Evan D. Wolff
Overview
Evan D. Wolff is a partner in Crowell & Moring's Washington, D.C. office, where he is co-chair of the firm's Chambers USA-ranked Privacy and Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators. Evan also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework.
Career & Education
- Department of Homeland Security
Special Assistant to the Assistant Secretary for Infrastructure Protection, 2001–2005 - Department of Defense
Panel Member, Defense Science Board, 2003–2004 - Nuclear Regulatory Commission
Senior Geologist, 1998–2000
- Department of Homeland Security
- University of Maryland, College Park, B.S., with honors, geology and education, 1994
- Northern Arizona University, M.S., geology, 1997
- University of Maryland School of Law, J.D., 2000
- Duquesne University School of Law, environmental law certificate and Chinese law certificate, 2000
- District of Columbia
- Maryland
Professional Activities and Memberships
- Fellow, The National Security Institute
- Board Member, The AI Security Alliance
- Member, Maryland Carey Law Alumni Board, 2018–Present
- Member, Council on Foreign Relations
- Global Fellow, Digital Futures Project, The Wilson Center, 2016–2018
- Advisory Board Member and Panelist, 2013 National Cyber Education Symposium
- Member, American and Maryland Bar Associations
- Member, National Security Task Force, U.S. Chamber of Commerce, 2007–Present
- Member, Board of Advisors, Homeland Security and Defense Business Council, 2008–Present
- Member, Advisory Board, Energy, Climate & Infrastructure Security, Sandia National Labs, 2010–Present
- Member, American Bar Association Working Group on Cybersecurity Law
- Member, Advisory Board, Homeland Security and Defense Mission Area, Sandia National Labs, 2008–2012
- Deputy Director, Aspen Homeland Security Group, 2011–Present
- Member, Advisory Committee, Homeland Security Presidential Transition Initiative, Center for American Progress, 2008
Evan's Insights
Event | 11.19.24
CMMC Finalized: How to Prepare & Achieve Certification
Crowell is honored to host Ms. Stacy Bostjanick, the Defense Department’s CMMC Program Director, who will be joined live by Crowell attorneys Evan Wolff and Michael Gruden for an engaging fireside chat.
Client Alert | 8 min read | 10.14.24
Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program
Client Alert | 2 min read | 08.20.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
Representative Matters
- Advised hundreds of companies develop cybersecurity incident response and crisis management plans and respond to data breaches, including facilitating public- and private-sector notifications in compliance with state regulatory programs.
- Advised a broad sector of companies, including the nation’s critical infrastructure, develop site security plans in compliance with national and international governmental cybersecurity and privacy programs and standards.
- Advised companies on physical security audits and assessments.
- Advised numerous chemical and manufacturing companies on chemical security regulation compliance, including compliance with the Chemical Facility Anti-Terrorism Standards (CFATS).
- Advised a broad base of companies in the areas of infrastructure protection, science and technology, and public policy in the national security area, and the SAFETY Act.
- Advised and counseled energy companies on NERC compliance issues, with a particular focus on Critical Infrastructure Protection (CIP) Standards.
- Represented a manufacturing company regarding Chemical Safety and Hazard Investigation Board (CSB) assessment of an industrial accident.
- Advised Fortune 100 corporation on compliance with security-related provisions including CFATS, the Maritime Transportation Security Act, and Federal Energy Regulatory Commission regulations.
- Advised multiple companies on security and safety regulation issues associated with construction and management of critical infrastructure including pipeline and energy.
- Developed environmental management systems in energy and chemical industries, focusing on various environmental statutes and multilateral environmental agreements.
- Significant project management and work experience in India, China, Nigeria, the European Union and the Middle East.
- Advised U.S. government and private corporations on trade and business transactions regarding domestic, foreign and international laws and treaties in the areas of environmental law and policy, and international trade.
- Advised Fortune 500 defense contractor on legal issues associated with participation in Foreign Intelligence Surveillance Act and Electronic Communications Privacy Act related activities on behalf of U.S. government agency.
