Skip to content
Photo of Susan B. Cassidy

Susan B. Cassidy

Susan is co-chair of the firm’s Aerospace and Defense Industry Group and is a partner in the firm’s Government Contracts and Cybersecurity Practice Groups. She previously served as in-house counsel for two major defense contractors and advises a broad range of government contractors on compliance with FAR and DFARS requirements, with a special expertise in supply chain and cybersecurity requirements. She has an active investigations practice and advises contractors when faced with cyber incidents involving government information. Susan relies on her expertise and experience with the Defense Department and the Intelligence Community to help her clients navigate the complex regulatory intersection of cybersecurity, national security, and government contracts. She is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. In 2023, Chambers USA quoted sources stating that “Susan's in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Her clients range from new entrants into the federal procurement market to well established defense contractors and she provides compliance advices across a broad spectrum of procurement issues. Susan consistently remains at the forefront of legislative and regulatory changes in the procurement area, and in 2018, the National Law Review selected her as a “Go-to Thought Leader” on the topic of Cybersecurity for Government Contractors.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

  • Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 7012, and NIST SP 800-171 requirements,
  • Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 and limitations on sourcing from China
  • Federal Acquisition Security Council (FASC) regulations and product exclusions,
  • Controlled unclassified information (CUI) obligations, and
  • M&A government cybersecurity due diligence.

Susan has an active internal investigations practice that assists clients when allegations of non-compliance arise with procurement requirements, such as in the following areas:

  • Procurement fraud and FAR mandatory disclosure requirements,
  • Cyber incidents and data spills involving sensitive government information,
  • Allegations of violations of national security requirements, and
  • Compliance with MIL-SPEC requirements, the Qualified Products List, and other sourcing obligations.

In addition to her counseling and investigatory practice, Susan has considerable litigation experience and has represented clients in bid protests, prime-subcontractor disputes, Administrative Procedure Act cases, and product liability litigation before federal courts, state courts, and administrative agencies.

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Prior to joining Covington, Susan served as in-house senior counsel at Northrop Grumman Corporation and Motorola Incorporated.

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through June 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during July 2024.  It also describes key actions taken during July 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.Continue Reading July 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

This is the seventh in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the secondthirdfourthfifth, and sixth blogs described the actions taken by various government agencies to implement the EO during June, July, August, September, and October 2021, respectively.  This blog summarizes the key actions taken to implement the Cyber EO during November 2021.

Although most of the developments in November were directed at U.S. Government agencies, the standards being developed for such agencies could be imposed upon their contractors or otherwise be adopted as industry standards for all organizations that develop or acquire software.Continue Reading November 2021 Developments Under President Biden’s Cybersecurity Executive Order

On May 12, the Biden Administration issued an “Executive Order on Improving the Nation’s Cybersecurity.”  The Order seeks to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by modernizing federal networks, enhancing the federal government’s software supply chain security, implementing enhanced cybersecurity practices and procedures in the federal government, and creating government-wide plans for incident response.  The Order covers a wide array of issues and processes, setting numerous deadlines for recommendations and actions by federal agencies, and focusing on enhancing the protection of federal networks in partnership with the service providers on which federal agencies rely.  Private sector entities, including federal contractors and service providers, will have opportunities to provide input to some of these actions.
Continue Reading President Biden Signs Executive Order Aimed at Improving Government Cybersecurity

On the eve of the recent government shutdown over border security, Congress and the President were in agreement on a different issue of national security: mitigating supply chain risk. On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (the “SECURE Technology Act”) (P.L. 115-390). The Act includes a trio of bills that were designed to strengthen the Department of Homeland Security’s (“DHS”) cyber defenses and mitigate supply chain risks in the procurement of information technology. The last of these three bills, the Federal Acquisition Supply Chain Security Act, should be of particular interest to contractors that procure information technology-related items related to the performance of a U.S. government contract. Among other things, the bill establishes a Federal Acquisition Security Council, which is charged with several functions, including assessing supply chain risk. One function of the Council is to identify, as appropriate, executive agencies to provide common contract solutions to support supply chain risk management activities, such as subscription services or machine-learning-enhanced analysis applications to support informed decision making. The bill also gives the Secretary of DHS, the Secretary of the Department of Defense (“DoD”) and the Director of National Intelligence authority to issue exclusion and removal orders as to sources and/or covered articles based on the Council’s recommendation. Finally, the bill allows federal agencies to exclude sources and/or covered articles deemed to pose a supply chain risk from certain procurements.
Continue Reading AI Update: Jumping to Exclusions: New Law Provides Government-Wide Exclusion Authorities to Address Supply Chain Risks

Computer code on a screenLast month, President Trump signed into law the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (“NDAA” or the “Act”), which, among other things, includes provisions addressing the development and use of artificial intelligence (“AI”) in the context of national security and defense.
Continue Reading AI Update: NDAA Renewal Addresses Uses and Implications of AI in National Security Context

In a memorandum issued June 27, 2018, Deputy Secretary of Defense Patrick Shanahan ordered the establishment of the Joint Artificial Intelligence Center (“JAIC”) within DoD.  The JAIC will report to DoD Chief Information Officer (“CIO”) Dana Deasey and has the “overarching goal of accelerating the delivery of AI-enabled capabilities, scaling the Department-wide impact of AI, and synchronizing DoD AI activities to expand Joint Force advantages.”  With the creation of the JAIC, the DoD has acknowledged that the AI “effort is a Department priority,” and one to which government contractors should pay attention.

The JAIC will be the primary organizational component responsible for coordinating and executing DoD’s 2018 Artificial Intelligence Strategy, which was delivered to Congress in June. Although an unclassified version of the report is not out yet, the memorandum elaborates upon what is in the report by stating that “A new approach is required to increase the speed and agility with which we deliver AI-enabled capabilities and adapt our way of fighting.”Continue Reading AI Update: Department of Defense Establishes Joint Artificial Intelligence Center

Timothy M. Persons, GAO Chief Scientist Applied Research and Methods, recently provided testimony on artificial intelligence (“AI”) before the House of Representatives’ Subcommittees on Research and Technology and Energy, Committee on Science, Space, and Technology.  Specifically, his testimony summarized a prior GAO technological assessment on AI from March 2018.  Persons’ statement addressed three areas:  (1) AI has evolved over time; (2) the opportunities and future promise of AI, as well as its principal challenges and risks; and (3) the policy implications and research priorities resulting from advances in AI.  This statement by a GAO official is instructive for how the government is thinking about the future of AI, and how government contractors can, too.

The Evolution and Characteristics of AI

Persons stated that AI can be defined as either “narrow,” meaning “applications that provide domain-specific expertise or task completion,” or “general,” meaning an “application that exhibits intelligence comparable to a human, or beyond.”  Although AI has evolved since the 1950s, Persons cited today’s “increased data availability, storage, and processing power” as explanations for why AI occupies such a central role in today’s discourse.  And while we see many instances of narrow AI, general AI is still in its formative stages.Continue Reading AI Update: GAO Testimony Before Congress Regarding Emerging Opportunities, Challenges, and Implications for Policy and Research with Artificial Intelligence

Inflection Point for IoT

In a relatively short amount of time, the adoption of the Internet of Things (IoT) and its applications— from smart cars to the myriad of interconnected sensors in the General Service Administration building reminiscent of HAL 9000 from 2001: A Space Odyssey— has rapidly proliferated, providing significant opportunities and benefits. However,
Continue Reading Covington Internet of Things Update: Latest NIST Draft Report a Call to Action for Federal Agencies and Private Companies