Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
Ashden Fein advises clients on cybersecurity and national security matters, including crisis management and incident response, government and internal investigations, and complex regulatory matters.
For cybersecurity matters, Mr. Fein specifically counsels clients on preparing for and responding to cyber-based attacks, assessing their security controls and practices for the protection of data and systems, developing and implementing cybersecurity programs, and complying with federal and state regulatory requirements. Mr. Fein also has been the lead investigator and crisis manager for multiple complex cyber and data security incidents, including data security breaches involving millions of affected consumers, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, and destructive attacks.
On national security issues, Mr. Fein assists clients with sensitive national security investigations and responding to government inquiries. He also advises aerospace, defense, and intelligence contractors on security compliance, including under the National Industrial Security Program (NISPOM) and U.S. Government cybersecurity regulations. He represents foreign and domestic clients in various industries in securing the approval the Committee on Foreign Investment in the United States (CFIUS), as well as ongoing compliance matters related to mitigation agreements with CFIUS.
While on active duty, he specialized as a military prosecutor focused on cybercrime and national security investigations and prosecutions -- to include serving as the lead trial attorney in the prosecution of Privacy Chelsea (Bradley) Manning for the unlawful disclosure of classified information to Wikileaks.
Mr. Fein currently serves as a Judge Advocate in the U.S. Army Reserve.
- Counsel to multiple Fortune 100 companies in responding to data and cybersecurity incidents, including, among others, stolen personal information and multiple attacks by Advanced Persistent Threats directed at the intellectual property or sensitive data of defense, life sciences, and technology companies.
- Represents clients before the Federal Trade Commission, Department of Defense, and the Intelligence Community on cybersecurity and data breach matters.
- Represent clients from across industries with development of cyber and information security policies, including incident response preparation and training.
- Advise companies on issues of cybersecurity, cooperation with law enforcement, and public policy.
- Counsel to cleared U.S. companies in responding to government investigations of sensitive national security matters, compliance with the NISPOM and specific security requirements, and FOCI mitigation.
- Counsel to multiple foreign-owned companies on data and cybersecurity issues involved in national security reviews conducted by the Committee on Foreign Investment in the United States (CFIUS).
Pro Bono
- Represent non-profit organizations to assist with development of global cybersecurity and privacy policies.
Memberships and Affiliations
- U.S. Army Reserve, Judge Advocate General Corps
- American Bar Association, Standing Committee on Law and National Security and Information Security Committee
Previous Experience
- Lead Trial Attorney, United States v. Private Chelsea (Bradley) Manning (WikiLeaks), United States Army (2010-2014)
- Division Chief and Senior Trial Attorney, United States Army (2009-2010)
- Brigade Judge Advocate and Trial Attorney, United States Army (2008-2009)
- Military Intelligence Officer and Counterintelligence Agent, United States Army (2002-2007)
November 12, 2018
WASHINGTON—Covington is advising private equity firm Veritas Capital on healthcare and other regulatory aspects of its recently announced deal to acquire athenahealth for approximately $5.7 billion. athenahealth is a leading provider of network-enabled services for hospital and ambulatory customers nationwide. Rujul Desai and Ian Brekke are leading the Covington ...
October 24, 2018, Inside Privacy
On September 30, 2018, China’s Ministry of Public Security (“MPS”) released the Regulation on the Internet Security Supervision and Inspection by Public Security Organs (the “Regulation”;《公安机关互联网安全监督检查规定》), which will take effect on November 1, 2018. As the latest regulation issued by MPS that implements China’s Cybersecurity Law (“CSL”), which took effect in ...
Covington Promotes 20 New Partners
October 1, 2018
WASHINGTON—Covington has promoted 20 lawyers to its partnership. “This group covers a wide range of the firm’s most important practices and reflects the ongoing imperative of continuing to build and expand our strengths and to position the firm most effectively to be vibrant in the years ahead,” said Timothy Hester, Covington’s chair. "The size of our class is a ...
Who’s in Your Supply Chain? Contractors Face Increasing Compliance Obligations and Restrictions
August 30, 2018, Covington Alert
How well do you actually know your supply chain—from the materials you acquire to the software you include in your products or services? If you have not answered this question recently, you should consider adding it to your “to do” list. Not only does the U. S. Government want to know, it is increasingly imposing new compliance obligations on its contractors.
