Practices  |  Privacy & Cybersecurity

Cybersecurity, Privacy and Data Protection


Cybersecurity should be top of mind for companies of all sizes and industries. Wiley Rein’s cybersecurity team predicts that momentum will accelerate in 2018 with increasing regulatory activity, complex contractual challenges, closer government oversight and burgeoning international issues.

Cybersecurity efforts are underway in public-private partnerships, multistakeholder engagements, and federal agencies, but expectations are rarely found in the Code of Federal Regulation.  Congress is considering a variety of bills to address cyber in consumer devices and federal settings, and the Executive Branch has signaled impatience with private sector activity.  As a result, companies need sophisticated help to manage risks, apply evolving standards and best practices, and respond to threats. 

Wiley Rein has been deeply engaged on cybersecurity for over a decade.  In that time, our former senior government officials and leading practitioners have refined a multidisciplinary approach to the cybersecurity-related compliance, governance, contractual, litigation, and enforcement matters our clients face.  We draw on our internationally recognized Telecom, Media & Technology; Government Contracts; and Privacy and Cybersecurity practices, which give us deep understanding of our clients’ technologies, business models, and regulatory environments.   

Recent representative projects include:

  • Developing policies and procedures to help technology companies, critical infrastructure owners, business associations, nonprofits, defense contractors, and others manage cyber risks, including incident response plans and governance structures.  We also advise Boards of Directors.
  • Responding to Congressional and agency investigations into security issues and vulnerabilities.
  • Anticipating and shaping activity across the federal government (NTIA, NIST, FTC, DOJ, FCC, DHS, and the White House) involving cyber initiatives that directly and indirectly impact companies.   This includes the Cybersecurity Information Sharing Act of 2015; several Executive Orders; the NIST Framework for Improving Critical Infrastructure Cybersecurity; NIST publications; proceedings on botnets, market transparency, and the security of the communications and Internet infrastructure.
  • Advising clients on all aspects of successfully implementing new cybersecurity requirements for federal contractors, including DFARS 252.204-7012, Safeguarding Covered Defense Information, including:
    • Interpreting and applying NIST 800-171 security controls for contractor systems.
    • Drafting System Security Plans and Plans of Action and Milestones for addressing gaps.
    • Evaluating contractors’ information systems and applicability of regulation to same.
    • Assisting in corporate gap analyses and shaping compliance strategies.
  • Interfacing with CFIUS and “Team Telecom” to help clients with transactions involving foreign ownership, as well as national security compliance under mitigation and network security agreements. 
  • Incident handling and management, including mandatory and voluntary disclosures of cyber incidents to customers, regulators, and federal agency purchasers. We collaborate with law enforcement during incident responses to identify and investigate criminal hackers.
  • Managing vulnerability assessments, penetration testing, and third party security vendors to maximize privilege and assist in remediation planning.
  • Helping companies interact with DHS to share information and assess risks to business operations and critical infrastructure. This includes communications protected by the Cybersecurity Information Sharing Act of 2015 and the PCII program.
  • Engaging with agency customers to coordinate FISMA audits of contractor information systems, including negotiations involving the scope of audits and any potentially malicious penetration testing.
  • Leading computer forensic investigations to understand how a cyber incident occurred, evaluating the scope of the incident and determining attribution.
  • Negotiating contractual language for cybersecurity and data security obligations and indemnifications.
  • Assisting ISPs, telecoms, and other technology companies in responding to law enforcement requests for data and complying with the requirements of the Electronic Communications Privacy Act. 
  • Litigating dozens of matters involving cybersecurity and computer forensic evidentiary issues, including False Claims Act and Computer Fraud & Abuse Act cases. When needed, we have combined our litigation skills and government contracting background to handle cyber-related litigation. This includes cybersquatting litigation to end domain name hijacking and other exploitations.
  • Advising companies on the legality and risks of certain defensing and offensive measures, as well as federal policy on “hacking back,” and on the implementation of vulnerability disclosure programs or “bug bounty” programs.

Representative clients include several Tier 1 wireless providers and ISPs, major defense contractors, global satellite companies, health care providers and insurers, North American transportation leaders, computer science and information technology companies, technology and application innovators, global Internet retailers and cloud service providers, national and global trade associations, and other Fortune 500 companies.  With many professionals maintaining clearances, we are prepared to help organizations with any aspect of a cybersecurity challenge.

Contact Us

Megan L. Brown
202.719.7579 |

Matthew J. Gardner
202.719.4108 |

Jon W. Burd
202.719.7172 |

Our People

News & Insights

News & Insights