Evan D. Wolff

Partner | He/Him/His

Overview

Evan D. Wolff is a partner in Crowell & Moring's Washington, D.C. office, where he is co-chair of the firm's Chambers USA-ranked Privacy and Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators. Evan also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework.

Representing a broad range of companies across multiple sectors including government contractors, the defense industrial base, transportation, energy, health care, insurance, hospitality, education, and non-profit, Evan's legal practice has a focus on regulatory compliance including Defense Federal Acquisition Regulation Supplement (DFARS), General Data Protection Regulation (GDPR), Privacy Shield, the SAFETY Act, and the Chemical Facility Anti-Terrorism Act (CFATS). Evan also advises companies on computer network security, general security issues, investigation coordination after intrusions, data breaches, and insurance-related issues.

Prior to entering private practice, Evan served as an advisor to the senior leadership at the Department of Homeland Security (DHS). Previously, he held the position of principal homeland security policy analyst/project manager to The MITRE Corporation and also served as general counsel and senior geospatial analyst for isciences LLC; vice president and principal of Environmental Protection International; and senior geologist at the U.S. Nuclear Regulatory Commission.

Adding to his credentials, Evan was inducted into the Council on Foreign Relations in 2017 joining other thought leaders, including top government officials, global business leaders, members of the intelligence and foreign policy community, journalists, and prominent lawyers, to help shape foreign policy. Evan serves on the Sandia National Lab External Advisory Board, the U.S. Chamber of Commerce National Security Task Force, as a panel member on the Defense Science Board at the Department of Defense, and as a senior adviser at the Homeland Security and Defense Business Council. Evan is currently the co-chair of the ABA Homeland Security Law Institute, as well as a senior adviser to the ABA Committee on Law and National Security. In 2011, Evan was invited to serve as a member of the Aspen Institute's Homeland Security Group. Evan also serves as a senior associate (non-resident), Homeland Security and Counterterrorism Program at the Center for Strategic & International Studies (CSIS).

In 2014, Evan co-authored an ABA Section of Criminal Justice article titled, "Industry Collaborations on Cybersecurity: Protecting Against Antitrust Violations," which was selected as one of the "Best Articles" for the Business category, Anticompetitive Practice section at the 2015 Antitrust Writing Awards in Washington, D.C.

Evan is currently teaching a class on Cybersecurity at Columbia University’s School of International and Public Affairs, and has previously been an adjunct professor at George Mason University School of Law, a global fellow with the Wilson Center, and a senior advisor to The Chertoff Group, a global security advisory firm based in Washington, D.C.

Career & Education

|
    • Department of Homeland Security
      Special Assistant to the Assistant Secretary for Infrastructure Protection
    • Department of Defense
      Panel Member, Defense Science Board
    • Nuclear Regulatory Commission
      Senior Geologist
    • Department of Homeland Security
      Special Assistant to the Assistant Secretary for Infrastructure Protection
    • Department of Defense
      Panel Member, Defense Science Board
    • Nuclear Regulatory Commission
      Senior Geologist
    • University of Maryland, College Park, B.S., with honors, geology and education, 1994
    • Northern Arizona University, M.S., geology, 1997
    • University of Maryland School of Law, J.D., 2000
    • Duquesne University School of Law, environmental law certificate and Chinese law certificate, 2000
    • University of Maryland, College Park, B.S., with honors, geology and education, 1994
    • Northern Arizona University, M.S., geology, 1997
    • University of Maryland School of Law, J.D., 2000
    • Duquesne University School of Law, environmental law certificate and Chinese law certificate, 2000
    • District of Columbia
    • Maryland
    • District of Columbia
    • Maryland
  • Professional Activities and Memberships

