By Robert Nichols, Susan Booth Cassidy, Anuj Vohra, Kayleigh Scalzo, and Catlin Meade
President Obama has identified “cyber threats” as “one of the gravest national security dangers that the United States faces.”1 Indeed, U.S. federal agency computer systems are subject to billions of cyber attacks every month.2 The U.S. Government does not publish statistics regarding cyber attacks on its contractors. But without a doubt, contractors face a similar proliferation of attempted breaches to their information systems. The U.S. Government and its contractors are frequent cyber targets in part because the Government “is the largest single producer, collector, consumer, and disseminator of information in the United States and perhaps the world.”3 This repository of information includes highly classified national security secrets, details on the operations and security systems of the nation’s critical infrastructure, public- and private-sector intellectual property, and the personal information of private individuals. Such data are often stored on or flow through contractor systems, which increasingly are tied to Government information technology (IT) networks. The Legislative and Executive Branches have responded by issuing various laws, regulations, policies, and guidance that apply to federal agencies and, increasingly, to contractors.