Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
Ashden Fein advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance.
For cybersecurity matters, Mr. Fein counsels clients on preparing for and responding to cyber-based attacks, assessing security controls and practices for the protection of data and systems, developing and implementing cybersecurity risk management and governance programs, and complying with federal and state regulatory requirements. Mr. Fein frequently supports clients as the lead investigator and crisis manager for global cyber and data security incidents, including data breaches involving personal data, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, and destructive attacks.
Additionally, Mr. Fein assists clients from across industries with leading internal investigations and responding to government inquiries related to the U.S. national security. He also advises aerospace, defense, and intelligence contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), U.S. government cybersecurity regulations, and requirements related to supply chain security.
Before joining Covington, Mr. Fein served on active duty in the U.S. Army as a Military Intelligence officer and prosecutor specializing in cybercrime and national security investigations and prosecutions -- to include serving as the lead trial lawyer in the prosecution of Private Chelsea (Bradley) Manning for the unlawful disclosure of classified information to Wikileaks.
Mr. Fein currently serves as a Judge Advocate in the U.S. Army Reserve.
- Counsel to multiple Fortune 100 companies in responding to data and cybersecurity incidents, including, among others, stolen personal information and multiple attacks by Advanced Persistent Threats directed at the intellectual property or sensitive data of defense, life sciences, and technology companies.
- Represents clients before the Federal Trade Commission, Department of Defense, and the Intelligence Community on cybersecurity and data breach matters.
- Represent clients from across industries with development of cyber and information security policies, including incident response preparation and training.
- Advise companies on issues of cybersecurity, cooperation with law enforcement, and public policy.
- Counsel to cleared U.S. companies in responding to government investigations of sensitive national security matters, compliance with the NISPOM and specific security requirements, and FOCI mitigation.
- Counsel to multiple foreign-owned companies on data and cybersecurity issues involved in national security reviews conducted by the Committee on Foreign Investment in the United States (CFIUS).
Pro Bono
- Represent non-profit organizations to assist with development of global cybersecurity and privacy policies.
Memberships and Affiliations
- U.S. Army Reserve, Judge Advocate General Corps
- American Bar Association, Standing Committee on Law and National Security and Information Security Committee
Previous Experience
- Lead Trial Attorney, United States v. Private Chelsea (Bradley) Manning (WikiLeaks), United States Army (2010-2014)
- Division Chief and Senior Trial Attorney, United States Army (2009-2010)
- Brigade Judge Advocate and Trial Attorney, United States Army (2008-2009)
- Military Intelligence Officer and Counterintelligence Agent, United States Army (2002-2007)
December 18, 2020, Covington Alert
On December 18, 2020, the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, and Federal Deposit Insurance Corporation issued a notice of proposed rulemaking requiring a banking organization to notify its primary federal regulator within 36 hours of a significant cybersecurity incident and requiring a bank service ...
October 14, 2020, Inside Privacy
On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Multi-State Information Sharing and Analysis Center (“MS-ISAC”) released a joint guide synthesizing best practices to prevent and respond to ransomware. This guide was published the day before OFAC and FinCEN released their coordinated guidance on ransomware attacks ...
September 9, 2020, Covington Alert
On September 1, 2020, the Office of Management and Budget issued a highly-anticipated interim final rule (“Rule”) implementing the Federal Acquisition Supply Chain Security Act. Consistent with the U.S. Government's increasingly sharp focus on supply chain security, the Rule authorizes the Executive Branch to exclude indefinitely “covered articles” (products and ...
July 1, 2020, Inside Energy & Environment
The Federal Energy Regulatory Commission (FERC) recently signaled that it is exploring ways to improve the cybersecurity of the U.S. electricity grid. On June 18, 2020, FERC issued a Notice of Inquiry (NOI) regarding whether some of its reliability standards regarding cybersecurity must be enhanced and whether the focus of its standards must change due...… ...
May 6, 2020, Covington Alert
On May 1, President Donald Trump signed an executive order on “Securing the United States Bulk-Power System” (the “Order”) that gives the Department of Energy new authorities to block or mitigate certain transactions involving bulk-power system electric equipment designed, developed, manufactured or supplied by a “foreign adversary” based on national security ...
April 15, 2020
WASHINGTON—Cybersecurity Docket has named David Fagan and Ashden Fein to its “Incident Response 30” for 2020. The list features “30 of the best data breach response lawyers in the business.” Mr. Fagan co-chairs the firm’s Data Privacy and Cybersecurity Practice. He has counseled companies on responding to some of the most sophisticated documented cyber-based ...
April 1, 2020, Inside Privacy
In response to the COVID-19 outbreak, several U.S. government entities have released warnings about a rise in scams and fraudulent activity connected to the outbreak. In a recent bulletin, the FBI warned of a rise in phishing emails, counterfeit treatments or equipment for COVID-19 preparedness, and fake emails from the Centers for Disease Control and...… ...
March 20, 2020, Inside Privacy
In response to the drastic increase of U.S. employees working remotely, the U.S. Federal Trade Commission (“FTC”) and the U.S. National Institute of Standards and Technology (“NIST”) have both issued guidance for employers and employees on best practices for teleworking securely. In addition, the Cybersecurity and Infrastructure Security Agency (“CISA”) has ...
October 2, 2019
Boards and CEOs at companies of all sizes operating around the world list cybersecurity as one of the top concerns keeping them up at night. Cyber threats are in the news on a daily basis and we hear about data breaches all the time. But our practice often helps clients respond to cyber incidents that are much broader than data breaches; they range from small ...
September 9, 2019, Inside Privacy
On Friday, September 6, 2019, our Government Contracts practice posted an article on Inside Government Contracts about the U.S. Department of Defense’s recent release of its draft Cybersecurity Maturity Model Certification (“CMMC”) for public comment. The CMMC was created in response to growing concerns by Congress and within the U.S. Department of Defense over ...