Evan's Insights
Event | 11.19.24
CMMC Finalized: How to Prepare & Achieve Certification
Crowell is honored to host Ms. Stacy Bostjanick, the Defense Department’s CMMC Program Director, who will be joined live by Crowell attorneys Evan Wolff and Michael Gruden for an engaging fireside chat.
Client Alert | 8 min read | 10.14.24
Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program
Client Alert | 2 min read | 08.20.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
Recognition
- The Year in Homeland Security: Homeland Security Professional to Watch, 2009
Evan's Insights
Event | 11.19.24
CMMC Finalized: How to Prepare & Achieve Certification
Crowell is honored to host Ms. Stacy Bostjanick, the Defense Department’s CMMC Program Director, who will be joined live by Crowell attorneys Evan Wolff and Michael Gruden for an engaging fireside chat.
Client Alert | 8 min read | 10.14.24
Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program
Client Alert | 2 min read | 08.20.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
Insights
Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions
|05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
Tabletop Exercises: A Leading Practice to Strengthen Defenses
|05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
The Impact Of The Cybersecurity Maturity Model Certification On The Defense Industrial Base
|05.01.24
Contract Magazine
What Sections 9 And 10 Of The Executive Order On AI Mean For Government Contractors
|01.15.24
Federal News Network
Spy Games: Biden Administration Issues Executive Order Restricting Federal Use Of Commercial Spyware
|06.15.23
Government Contracting Law Report
Cybersecurity Provisions Proliferate In The National Defense Authorization Act
|03.15.22
Government Contracting Law Report
"Making CMMC 2.0 Requirements Work for Your Organization," NCMA World Congress 2024
|07.23.24
"Cybersecurity Maturity Model Certification (CMMC): Proposed Rule Released!", National Contract Management Association Webinar
|01.30.24
"What Tech Start-Ups Need to Know in the Era of CMMC: Federal Government Contracting Perspectives," San Francisco, CA
|01.25.24
CMMC Proposed Rule: What to Know
|01.09.24
SolarWinds Says SEC Sucks: Watchdog 'Lacks Competence' To Regulate Cybersecurity
|11.09.23
The Register
Privacy & Cybersecurity – New York Enacts the SHIELD Act
|08.20.19
Crowell & Moring's International Trade Law
- |
02.21.19
Crowell & Moring's Government Contracts Legal Forum
Colorado’s New Data Privacy Bill Increases Notification and Safeguarding Requirements
|07.17.18
Crowell & Moring's Data Law Insights
New Draft NIST Guidance on Systems Security Engineering
|04.24.18
Crowell & Moring's Government Contracts Legal Forum
FERC Proposes to Require Expanded Cyber Security Incident Reporting
|01.17.18
Crowell & Moring's Data Law Insights
2nd Circuit: Government Cannot Force Companies to Hand Over Communications Data Stored Overseas
|07.15.16
Crowell & Moring's Data Law Insights Interim Rule Could Expand Already Onerous DFARS Cyber Requirements
|08.27.15
Crowell & Moring's Data Law Insights
Practices
- Privacy and Cybersecurity
- Government Contracts
- Critical Infrastructure Risk Management
- Unmanned Aircraft Systems
- Investigations
- Government Contracts Investigations
- Privacy and Cybersecurity Investigations
- National Security
- Supply Chain Management
- Regulatory Litigation
- Artificial Intelligence
- Internet of Things (IoT)
- Cybersecurity and the False Claims Act
Industries
Evan's Insights
Event | 11.19.24
CMMC Finalized: How to Prepare & Achieve Certification
Crowell is honored to host Ms. Stacy Bostjanick, the Defense Department’s CMMC Program Director, who will be joined live by Crowell attorneys Evan Wolff and Michael Gruden for an engaging fireside chat.
Client Alert | 8 min read | 10.14.24
Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program
Client Alert | 2 min read | 08.20.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
Honored Alumni, Honored Alumni and Hall of Fame Ceremony, Northern Arizona University, 2024