Call Us: 415.956.2828

Cybersecurity and Privacy

Rogers Joseph O’Donnell’s Cybersecurity and Privacy practice group advises leading domestic and international companies on a range of issues, including supply chain security, data privacy and national security. We support clients in meeting critical cybersecurity obligations arising under federal government contracts and state and local procurements. 

Our group represents clients from various industries, including aerospace and defense, transportation, healthcare, security services, IT solutions, cloud computing and software development. This includes five of the top 20 aerospace and defense companies. We also serve advisory firms such as managed service providers and assessment organizations, along with smaller, innovative companies that do business with the federal government.  

Our attorneys are adept at navigating compliance obligations that arise under disparate and sometimes conflicting statutory regimes and work closely with our clients to develop practical and scalable solutions that appropriately minimize risk. The group’s deep experience and capabilities have been recognized by leading legal ranking guides such as Chambers and Partners and The Legal 500. 

Practice chair Robert Metzger is recognized as one of the nation’s leading lawyers for cyber laws and regulations affecting the public sector. His work is well known and respected by government and industry alike. Robert served on the Defense Science Board task force that produced the “Cyber Supply Chain Report” (April 2017), and he is a co-author of the MITRE “Deliver Uncompromised” Report (2018) that has influenced federal security initiatives, among them DoD’s Cybersecurity Maturity Model Certification (CMMC). 

Our group has handled a wide variety of matters across various industries, including the following:

Counseling & Compliance

  • Advising clients on present and emerging Department of Defense (DoD) cyber requirements and data protection laws, including DFARS clause 252.204-7012, which implements the NIST SP 800-171 cyber controls to protect controlled unclassified information (CUI), and CMMC.
  • Advising leading cloud service providers on FedRAMP and DoD cloud computing security obligations and compliance. 
  • Assisting many companies with interpreting and applying existing cyber and supply chain laws and regulations, including section 889 of the National Defense Authorization Act (NDAA) and the Federal Acquisition Supply Chain Security Act.
  • Advising a large medical technology company on compliance with FAR data security requirements and regarding data encryption obligations under NIST’s Federal Information Processing Standards (FIPS) requirements.
  • Assisting a healthcare company with incident response following a data breach involving thousands of individuals under TRICARE and DoD-managed care contracts. 
  • Counseling U.S. companies on cyber-related issues involving Foreign Ownership, Control, or Influence (FOCI) mitigation, compliance with the National Industrial Security Program Operating Manual (NISPOM) and reports to the Defense Counterintelligence and Security Agency (DCSA).
  • Advising U.S. companies on potential transaction structures for contemplated mergers, acquisitions and foreign investments to assure compliance with CFIUS and NISPOM obligations. 
  • Developing internal policies and procedures for cyber and supply chain security and compliance, including policies tailored to address proper handling of Controlled Unclassified Information by cleared and uncleared contractors, policies to address risks of counterfeit electronics and policies to mitigate potential conflicts of interest and FOCI issues between affiliates.
  • Consulting on cyber insurance, including issues of eligibility, response to data breach incidents and policy recommendations to align compliance interests of defense contractors with enterprise protection benefits of cyber insurance.  
  • Thought leadership on how artificial intelligence affects the acquisition process for information and communications technology, state and local acquisitions, and protection of space systems against cyber-physical threats.
  • Advising on end-user policies and data transfer agreements and advice to cloud service providers on terms and conditions for government contracts.


  • Representing Microsoft Corporation at the U.S. Court of Federal Claims in defending the AWS protest of the $10 billion JEDI DOD cloud contract award. 
  • Successful protest on behalf of Microsoft Corporation at the GAO for a multi-billion dollar intelligence community cloud services contract.  
  • Successful protest against the Office of Personnel Management on behalf of a federal contractor concerning unduly restrictive solicitation requirements and FedRAMP authorization status, with an award of costs. 
  • Representation of a DOD contractor with a request for equitable adjustment (REA) related to FedRAMP and DOD’s cloud computing (SRG) obligations.  
  • Robert Metzger engaged as an expert witness to assist in defending an FCA action involving allegations of cybersecurity noncompliance by a major contractor.

Attorneys in Practice

San Francisco, CA
  • Robert Dollar Building
    311 California Street, 10th Floor
    San Francisco, CA 94104-2695
  • Phone: 415.956.2828
  • Fax: 415.956.6457
Washington, DC
  • 1500 K Street, NW, Suite 800
    Washington DC 20005-1227
  • Phone: 202.777.8950
  • Fax: 202.347.8429