Townsend L. Bourne

Townsend Bourne is a partner in the Governmental Practice in the firm's Washington, D.C. office. She also is Leader of the firm’s Government Business Group.

Areas of Practice

Townsend represents companies that do business with the Federal Government, either directly or through a prime contractor or reseller. She represents multiple clients in the aerospace and defense industry as well as commercial companies and cloud service providers.

Townsend specializes in matters relating to cybersecurity and data protection for government contractors, including counseling clients with regard to Department of Defense (DoD) and civilian agency security requirements, implementation of System Security Plans, negotiation of subcontractor agreements and incident response. She chairs the Coalition for Government Procurement’s Cyber and Supply Chain Security Committee, and writes and speaks frequently on cybersecurity developments affecting the Government Contracts industry.

Townsend's experience also includes complex litigation in connection with the Contract Disputes Act and the False Claims Act, bid protest actions both challenging and defending agency decisions on contract awards before the Government Accountability Office and Court of Federal Claims, claims litigation before the Armed Services Board of Contract Appeals and the Civilian Board of Contract Appeals, investigating and preparing contractor claims and conducting internal investigations. She also helps clients navigate issues relating to multiple award contract vehicles, procurement integrity, subcontract flow-down provisions, mandatory disclosure, and contract termination and assists in negotiation of subcontracts and teaming agreements. 

Experience

Representative Matters

• Represents Fortune 500 government contractor before the U.S. Court of Federal Claims in on-going Contract Disputes Act case involving multiple contractor claims and government counterclaims related to an $874 million contract with the U.S. Postal Service
• Successfully defended large government contractor in False Claims Act dispute before the U.S. District Court for the Eastern District of Virginia
• Represented major contractor before the Civilian Board of Contract Appeals in contract dispute with the Department of the Interior that resulted in favorable settlement for client
• Succeeded in Court of Federal Claims protest to overturn a decision by the Department of Education to cancel a solicitation for critical services
• Represented major international aerospace company before the Armed Services Board of Contract Appeals in data rights dispute with the government that resulted in favorable settlement for client
• Successful prosecution and defense of numerous bid protests before the Government Accountability Office for a variety of clients including large defense contractors and GSA schedule vendors
• Conducted internal investigations for large government contractors and counseled clients regarding resolution of investigations involving mandatory disclosure of contract overpayments and the Procurement Integrity Act
• Assisted in drafting and negotiating key provisions in subcontracts and teaming Agreements for multiple clients, including commercial service providers and value-added resellers

Cybersecurity and Data Protection Experience

• Counsels clients regarding agency-specific cybersecurity and data protection requirements, including DFARS 252.204- 7012, and the Cybersecurity Maturity Model Certification (CMMC) program
• Works with clients to understand the interplay between the above requirements and rules specific to cloud service providers, including FedRAMP and the DoD Security Requirements Guide
• Assists clients with creation and finalization of System Security Plans, Incident Response Plans and Insider Threat Plans
• Helps with drafting and negotiation of subcontract provisions relating to data security
• Counsels clients with regard to supply chain risk management (SCRM), including secure software development and security of Internet of Things (IoT) devices
• Assists clients with incident response and reporting obligations, including communications with the Defense Industrial Base (DIB) pursuant to DFARS 252.204-7012, law enforcement, customers, and other government agencies

Honors

Aerospace & Defense Editorial Advisory Board, Law360, 2023

Recommended Lawyer: Government Contracts, Legal 500, 2023

Top Author, JD Supra Readers' Choice Awards, 2023

Washington, D.C. Rising Star, Super Lawyers, 2019-2020

Articles

• Authored chapter, "General Overview of Cloud Computing," Cloud Computing Legal Deskbook, 2013 Edition, Thomson Reuters Westlaw, 2013

AI Law and Policy Blog Posts

• "Flash Briefing on White House Executive Order on AI Regulation and Policy," November 3, 2023

Blockchain and Cryptocurrency: Law of the Ledger

• "Blockchain and Metaverse Legal Issues for the Government and Government Contractors," May 23, 2022

Government Contracts, Investigations & International Trade Blog Posts

• "Time for An Upgrade: OMB Releases Draft Memorandum Modernizing FedRAMP," October 31, 2023
• "Interim Rule Effective in December Establishes Requirements for Contractors to Remove Identified Products and Services from the U.S. Government Supply Chain," October 11, 2023

