Photo of Philip Lee

Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking water and wastewater facilities by specific Iran- and China-aligned hackers. The following month (on April 4, 2024), in an attempt to prepare for such attacks and otherwise improve the federal government’s ability to collect and analyze data related to cyber incidents on critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) issued a proposed rule to implement cyber incident reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Enacted in an omnibus appropriation, CIRCIA directed CISA to issue rulemaking requiring the reporting of cyber incidents or the payment of ransoms in response to cyberattacks affecting critical infrastructure.  Continue Reading CISA’s CIRCIA Proposed Rule: Another Player Enters the Reporting Regime

What do you think is going to be scarier—artificial intelligence (AI) or the government’s effort to regulate AI? On October 30, 2023, the White House issued Executive Order (E.O.) 14410, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. As the federal government’s latest foray into harnessing AI, this E.O.—like those before it, generally—recognizes that AI offers extraordinary potential and promise, provided that it is harnessed responsibly to prevent the exacerbation of societal harms. Since E.O. 14410, there has been a flurry of activity in the federal government, including guidance and policies providing an indication of how agencies can/should/will harness AI to support agency objectives. While we are far from a situation similar to Skynet from the Terminator franchise or HAL 9000 from 2001: A Space Odyssey, the government’s accelerated activity to reap AI’s potential benefits far outpaces the provision of actionable guidance so contractors can understand and adapt to what will be required in offering AI products and services to the government. So let’s open the pod bay doors and explore…Continue Reading Executive Order 14410: An Artificial Intelligence Odyssey

On December 26, 2023, the Department of Defense (“DoD”) belatedly gifted defense contractors and subcontractors a Proposed Rule on the Cybersecurity Maturity Model Certification (“CMMC”) Program. DoD also released eight CMMC guidance documents, providing interested parties a one-two combo of what to expect under the Program. The Proposed Rule has already received over 100 comments. With commenting open until February 26, 2024, will DoD proceed with a final rule, or is the Proposed Rule a Groundhog Day scenario with DoD further delaying final implementation of the CMMC Program?Continue Reading DoD’s Proposed CMMC Rule: Groundhog Day… or a Final Rule in the Works?

On October 25, 2023, the Department of Defense (DoD) published a Proposed Rule amending the Department of Defense Federal Acquisition Regulation Supplement (DFARS) and permanently authorizing the DoD Mentor-Protégé Program (DoD MP Program). In addition, the Proposed Rule makes several changes to the program—the most prominent of which include (a) lowering barriers to entry and (b) adding additional benefits for prospective mentors and protégés. Before we dive in to the Proposed Rule, a brief history of the DoD MP Program is in order.Continue Reading DoD Mentor-Protégé Program Solidified under Proposed Rule

In a previous post, we mentioned the April 27, 2023 Small Business Administration (SBA) Final Rule, which made a number of revisions to the Small Business Regulations. A few of those revisions relate to the Ostensible Subcontractor Rule, a topic that has confused contractors for years. The Final Rule seeks to clear up that confusion, or at least some of it. Specifically, the Final Rule revises 13 CFR 121.103(h) to (1) clarify how the Ostensible Subcontractor Rule applies to general construction contracts and (2) provide guidance on the utilization of the DoverStaffing factors in determining whether a subcontractor is an “ostensible subcontractor.”Continue Reading Ostensible Clarity: SBA Rule Addresses Ostensible Subcontractor Rule in General Construction Contracts and DoverStaffing Factors