Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking water and wastewater facilities by specific Iran- and China-aligned hackers. The following month (on April 4, 2024), in an attempt to prepare for such attacks and otherwise improve the federal government’s ability to collect and analyze data related to cyber incidents on critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) issued a proposed rule to implement cyber incident reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Enacted in an omnibus appropriation, CIRCIA directed CISA to issue rulemaking requiring the reporting of cyber incidents or the payment of ransoms in response to cyberattacks affecting critical infrastructure.  Continue Reading CISA’s CIRCIA Proposed Rule: Another Player Enters the Reporting Regime

In 2006, the documentary An Inconvenient Truth chronicled former Vice President Al Gore’s efforts to educate the public on the consequences of climate change. In the sixteen years since the Academy Award-winning film was released, public interest in the impact that greenhouse gas (GHG) emissions have had, are having, and will have on our planet has increased exponentially. Most recently, at the 27th U.N. Climate Conference (COP27), countries from around the globe came together to discuss the implementation of battle plans to combat climate change. One such plan, which was discussed at COP 27 by President Biden, is a new Proposed Rule that would require “significant” and “major” federal contractors to disclose their GHG emissions and climate-related financial risk as well as set science-based targets to reduce their GHG emissions. If and when the Proposed Rule is finalized, it will have seismic implications for contractors, in that it ties contractor responsibility (i.e., a contractor’s ability to receive federal awards) to compliance with these requirements.
Continue Reading An Inconvenient Requirement: New Proposed Rule Would Require Federal Contractors to Disclose Greenhouse Gas Emissions

On January 4, 2021, the National Institute of Standards and Technology (NIST) published proposed rules for comment changing regulations promulgated under the Bayh-Dole Act (35 U.S.C. §§ 200-204), which allow businesses and nonprofit institutions, in most circumstances, to take title to inventions made under federally funded projects (subject inventions) and to freely commercialize items, and methods used to produce items, embodying subject inventions.
Continue Reading NIST on Track to Clarify Bayh-Dole to Ensure High Prices Cannot Be Used as Grounds for Exercising March-in Rights – Or Is It?

Akin to the exasperations of the newly minted “homeschool teachers” the pandemic has created, the Biden administration’s recent Executive Order on Improving the Nation’s Cybersecurity (Order) is a mix of sound logic and utter frustration. The lengthy and sweeping Order is resoundingly one of the most comprehensive national cybersecurity overhauls to date and ushers the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) into a forward-leaning position of leadership that has been missing since its inception. In addition to requiring significant improvements to the cybersecurity posture of the Federal Civilian Executive Branch (FCEB) agencies, the Order also prescribes (i) the implementation of cyber incident sharing requirements between the Government and private industry; (ii) the necessary demands of security on software development; and (iii) the inclusion of software bills of materials, operational technology (e.g., industrial machining), and the internet of things in the fabric of cybersecurity regulations. Set against the backdrop of an ambitious timeline that calls for drastic changes before the end of this fiscal year—i.e., September 30, 2021—the Order requires that the Federal government scale administrative mountains at breakneck speed while simultaneously working with the industry and developing new regulations with which contractors will have to comply in short order. Accordingly, while a brief summary of the Order is provided below, the size and magnitude of the Order call for a larger analysis. Accordingly, we have prepared a user-friendly Analysis of the Order that includes considerations for manufacturers and government contractors. Additionally, to better explain the compliance timeline associated with the Order, a listing of the EO Key Dates is provided for convenience.
Continue Reading Enough’s Enough: A New Executive Order Signals Sweeping Changes to Federal Cybersecurity Requirements

Although many of us have canceled vacations during this (unusual) year, summer is nevertheless upon us. While we wholeheartedly recommend firing up the grill and enjoying the sunshine in the coming months, companies planning to enter into joint venture (JV) agreements to compete for Government contracts should first make sure that they set aside some time to consider the impacts of proposed changes coming to the Federal Acquisition Regulation (FAR). These changes have the potential to create significant opportunities for both veteran Government contractors and new entrants to the federal marketplace who might consider competing for procurements through JV agreements.
Continue Reading Proposed Rule Introduces Critical Changes for SBA Contractors