• "Two New Cybersecurity Proposed Rules Mean Big Changes for Federal Contractors," October 4, 2023
• "Cybersecurity Labeling is (Almost) Here! Biden Administration Announces the U.S. Cyber Trust Mark Program," August 1, 2023
• "White House Provides New Guidance & Extends Deadline for Secure Software Attestations," June 13, 2023
• "NIST Releases Initial Public Draft of NIST SP 800-171, Revision 3 for Protection of Sensitive Government Information," May 24, 2023
• "CISA Releases Proposed Security Attestation Form for Software Producers," May 1, 2023
• "ChatUSG: What Companies Doing Business with the Government Need to Know About Artificial Intelligence," May 1, 2023
• "Reassessed: FedRAMP Releases Revised Obligations and Standards for Cybersecurity Assessors," April 27, 2023
• "Biden Administration Releases Highly Anticipated National Cybersecurity Strategy," March 9, 2023
• "Proposed Rule Requires Contractors to Disclose Greenhouse Gas Emissions and Climate-Related Financial Risk," November 29, 2022
• "Third Time’s The Charm – FedRAMP Releases Draft Authorization Boundary Guidance Version 3 for Public Comment," September 28, 2022
• "Federal Government Outlines New Security and Attestation Requirements for Software," September 28, 2022
• "NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI) Guidelines," July 27, 2022
• "Updated Timeline for CMMC Implementation," June 29, 2022
• "Well, That Didn’t Take Long – DOJ Announces its First Settlement of a Civil Cyber-Fraud Case," March 10, 2022
• "Seeking HoNIST Opinions, Part II – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices and Software Guidelines Mandated By Cybersecurity Executive Order," November 10, 2021
• "DOD Updates Its Cybersecurity Certification Program – CMMC 2.0: What Contractors Need to Know," November 10, 2021
• "DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance," October 28, 2021
• "Moving to Zero Trust – CISA and OMB Seek Comments on Zero Trust Publications and Cloud Security Technical Reference Architecture under Cybersecurity Executive Order," September 15, 2021
• "Double Time – NIST Seeks Comments on Major Revision to Practices for Developing Cyber-Resilient Systems (SP 800-160) and Assessing Security and Privacy Controls in Information Systems and Organizations (SP 800-53A)," August 30, 2021
• "Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment," July 28, 2021

• "At a Glance: White House 100-Day Supply Chain Report," June 29, 2021

• "Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order," June 29, 2021
• "Seeking HoNIST Opinions – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161) and Provides Further Software Supply Chain Guidance," May 26, 2021

• "Biden’s Cybersecurity Executive Order," May 17, 2021

• "Finding the Weak Links – President Biden Executive Order Demands Review of Critical U.S. Supply Chains," March 31, 2021

• "Key Provisions You Should Know From FY 2021 NDAA," January 27, 2021

• "The NISPOM is Becoming a Regulation & Contractors Have Six Months to Comply," January 27, 2021

• "IoT Legislation Passes Congress," November 30, 2020

• "DoD’s Long Awaited Rule on CMMC – Plus a New Cybersecurity Assessment Methodology for Contractors to Start Right Now," September 29, 2020

• "GSA’s Take on Implementation of Section 889," September 29, 2020

• "IoT Legislation Advances in Congress," September 29, 2020

• "Interim Rule Confirms Section 889 Part B Restriction on Contractor Use of Chinese Telecom Will Go Into Effect August 2020," July 14, 2020

• "DOD CMMC Update – Third Party Auditors Gear Up and COTS Providers Get a Pass," May 28, 2020