    • Fellow, The National Security Institute
    • Board Member, The AI Security Alliance
    • Member, Maryland Carey Law Alumni Board, 2018-present
    • Member, Council on Foreign Relations
    • Global Fellow, Digital Futures Project, The Wilson Center, 2016-2018
    • Advisory Board Member and Panelist, 2013 National Cyber Education Symposium
    • Member, American and Maryland Bar Associations
    • Member, National Security Task Force, U.S. Chamber of Commerce, 2007-present
    • Member, Board of Advisors, Homeland Security and Defense Business Council, 2008-present
    • Member, Advisory Board, Energy, Climate & Infrastructure Security, Sandia National Labs, 2010-present
    • Member, American Bar Association Working Group on Cybersecurity Law
    • Member, Advisory Board, Homeland Security and Defense Mission Area, Sandia National Labs, 2008-2012
    • Deputy Director, Aspen Homeland Security Group, 2011-present
    • Member, Advisory Committee, Homeland Security Presidential Transition Initiative, Center for American Progress, 2008

    Professional Activities and Memberships

    • Fellow, The National Security Institute
    • Board Member, The AI Security Alliance
    • Member, Maryland Carey Law Alumni Board, 2018-present
    • Member, Council on Foreign Relations
    • Global Fellow, Digital Futures Project, The Wilson Center, 2016-2018
    • Advisory Board Member and Panelist, 2013 National Cyber Education Symposium
    • Member, American and Maryland Bar Associations
    • Member, National Security Task Force, U.S. Chamber of Commerce, 2007-present
    • Member, Board of Advisors, Homeland Security and Defense Business Council, 2008-present
    • Member, Advisory Board, Energy, Climate & Infrastructure Security, Sandia National Labs, 2010-present
    • Member, American Bar Association Working Group on Cybersecurity Law
    • Member, Advisory Board, Homeland Security and Defense Mission Area, Sandia National Labs, 2008-2012
    • Deputy Director, Aspen Homeland Security Group, 2011-present
    • Member, Advisory Committee, Homeland Security Presidential Transition Initiative, Center for American Progress, 2008

Evan's Insights

Webinar | 02.14.24

CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives

Members of Crowell’s Privacy & Cybersecurity practice and panelists from Coalfire and Mandiant will discuss the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) issued by the Department of Defense (DOD) in December.

Representative Matters

  • Advised hundreds of companies develop cybersecurity incident response and crisis management plans and respond to data breaches, including facilitating public- and private-sector notifications in compliance with state regulatory programs.
  • Advised a broad sector of companies, including the nation’s critical infrastructure, develop site security plans in compliance with national and international governmental cybersecurity and privacy programs and standards. 
  • Advised companies on physical security audits and assessments.
  • Advised numerous chemical and manufacturing companies on chemical security regulation compliance, including compliance with the Chemical Facility Anti-Terrorism Standards (CFATS). 
  • Advised a broad base of companies in the areas of infrastructure protection, science and technology, and public policy in the national security area, and the SAFETY Act. 
  • Advised and counseled energy companies on NERC compliance issues, with a particular focus on Critical Infrastructure Protection (CIP) Standards. 
  • Represented a manufacturing company regarding Chemical Safety and Hazard Investigation Board (CSB) assessment of an industrial accident. 
  • Advised Fortune 100 corporation on compliance with security-related provisions including CFATS, the Maritime Transportation Security Act, and Federal Energy Regulatory Commission regulations. 
  • Advised multiple companies on security and safety regulation issues associated with construction and management of critical infrastructure including pipeline and energy. 
  • Developed environmental management systems in energy and chemical industries, focusing on various environmental statutes and multilateral environmental agreements. 
  • Significant project management and work experience in India, China, Nigeria, the European Union and the Middle East. 
  • Advised U.S. government and private corporations on trade and business transactions regarding domestic, foreign and international laws and treaties in the areas of environmental law and policy, and international trade. 
  • Advised Fortune 500 defense contractor on legal issues associated with participation in Foreign Intelligence Surveillance Act and Electronic Communications Privacy Act related activities on behalf of U.S. government agency. 

Evan's Insights

Webinar | 02.14.24

CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives

Members of Crowell’s Privacy & Cybersecurity practice and panelists from Coalfire and Mandiant will discuss the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) issued by the Department of Defense (DOD) in December.

Recognition

  • The Year in Homeland Security: Homeland Security Professional to Watch, 2009

Evan's Insights

Webinar | 02.14.24

CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives

Members of Crowell’s Privacy & Cybersecurity practice and panelists from Coalfire and Mandiant will discuss the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) issued by the Department of Defense (DOD) in December.

|