UPCOMING WEBINAR:
Cyber Incident Response Liabilities and Strategies

PLEASE NOTE REVISED DATE

Wednesday, November 14th, 2018 at 1PM PST / 3PM CST / 4PM EST

Cost: Free Partnering with:
eResilience logo
eResilience logo

Synopsis


A top cybersecurity concern for the DoD contractor community is the supply chain and, more specifically, the DFARS compliance status of the supply chain and the extreme risk posed by many small businesses. Because Primes are responsible for the cybersecurity compliance of their supply chain, a more cautious approach to teaming is required to ensure continued eligibility for bidding and performing work on DoD contracts.

Cyber incident (a.k.a. "breach") reporting can be a big blind spot for many businesses within the supply chain. The clause at DFARS 252.204-7012, "Safeguarding Covered Defense Information and Cyber Incident Reporting", has required many defense contractors to focus on "safeguarding" CDI through compliance with NIST SP 800-171's 110 security requirements. However, few are prepared for the "cyber incident reporting" that requires contractors to handle and report cyber incidents correctly – or face significant and unexpected impacts when incidents occur, including forensic investigations, public relations nightmares, and legal costs. Moreover, these impacts can grow exponentially if compliance was misrepresented by the contractor or its supply chain, or if the contractor is not prepared to properly report the incident.

Today's mindset for the Defense Industrial Base must focus on being prepared for "when" a cyber incident occurs, not wondering "if" it will occur. This webinar will explore the liabilities companies face relating to incident response across the entire supply chain, as well as recommend strategies to minimize the risk and complexity associated with incident reporting.

Alexander Major Partner, McCarter & English LLP
Mr. Major is a co-leader of the firm’s Government Contracts & Export Controls Practice Group. Mr. Major focuses his practice on federal procurement, cybersecurity liability and risk management, and litigation. A prolific author and thought leader in the area of cybersecurity, his professional experience involves a wide variety of litigation and counseling matters dealing with procurement laws and federal regulations and standards. His diverse experience includes complex litigation in federal court under the qui tam provisions of the False Claims Act and bid protest actions. He counsels all sizes of companies on issues relating to compliance with government regulations including, among other things, cybersecurity (NIST, FIPS, FedRAMP, and DFARS) requirements, multiple award schedule compliance, etc. He also regularly conducts internal investigations to assist companies ensure that they are in full compliance with the law.
Franklin Turner Partner, McCarter & English LLP
Mr. Turner is a Co-Leader of the Government Contracts & Export Controls Practice Group. He is an innovative business lawyer with significant experience resolving complex government contracts issues for a broad array of companies – ranging from multinational, multibillion-dollar Fortune 500 corporations in the aerospace, defense, technology, health care and industrial supply sectors to small business intelligence and security services providers. Mr. Turner’s multifaceted practice includes prosecuting and defending bid protests, conducting internal investigations to ensure his clients’ compliance with federal procurement regulations and related statutes, preparing and submitting mandatory and voluntary disclosures, counseling prime contractors and subcontractors regarding disputes of all types and sizes, defending companies against False Claims Act allegations, and designing and implementing comprehensive regulatory compliance programs.
Tim Williams Technical Director, eResilience
Mr. Williams is a Chief Security Architect with expertise in DoD/NSA cross-domain security architectures and enterprise systems. He has over 34 years of success in providing product design, development, and integration guidance for commercial and government secure and accredited systems. Mr. Williams is a subject matter expert for design and deployment of NSA Commercial Solutions for Classified (CSfC) systems and support for customers implementing NIST RMF, DoDRMF and NIST Cybersecurity Frameworks. He has performed risk and security control assessments based on NIST guidelines (800-30 and 800-53a) for public and private organizations and has worked with DoD red and blue teams during large cyber exercises. Mr. Williams has developed and worked through the evaluation process for meeting the FIPS 140-2, Common Criteria EAL-4 requirements. He holds six patents in the multi-level security area and secure virtualization.