June 20, 2019, Inside Privacy
Today, Susan Cassidy, Ashden Fein, Moriah Daugherty, and Melinda Lewis posted an article on Inside Government Contracts about the June 19, 2019 announcement by the National Institute of Standards and Technology (“NIST”) of the long-awaited update to Special Publication (“SP”) 800-171 Rev. 1, Protecting Controlled Unclassified Information in Nonfederal Systems ...
Covington Represents Peraton in Solers Acquisition
June 18, 2019
WASHINGTON—Covington is representing Peraton in its recently announced deal to acquire Solers, Inc., a leading provider of software development and systems integration for space situational awareness, satellite ground systems and operations, cybersecurity engineering, and enterprise cloud-based solutions. Covington is handling government contracts, national ...
May 24, 2019, Inside Privacy
On May 13, 2019, China’s State Administration for Market Regulation (“SAMR”) released three core national standards related to the country’s Cybersecurity Multi-level Protection Scheme (“MLPS”), describing technical and organizational controls that companies must follow when complying with MLPS-related obligations under the Cybersecurity Law (“CSL”). These ...
May 16, 2019, Covington Alert
We are writing to provide an update on two important developments in U.S. national security-based regulation of trade: (1) a new, potentially expansive Executive Order on information and communications technology supply into the U.S. market, and (2) the Department of Commerce’s action to add Huawei to the Entity List.
November 12, 2018
WASHINGTON—Covington is advising private equity firm Veritas Capital on healthcare and other regulatory aspects of its recently announced deal to acquire athenahealth for approximately $5.7 billion. athenahealth is a leading provider of network-enabled services for hospital and ambulatory customers nationwide. Rujul Desai and Ian Brekke are leading the Covington ...
October 24, 2018, Inside Privacy
On September 30, 2018, China’s Ministry of Public Security (“MPS”) released the Regulation on the Internet Security Supervision and Inspection by Public Security Organs (the “Regulation”;《公安机关互联网安全监督检查规定》), which will take effect on November 1, 2018. As the latest regulation issued by MPS that implements China’s Cybersecurity Law (“CSL”), which took effect in ...
Covington Promotes 20 New Partners
October 1, 2018
WASHINGTON—Covington has promoted 20 lawyers to its partnership. “This group covers a wide range of the firm’s most important practices and reflects the ongoing imperative of continuing to build and expand our strengths and to position the firm most effectively to be vibrant in the years ahead,” said Timothy Hester, Covington’s chair. "The size of our class is a ...
Who’s in Your Supply Chain? Contractors Face Increasing Compliance Obligations and Restrictions
August 30, 2018, Covington Alert
How well do you actually know your supply chain—from the materials you acquire to the software you include in your products or services? If you have not answered this question recently, you should consider adding it to your “to do” list. Not only does the U. S. Government want to know, it is increasingly imposing new compliance obligations on its contractors.
July 10, 2018, Inside Privacy
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...
July 5, 2018, Covington Alert
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...
April 23, 2018, Inside Privacy
Pursuant to Executive Order 13636, the National Institute of Standards and Technology (“NIST”) established the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, a technology-neutral, voluntary, risk-based cybersecurity framework that includes standards and processes intended to align policy, business, and technological approaches to ...
December 4, 2017, Inside Privacy
Ahead of the upcoming December 31, 2017 deadline for federal defense contractors to implement the security controls of National Institute of Standards and Technology (“NIST”) Special Publication 800-171 (“SP 800-171”), NIST has released a new draft publication designed to assist organizations in assessing compliance under SP 800-171, Draft Special Publication ...
October 2017, Pratt's Government Contracting Law Report
May 17, 2017, Covington Alert
Last Friday may mark the start of a new era in cyber crime. The first worldwide ransomware attack, commonly dubbed “WannaCry,” emerged on May 12. The malware is believed to have infected more than 300,000 computers in 150 countries to date. A cyber criminal or ring of criminals, taking advantage of an exploit made available by the ShadowBrokers hacker group that ...
Cybersecurity: Steps to Take Before, During, and After an Incident
September 14, 2016, 2016 Covington Government Contracts Briefing: Solving Problems, Securing Opportunities
Insider Threats to Cybersecurity—Prevent, Prepare, and React Webinar
June 21, 2016, Webinar
March 2016, Cyber Security Law & Practice
August 12, 2015, The Cybersecurity Law Report
July 30, 2015, Inside Compensation
The federal government has been encouraging employers to adopt best practices to address both external and internal threats to critical business information and infrastructure. These best practices have included an important human resources element, including policies and programs covering current and former employees. For example, the Obama Administration ...
Insider Threats to Cybersecurity—Prevent, Prepare, React
July 17, 2015, Webinar
June 11, 2015, Inside Energy & Environment
On Monday, the 2015 G-7 Summit ended with the President and other Leaders of the G-7 focused generally on a wide range of economic, security, and development issues, and specifically discussing the energy sector’s cybersecurity posture. According to the White House, the Leaders “launched a new cooperative effort to enhance cybersecurity of the energy sector...… ...
March 12, 2015, Inside Counsel
Richard Shea, Lindsay Burke and Ashden Fein have authored this article on cybersecurity threats: "Cybersecurity threats can emanate not just from outside sources but from company insiders as well — including employees, executives, directors and contractors. According to NetDiligence’s 2014 Cyber Insurance Claims Study, roughly one-third of the reported events ...
- Cybersecurity Docket, "Incident Response 30" (2019-2020)

Global Supply Chain Toolkit
We help clients navigate the legal, reputational, and regulatory risks that can arise across their global supply chains.