, President Biden announced an Executive Order directing the Department of Justice to promulgate regulations that restrict or prohibit transactions involving certain bulk sensitive personal data or United States Government-related data and countries of concern or covered persons. The DOJ’s initially identified countries are China (including Hong Kong and Macau), Russia, Iran

A pair of government contract-related initiatives may mark a new path for federal cybersecurity efforts.  Past federal initiatives have attempted to use the enormous leverage of federal contract spending to incentivize contractors to protect governmental data, but 2021 saw the Biden Administration launch a significant two-pronged attack on the issue through a new Executive Order and a new civil fraud initiative at the Department of Justice.

Significantly, the Biden Administration’s approach of using an Executive Order to mandate cybersecurity requirements for government contractors and their vendors will affect a large portion of the U.S. economy, without the need for congressional action.  While an Executive Order cannot dictate cybersecurity measures for private companies, the Order does require stricter software security standards for vendors and publication of enhanced National Institute of Standards and Technology (NIST) guidelines that address supply chain security. These provisions would require all vendors who provide services to meet these standards before they could contract with federal agencies.Continue Reading How FAR Can Raise the Cybersecurity Bar

Digital LockOn Friday, December 4, 2020, H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, was signed into law. The bipartisan bill was sponsored by Senators Mark Warner (D-VA) and Cory Gardner (R-CO) in the Senate and Representatives Robin Kelly (D-IL), and Will Hurd (R-TX) in the House. The new law will require IoT devices “owned or controlled” by the federal government to meet minimum security standards that address network vulnerabilities, and it may have significant implications for government contractors. It was introduced in response to a series of distributed denial of service (DDoS) attacks in 2016, in which the Mirai malware variant was used to compromise tens of thousands of IoT devices, causing a severe disruption in commercial web services.Continue Reading Meet the US’s New Federal IoT Cybersecurity Law