Covington & Burling LLP

This website uses cookies. For more information please contact us or consult our privacy policy.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

PDF Binder
- Create PDF
- Add to Binder
Word Document Binder

Ashden Fein

Associate

Washington +1 202 662 5116 afein@cov.com Download V-card

View Less

Ashden Fein advises clients on cybersecurity and national security matters, including government and internal investigations, regulatory, and complex litigation matters.

For cybersecurity matters, Mr. Fein specifically counsels clients on preparing for and responding to cyber-based attacks on their networks, assessing their security controls and practices for the protection of data, developing and implementing information security programs, and complying with federal and state regulatory requirements. Mr. Fein also has been the lead investigator for multiple complex investigations involving a range of cyber and data security incidents, including data security breach matters involving millions of affected consumers and advanced persistent threats targeting intellectual property.

On national security issues, Mr. Fein assists clients with sensitive national security investigations and responding to government inquiries. He represents foreign and domestic clients in various industries in securing the approval the Committee on Foreign Investment in the United States (CFIUS), as well as ongoing compliance matters related to mitigation agreements with CFIUS. Mr. Fein also advises companies on matters related to the mitigation of foreign ownership, control or influence (FOCI) under applicable national industrial security regulations.

Before joining Covington, Mr. Fein served for thirteen years in the United States Army, first as a military intelligence officer and later as a Major in the Judge Advocate General’s Corps. While on active duty, he specialized as a military prosecutor, gaining significant experience in complex litigation and cybersecurity. He served as the lead trial attorney in the prosecution of Private Chelsea (Bradley) Manning for the unlawful disclosure of classified information to WikiLeaks, the largest national security and cybercrime investigation and prosecution in the history of the Army. He worked closely with senior officials at the Department of Justice, U.S. Attorneys’ Offices, the Federal Bureau of Investigation, the Department of State, the Department of Defense, other government agencies within the intelligence community, and several federal, state, and local enforcement agencies. In addition, Mr. Fein served as the Chief of the Criminal Division for a command of 17,000 soldiers and as a legal advisor for an Army Aviation organization deployed in Iraq. Mr. Fein currently serves as a Judge Advocate in the U.S. Army Reserve.

View More View Less

Counsel to multiple companies in responding to data and cybersecurity incidents, including, among others, stolen personal information and multiple attacks by Advanced Persistent Threats directed at the intellectual property of defense, life sciences and other IP-intensive companies.
Represents clients before the Federal Trade Commission on cybersecurity and data breach matters.
Represent multiple clients with development of cyber and information security and privacy policies, including incident response preparation and training.
Advise companies on issues of cybersecurity, cooperation with law enforcement, and public policy.

Counsel to cleared U.S. companies in responding to government investigations of sensitive national security matters and FOCI mitigation.
Counsel to multiple foreign-owned companies on data and cybersecurity issues involved in national security reviews conducted by the Committee on Foreign Investment in the United States (CFIUS).

View More View Less

Represent a non-profit organization to assist with development of global cybersecurity and privacy policies.

U.S. Army Reserve, Judge Advocate General Corps
American Bar Association, Standing Committee on Law and National Security and Information Security Committee

Lead Trial Attorney, United States v. Private Chelsea (Bradley) Manning (WikiLeaks), United States Army (2010-2014)
Division Chief and Senior Trial Attorney, United States Army (2009-2010)
Brigade Judge Advocate and Trial Attorney, United States Army (2008-2009)
Military Intelligence Officer and Counterintelligence Agent, United States Army (2002-2007)

Department of Justice Releases Guidance for Vulnerability Disclosure Programs

Last week, the U.S. Department of Justice (“DOJ”) released a voluntary framework for organizations to use in the development of a formal program to receive reports of network, software, and system vulnerabilities, and to disclose vulnerabilities identified in other organizations’ environments. This framework provides private entities a series of steps to ...

Manage Ransomware Risks Now

Last Friday may mark the start of a new era in cyber crime. The first worldwide ransomware attack, commonly dubbed “WannaCry,” emerged on May 12. The malware is believed to have infected more than 300,000 computers in 150 countries to date. A cyber criminal or ring of criminals, taking advantage of an exploit made available by the ShadowBrokers hacker group that reportedly uses tools stolen from the U.S. National Security Agency, propagated an attack that installs malware to encrypt users’ data unless a ransom in Bitcoin is paid within a few days. While the actual ransom payment losses have reportedly been minimal, the more serious result of these attacks has been the disruption to victims’ business activities.

Reports Suggest New York DFS to Revise Proposed Cyber Regulations and Delay Implementation

Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016. That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017. This...… ...

Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions

On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks. As we covered when Governor Andrew Cuomo ...

NIST Releases Cybersecurity Guidance for Internet of Things

On November 15, 2016, the National Institute of Standards and Technology (NIST) released its final guidance providing engineering-based solutions to protect cyber-physical systems and systems-of-systems, including the Internet of Things (IoT), against a wide range of disruptions, threats, and other hazards. NIST Special Publication 800-160 (the “Guidance”) is ...

NIST Releases Cybersecurity Guide for Small Businesses

The National Institute of Standards and Technology (NIST) released guidance today designed to help small businesses improve their cybersecurity preparedness. The document, Small Business Information Security: The Fundamentals, is based on NIST’s 2014 Framework for Improving Critical Infrastructure Cybersecurity, a widely used cybersecurity framework ...

New York State Proposes Cybersecurity Regulation for Financial Services Institutions

On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will ...

FTC Announces it will Provide Guidance on Ransomware

The FTC has become the most recent regulator to take a closer look at ransomware and its impact on consumers. During the FTC’s September 7, 2016, Fall Technology Series on Ransomware, Chairwoman Edith Ramirez announced that the FTC will soon release guidance to businesses on how to protect against ransomware. Ransomware is a malicious software...… Continue ...

Verizon Releases 2016 Data Breach Investigations Report

Verizon recently released its 2016 Data Breach Investigations Report (“DBIR”) that outlines cybersecurity threats, vulnerabilities, and trends from 2015. Verizon, with the assistance of more than 60 contributors, analyzed over 64,000 information security incidents (security events that affect the integrity of an information system) and 2,200 data breaches ...

A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions

As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754). If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities. CISA must now be reconciled with two similar...… ...

Will Cybersecurity Best Practices Morph into Cyber Mandates?

The federal government has been encouraging employers to adopt best practices to address both external and internal threats to critical business information and infrastructure. These best practices have included an important human resources element, including policies and programs covering current and former employees. For example, the Obama Administration ...

Updates to State Data Security and Breach Notification Laws — Connecticut and Oregon

Last week, both Connecticut and Oregon amended their respective data security and breach notification laws that will now levy stricter requirements on entities that store or process personally identifiable information (“PII”) or health-related information. A full analysis of each bill is below. Connecticut (S.B. 949) Breach Notice Under the new law, ...

Cybersecurity Discussions at the 2015 G-7 Summit

On Monday, the 2015 G-7 Summit ended with the President and other Leaders of the G-7 focused generally on a wide range of economic, security, and development issues, and specifically discussing the energy sector’s cybersecurity posture. According to the White House, the Leaders “launched a new cooperative effort to enhance cybersecurity of the energy sector...… ...

Insider threats to cybersecurity — An HR legal perspective

Richard Shea, Lindsay Burke and Ashden Fein have authored this article on cybersecurity threats: "Cybersecurity threats can emanate not just from outside sources but from company insiders as well — including employees, executives, directors and contractors. According to NetDiligence’s 2014 Cyber Insurance Claims Study, roughly one-third of the reported events ...

View More View Less

Representative Matters

Pro Bono

Memberships and Affiliations

Previous Experience

News and Insights (Showing 5 of 21) (Showing 21 of 21)

Department of Justice Releases Guidance for Vulnerability Disclosure Programs

Manage Ransomware Risks Now

Reports Suggest New York DFS to Revise Proposed Cyber Regulations and Delay Implementation

Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions

NIST Releases Cybersecurity Guidance for Internet of Things

NIST Releases Cybersecurity Guide for Small Businesses

New York State Proposes Cybersecurity Regulation for Financial Services Institutions

Cybersecurity: Steps to Take Before, During, and After an Incident

FTC Announces it will Provide Guidance on Ransomware

Insider Threats to Cybersecurity—Prevent, Prepare, and React Webinar

Verizon Releases 2016 Data Breach Investigations Report

Ensuring best practices in the investigation of an incident

A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions

Cybersecurity: Recent CFTC and NFA Activity

Cybersecurity 2.0: The Role of Counsel in Addressing Destructive Cyberattacks

Will Cybersecurity Best Practices Morph into Cyber Mandates?

Insider Threats to Cybersecurity—Prevent, Prepare, React

Updates to State Data Security and Breach Notification Laws — Connecticut and Oregon

Cybersecurity Discussions at the 2015 G-7 Summit

Insider threats to cybersecurity — An HR legal perspective

Insider Threats to Cybersecurity — An HR Legal Perspective

Practices

Industries

Education

University of North Carolina School of Law, J.D., 2007

U.S. Military Academy, B.S., 2001

Government Service

Bar Admissions