• "DoD Issues Class Deviation to Address Contractor Reimbursement for Paid Leave Required to Maintain a Mission-Ready Workforce During the COVID-19 Outbreak Pursuant to Section 3610 of the CARES Act," April 10, 2020
• "Presidential Executive Orders Delegate Additional Authorities To Respond To COVID-19 Outbreak," April 1, 2020
• "Presidential Executive Order Calls on HHS to Issue Priority Contracts and Allocate Scarce Medical Resources," March 20, 2020
• "The True Impact of the Chinese Telecom Ban on Government Contractors," November 25, 2019
• "GSA Implements Restrictions on Certain Chinese-Made Telecommunications Services and Equipment," September 27, 2019 
• "Effective Last Month! – DoD’s Implementation of New FAR Prohibitions on Chinese Telecommunications Equipment and Services in Government Contracts," September 5, 2019
• "Effective Immediately! – FAR Amended to Include Prohibition on Chinese Telecommunications Equipment and Services in Government Contracts," August 13, 2019
• "Cyber Update: DoD Contractor Cybersecurity Certification and 33 New Enhanced Controls to Combat the Advanced Persistent Threat," June 26, 2019
• "New Executive Order To Further Restrict Business with Huawei and Other Foreign Adversaries Engaged in Cyber Espionage," May 20, 2019
• "'Internet of Things' Guidance to be Added to Cybersecurity Requirements for Agencies and Federal Contractors," April 29, 2019
• "More Opportunities On the Horizon for Small Businesses Seeking to Sell Cloud Computing to the Government," February 27, 2019
• "Recovering After the Shutdown: Proposed Legislation to Guarantee Back Pay for Government Contractors," February 1, 2019
• "The List of Forbidden Products Grows: The NDAA’s Prohibitions on Use of Certain Chinese-Made Equipment," November 28, 2018
• "NIST Releases Highly-Anticipated Draft Special Publication on Assessing the Security Requirements in NIST SP 800-171 for Controlled Unclassified Information (CUI)," December 1, 2017 
• "Achieving Cyber-Fitness In 2017: Part 5—Cyber Incident Reporting And Response," October 26, 2017 
• "Achieving Cyber-Fitness In 2017: Part 4—Subcontracts, Joint Ventures And Teaming Agreements," July 27, 2017 
• "Achieving Cyber-Fitness In 2017: Part 2—Looking Beyond The FAR And DFARS— Other Safeguarding And Reporting Requirements," April 10, 2017
• "Achieving Cyber-Fitness In 2017: Part 1—Planning For Compliance," February 28, 2017

• "GAO Tackles Cybersecurity," June 30, 2016
• "Potential Changes at GAO in 2016," March 29, 2016
• "Suspension and Debarment: A New Government Approach," November 23, 2015
• "What’s New Out There? Highlights from the Federal Register," May 20, 2014
• "GAO Dismisses Protest Alleging Noncompliance with E-Verify Requirements," November 20, 2013
• "Lots of Little Things - FAR Updates from the Federal Acquisition Circular," August 15, 2013
• "What's New Out There? A Regulatory Update," June 26, 2013
• "A New Twist On Establishing Interested Party Status At The GAO," December 9, 2011
• "'First Impression' Ruling: Court May Review the Rationality of Emails Sent By GAO Attorneys," September 19, 2011
• "Objects In SBA's Mirror Are Smaller Than They Appear: A Summary Of SBA's Proposed Rule To Increase Small Business Size Standards," April 18, 2011
• "Inflation Adjustment Of Acquisition-Related Thresholds In The FAR," October 7, 2010
• "Precision Pine & Timber, Inc. v. United States: An Unexpected Test For Determining Breach Of The Implied Duty To Cooperate And Not To Hinder Contract Performance", April 9, 2010
• "GAO Sides with Foreign Military Sales Program Contractors in Dispute Over Protest Costs", December 8, 2009
• "Proposed Changes to FAR Part 45 "To Add Clarity and Correction" to Government Property Provisions", November 9, 2009 

