Department of Defense: Interim Rule on CyberSecurity

Data Breach

The Department of Defense has issued an Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS).

The specific focus is on new rules  which require contractor reporting on network penetrations.

Additionally, this Rule implements DoD policy on the purchase of cloud computing services.

The Interim Rule is here.

According to the Federal Registry:

This interim rule requires contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support. DoD is working to establish a single reporting mechanism for DoD contractor reporting of cyber incidents on unclassified information systems.

In addition, this rule also implements DoD policies and procedures for use when contracting for cloud computing services. The DoD Chief Information Officer (CIO) issued a memo on December 15, 2014, entitled “Updated Guidance on the Acquisition and Use of Commercial Cloud Computing Services” to clarify DoD guidance when acquiring commercial cloud services (See memo here: The DoD CIO also released a Cloud Computing Security Requirements Guide (SRG) Version 1, Release 1 on January 13, 2015, for cloud service providers to comply with when providing the DoD with cloud services (See SRG here: This rule implements these new policies developed within the DoD CIO memo and the SRG in the DFARS to ensure uniform application when contracting for cloud services across the DoD. The combination of the two statutes as well as the cloud computing policy will serve to increase the cyber security requirements placed on DoD information in contractor systems and will help the DoD to mitigate the risks related to compromised information as well as gather information for future improvements in cyber security policy.

Data Breach
Christopher Hopkins Speaks on “Protect Your Mediation Practice from Hackers” (Florida Dispute Resolution Conference 2022)

Thanks to the Florida Dispute Resolution Center for inviting me to speak about Protecting Your Mediation Practice from Hackers this year at their 2022 30th Annual Conference in Orlando. The PowerPoint for the presentation is here.

Data Breach
Christopher Hopkins to Speak on “Cybersecurity & Data Breach Risks in 2022” at the Florida Creditors Bar Association

Special thanks to the Florida Creditors Bar Association for inviting me to speak at their annual conference in Orlando this year. We discussed spear phishing, business email compromise, and man-in-the-middle attacks as well as ethics issues and practical steps how to protect lawyers and law firms from these risks. For …

Data Breach
Dangers of the Dark Web (Law Firm Leaders Summit 2021)

Is your data on the dark web? How about your usernames and passwords? Likely. At the Law Firm Leaders Summit this week in Orlando, I had the opportunity to discuss the dark web; three ways people get hacked; and how to find your information on the dark web. Thanks for …