Ashden Fein

Ashden Fein

Ashden Fein advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance.

For cybersecurity matters, Mr. Fein counsels clients on preparing for and responding to cyber-based attacks, assessing security controls and practices for the protection of data and systems, developing and implementing cybersecurity risk management and governance programs, and complying with federal and state regulatory requirements. Mr. Fein frequently supports clients as the lead investigator and crisis manager for global cyber and data security incidents, including data breaches involving personal data, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, and destructive attacks.

Additionally, Mr. Fein assists clients from across industries with leading internal investigations and responding to government inquiries related to the U.S. national security. He also advises aerospace, defense, and intelligence contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), U.S. government cybersecurity regulations, and requirements related to supply chain security.

Before joining Covington, Mr. Fein served on active duty in the U.S. Army as a Military Intelligence officer and prosecutor specializing in cybercrime and national security investigations and prosecutions — to include serving as the lead trial lawyer in the prosecution of Private Chelsea (Bradley) Manning for the unlawful disclosure of classified information to Wikileaks.

Mr. Fein currently serves as a Judge Advocate in the U.S. Army Reserve.

Subscribe to all posts by Ashden Fein

Department of Defense’s Interim Rule Imposes New Assessment Requirements But is Short on Detail on Implementation of CMMC

On September 29, 2020, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework.  The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 … Continue Reading

Navy Modifies Acquisition Supplement to Tighten Cybersecurity Requirements and Implement the Geurts Memorandum

Almost a year after Assistant Secretary of the Navy James Geurts issued his September 28, 2018 memorandum (Geurts Memo) imposing enhanced security controls on “critical” Navy programs, the Navy has issued an update to the Navy Marine Corps Acquisition Regulations Supplement (NMCARS) to implement those changes more formally across the Navy.  Pursuant to this update, a new … Continue Reading

China Seeks Public Comments for Draft Cybersecurity Regulations

On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply with different levels of … Continue Reading
LexBlog