Eye on Privacy Blog Posts

• "Cybersecurity Labeling Program to Increase Transparency of IoT Device Security," August 3, 2023
• "NIST Seeks Input on Standards for Protecting Sensitive Government Information," June 15, 2023
• "Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part Five- Further Adoption of FedRAMP & StateRAMP," January 25, 2023
• "Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part Four – Cybersecurity Federal Acquisition Regulation (FAR) Updates," January 24, 2023
• "Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part Three – Secure Software Development Attestation Requirements," January 23, 2023
• "Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part Two – NIST SP 800-171, Revision 3," January 19, 2023
• "Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part One – CMMC Developments," January 18, 2023
• "White House Aims for Spring 2023 Rollout of Internet of Things Labeling Program," October 28, 2022
• "CISA Seeking Input on Cyber Incident Reporting for Critical Infrastructure," September 26, 2022
• "Updated Timeline for DoD’s Cybersecurity Certification Program," June 23, 2022
• "Cybersecurity Act Signed Into Law Creates New Reporting Obligations," March  29, 2022
• "NIST Releases New Guidance on Software Security and Cybersecurity Consumer Labeling Programs," March 14, 2022
• "NIST Seeks Comments on Cybersecurity Framework Refresh," March 10, 2022
• "White House Focuses on Improving the Cybersecurity of National Security Systems," February 15, 2022
• "2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 4 of 4: Cybersecurity Maturity Model Certification (“CMMC”) 2.0," December 22, 2021
• "2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 3 of 4: Cyber Incident & Ransomware Payment Reporting Legislation," December 21, 2021
• "2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 2 of 4: Department of Justice (DOJ) Civil-Cyber Fraud Initiative," December 20, 2021
• "2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 1 of 4: Biden’s Cybersecurity Executive Order (EO 14028)," December 17, 2021
• "Updates Announced to Department of Defense Cybersecurity Certification Program," November 10, 2021
• "NIST Finalizes Guidance on Security and Privacy Control Baselines – SP 800-53B," November 6, 2020

• "Interim Rule Solidifies Cybersecurity Requirements for Defense Industrial Base," October 9, 2020

• "NIST Issues Long-Awaited Final Guidance on Security and Privacy Controls – SP 800-53," October 5, 2020

• "NIST Issues Draft Guidance on Security and Privacy Control Baselines – SP 800-53B," August 6, 2020

• "NIST Proposes Draft Enhanced Security Requirements for Protecting CUI," July 28, 2020

• "NIST Releases Cybersecurity Guidance for Manufacturers of IoT Devices," June 18, 2020

• "CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity," February 12, 2020

• "CISA Releases “Cyber Essentials” to Assist Small Businesses," November 12, 2019

• "Feds Want New IoT Guidance to Address Security Vulnerabilities," May 22, 2019
• "Year In Review: Eye on Privacy 2018," January 28, 2019 
• "When the U.S. Government Declares Companies Cyber-Insecure, We Should All Pay Attention," January 7, 2019 
• "Justice Department Creates Cyber-Digital Task Force," February 26, 2018 
• "NIST’s Highly-Anticipated Security Requirements Draft Impacts Government Contractors’ Treatment of CUI," December 18, 2017 
• "Assessing GDPR Guidelines Part II: Data Impact Assessments," December 14, 2017 
• "Assessing GDPR Guidelines Part I: Profiling and Automated Decision Making," December 13, 2017 

Labor and Employment Law Blog Posts

• "Recovering After the Shutdown: Proposed Legislation to Guarantee Back Pay for Government Contractors," January 25, 2019 

Organizational Integrity Group Blog Posts

• "Cybersecurity Incident Response," March 22, 2023
• "Ethics & Compliance: Let’s Talk About Cybersecurity," February 1, 2023

White Collar & Government Enforcement Blog Posts

• "Update – DOJ Declines to Intervene in Penn State Cyber-Related FCA Case," October 2, 2023
• "Recent Cyber-Related False Claims Act Activity Signals Contractors and Universities Should Examine Their Cybersecurity Practices and Brace for an Uptick in Enforcement," September 11, 2023

Media Mentions

Speaking Engagements

• Presenter, "2022 Fall Conference - Expectations for Gov Fiscal Year 2023," The Coalition for Government Procurement, November 16, 2022
• Presenter, "Cybersecurity & IT," PubK's Public Contracts Annual Review, January 25-28, 2021
• Presenter, "Cybersecurity Compliance Frameworks for Government Contracting,” National Contract Management Association’s Government Contract Management Symposium, Hyatt Regency Crystal City, Arlington, Virginia, December 3, 2018
• Presenter, "FedRAMP and the Cloud; Cybersecurity Update,” Ingram Micro Federal Summit, Gaylord National Resort and Convention Center, National Harbor, Maryland, October 31, 2018
• "FREE Popular Topics Webinar Series: DoD Cybersecurity Requirements," Public Contracting Institute, August 23, 2018

Events

Memberships

Member, State Bar of Virginia

Member, Bar of the District of Columbia

Member, American Bar Association, Section of Public Contract Law

Member, National Defense Industrial Association

Member, U.S. Court of Federal Claims

Member, U.S. Court of Appeals for the Federal Circuit

Digital Media