July 10, 2018, Inside Privacy
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...
July 5, 2018, Covington Alert
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...
April 23, 2018, Inside Privacy
Pursuant to Executive Order 13636, the National Institute of Standards and Technology (“NIST”) established the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, a technology-neutral, voluntary, risk-based cybersecurity framework that includes standards and processes intended to align policy, business, and technological approaches to ...
December 4, 2017, Inside Privacy
Ahead of the upcoming December 31, 2017 deadline for federal defense contractors to implement the security controls of National Institute of Standards and Technology (“NIST”) Special Publication 800-171 (“SP 800-171”), NIST has released a new draft publication designed to assist organizations in assessing compliance under SP 800-171, Draft Special Publication ...
November 28, 2017, Inside Privacy
Earlier this year, the FTC’s staff released a series of blog posts entitled Stick with Security that updated and expanded upon the prior Start with Security best-practices guide for information security practices. The Stick with Security series draws from FTC complaints, consent orders, closed investigations, and input from companies around the country to ...
October 31, 2017, Inside Privacy
Ashden Fein’s Cybersecurity practice focuses on counseling clients who are preparing for and responding to cyber-based attacks on their networks, assessing their security controls and practices for the protection of data and systems, developing and implementing cybersecurity programs, and complying with federal and state regulatory requirements. Ashden has ...
October 2017, Pratt's Government Contracting Law Report
August 2, 2017, Inside Privacy
Last week, the U.S. Department of Justice (“DOJ”) released a voluntary framework for organizations to use in the development of a formal program to receive reports of network, software, and system vulnerabilities, and to disclose vulnerabilities identified in other organizations’ environments. This framework provides private entities a series of steps to ...
May 17, 2017, Covington Alert
Last Friday may mark the start of a new era in cyber crime. The first worldwide ransomware attack, commonly dubbed “WannaCry,” emerged on May 12. The malware is believed to have infected more than 300,000 computers in 150 countries to date. A cyber criminal or ring of criminals, taking advantage of an exploit made available by the ShadowBrokers hacker group that ...
December 23, 2016, Inside Privacy
Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016. That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017. This...… ...
Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions
December 23, 2016, Inside Privacy
On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks. As we covered when Governor Andrew Cuomo ...
November 18, 2016, Inside Privacy
On November 15, 2016, the National Institute of Standards and Technology (NIST) released its final guidance providing engineering-based solutions to protect cyber-physical systems and systems-of-systems, including the Internet of Things (IoT), against a wide range of disruptions, threats, and other hazards. NIST Special Publication 800-160 (the “Guidance”) is ...
Cybersecurity: Steps to Take Before, During, and After an Incident
September 14, 2016, 2016 Covington Government Contracts Briefing: Solving Problems, Securing Opportunities
Insider Threats to Cybersecurity—Prevent, Prepare, and React Webinar
June 21, 2016, Webinar
March 2016, Cyber Security Law & Practice
August 12, 2015, The Cybersecurity Law Report
July 30, 2015, Inside Compensation
The federal government has been encouraging employers to adopt best practices to address both external and internal threats to critical business information and infrastructure. These best practices have included an important human resources element, including policies and programs covering current and former employees. For example, the Obama Administration ...
Insider Threats to Cybersecurity—Prevent, Prepare, React
July 17, 2015, Webinar
June 11, 2015, Inside Energy & Environment
On Monday, the 2015 G-7 Summit ended with the President and other Leaders of the G-7 focused generally on a wide range of economic, security, and development issues, and specifically discussing the energy sector’s cybersecurity posture. According to the White House, the Leaders “launched a new cooperative effort to enhance cybersecurity of the energy sector...… ...
March 12, 2015, Inside Counsel
Richard Shea, Lindsay Burke and Ashden Fein have authored this article on cybersecurity threats: "Cybersecurity threats can emanate not just from outside sources but from company insiders as well — including employees, executives, directors and contractors. According to NetDiligence’s 2014 Cyber Insurance Claims Study, roughly one-third of the reported events ...
- Cybersecurity Docket, "Incident Response 30" (2019)