Photo of Erik Dullea

Erik Dullea

Subscribe to Erik Dullea's Posts

As head of Husch Blackwell’s Cybersecurity practice group, Erik assists clients in all aspects of cybersecurity and information security compliance and data breach response. Erik previously served as the acting deputy associate general counsel for the National Security Agency’s cybersecurity practice group before returning to the firm in 2023.

Follow:Read more about Erik DulleaErik's Linkedin Profile
Alert Data Center Ransomware

The increased concern about ransomware incidents from both quantitative and severity standpoints, spurred the White House to urge corporate business leaders to improve their defenses and resilience posture against ransomware attacks. In a June 2, 2021 open letter to Corporate Executives and Business Leaders (the Letter), Anne Neuberger, the White House Deputy National Security Advisor for Cyber and Emergency Technology, appealed for business leaders to act following on the heels of the President’s directives to federal agencies and contractors.

Continue Reading The Private Sector Should Heed White House Warning on Cyber Resilience Because Compliance is Coming

On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity at federal agencies by working collaboratively within government, industry and academia. Pub. L. No. 116-207 § 2.

The IoT Act mandates specific actions by the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) regarding: (i) standards and guidelines for IoT devices, (ii) determining whether federal agencies adhere to those standards, (iii)implementing guidelines to disclose security vulnerabilities to contractors and report the resolution of those vulnerabilities.

Continue Reading What Does the Internet of Things (IoT) Cybersecurity Improvement Act Mean for Government Contractors?

The 1996 Congressional Review Act has been getting a lot of use since President Trump’s inauguration. On March 27, 2017, President Trump signed House Joint Resolution 37, revoking the “blacklisting regulations” put in place following former President Obama’s July 2014 Executive Order on Fair Pay and Safe Workplaces (EO 13673). As we discussed in an earlier post, the EO and the regulations implementing it directed federal agencies to take into account an employer’s workplace safety and other labor law violations as part of the their procurement decisions.

The CRA is an obscure legislative tool that can rescind recent executive actions, and thereby limit agency authority. Under the CRA, Congress has 60 legislative days (which are counted differently than calendar or business days) to pass a “joint resolution of disapproval” in the House and Senate. Joint resolutions of disapproval cannot be filibustered. A simple majority in both houses of Congress can overturn agency rules and regulations if the president signs the joint resolution.

There were significant questions regarding due process concerns with the blacklisting regulations. Industry strongly criticized the regulations because they allowed agencies to exclude contractors based on mere accusations, such as safety citations that had not yet gone through any adjudicatory proceedings.

Revoking the blacklisting regulations was the first of several actions President Trump and his allies in Congress intend to pursue to reduce the administrative/regulatory burdens on employers.

Continue Reading Will the rollback of Obama’s executive orders be permanent?

According to Shakespeare, “What’s done cannot be undone.” This may not be true with respect to many of the regulations implementing President Obama’s Executive Orders.

Let’s look at the fate of the rules implementing Executive Order 13673 (July 2014), formally called “Fair Pay and Safe Workplaces.” The DOL guidance and the FAR provisions implementing this Order were commonly referred to as “the blacklisting rules.”

The final blacklisting rules were published on August 25, 2016. Industry moved quickly to challenge them. An October 24, 2016 preliminary injunction issued by United States District Judge Marcia Crone stopped most of them from going into effect. Judge Crone’s order cites two constitutional problems with the blacklisting rules. First, they likely violate contractors’ due process rights because they require contractors to report mere allegations of labor law violations without the benefit of judicial or quasi-judicial safeguards to contest them. Second, they likely violate contractors’ First Amendment rights because they require contractors to “to report that they have violated one or more labor laws and to identify publicly the ‘labor law violated’ along with the case number and agency that has allegedly so found” even when there had been no adjudication.
Continue Reading The fate of “Fair Pay and Safe Workplaces” under President Trump

The FAR Council and the Department of Labor have published the final versions of their respective final rule and DOL guidance implementing the President’s July 2014 Executive Order entitled “Fair Pay and Safe Workplaces”—EO 13673.

Detractors frequently refer to EO 13673 as the “Blacklisting” or “Bad Actors” Executive Order. The order and the new regulations purport to promote efficiency in government procurement by ensuring that federal agencies contract only with “responsible” contractors that comply with federal and state workplace protection laws.

This objective is already a well-established requirement of the government’s procurement rules. The regulations impose additional administrative burdens on current and future contractors, adding an element of uncertainty to future contract award decisions, but only achieving marginal improvements in workplace law compliance.
Continue Reading Fair Pay and Safe Workplaces—the final rules implementing Executive Order 13673