Evan D. Wolff

Overview

Evan D. Wolff is a partner in Crowell & Moring's Washington, D.C. office, where he is co-chair of the firm's Chambers USA-ranked Privacy and Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators. Evan also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework.

Representing a broad range of companies across multiple sectors including government contractors, the defense industrial base, transportation, energy, health care, insurance, hospitality, education, and non-profit, Evan's legal practice has a focus on regulatory compliance including Defense Federal Acquisition Regulation Supplement (DFARS), General Data Protection Regulation (GDPR), Privacy Shield, the SAFETY Act, and the Chemical Facility Anti-Terrorism Act (CFATS). Evan also advises companies on computer network security, general security issues, investigation coordination after intrusions, data breaches, and insurance-related issues.

Prior to entering private practice, Evan served as an advisor to the senior leadership at the Department of Homeland Security (DHS). Previously, he held the position of principal homeland security policy analyst/project manager to The MITRE Corporation and also served as general counsel and senior geospatial analyst for isciences LLC; vice president and principal of Environmental Protection International; and senior geologist at the U.S. Nuclear Regulatory Commission.

Adding to his credentials, Evan was inducted into the Council on Foreign Relations in 2017 joining other thought leaders, including top government officials, global business leaders, members of the intelligence and foreign policy community, journalists, and prominent lawyers, to help shape foreign policy. Evan serves on the Sandia National Lab External Advisory Board, the U.S. Chamber of Commerce National Security Task Force, as a panel member on the Defense Science Board at the Department of Defense, and as a senior adviser at the Homeland Security and Defense Business Council. Evan is currently the co-chair of the ABA Homeland Security Law Institute, as well as a senior adviser to the ABA Committee on Law and National Security. In 2011, Evan was invited to serve as a member of the Aspen Institute's Homeland Security Group. Evan also serves as a senior associate (non-resident), Homeland Security and Counterterrorism Program at the Center for Strategic & International Studies (CSIS).

Evan is ranked by The Best Lawyers in America in the category of Privacy and Data Security Law. In 2014, he co-authored an ABA Section of Criminal Justice article titled, "Industry Collaborations on Cybersecurity: Protecting Against Antitrust Violations," which was selected as one of the "Best Articles" for the Business category, Anticompetitive Practice section at the 2015 Antitrust Writing Awards in Washington, D.C.

Evan is currently teaching a class on Cybersecurity at Columbia University’s School of International and Public Affairs, and has previously been an adjunct professor at George Mason University School of Law, a global fellow with the Wilson Center, and a senior advisor to The Chertoff Group, a global security advisory firm based in Washington, D.C.

Representing a broad range of companies across multiple sectors including government contractors, the defense industrial base, transportation, energy, health care, insurance, hospitality, education, and non-profit, Evan's legal practice has a focus on regulatory compliance including Defense Federal Acquisition Regulation Supplement (DFARS), General Data Protection Regulation (GDPR), Privacy Shield, the SAFETY Act, and the Chemical Facility Anti-Terrorism Act (CFATS). Evan also advises companies on computer network security, general security issues, investigation coordination after intrusions, data breaches, and insurance-related issues.

Prior to entering private practice, Evan served as an advisor to the senior leadership at the Department of Homeland Security (DHS). Previously, he held the position of principal homeland security policy analyst/project manager to The MITRE Corporation and also served as general counsel and senior geospatial analyst for isciences LLC; vice president and principal of Environmental Protection International; and senior geologist at the U.S. Nuclear Regulatory Commission.

Adding to his credentials, Evan was inducted into the Council on Foreign Relations in 2017 joining other thought leaders, including top government officials, global business leaders, members of the intelligence and foreign policy community, journalists, and prominent lawyers, to help shape foreign policy. Evan serves on the Sandia National Lab External Advisory Board, the U.S. Chamber of Commerce National Security Task Force, as a panel member on the Defense Science Board at the Department of Defense, and as a senior adviser at the Homeland Security and Defense Business Council. Evan is currently the co-chair of the ABA Homeland Security Law Institute, as well as a senior adviser to the ABA Committee on Law and National Security. In 2011, Evan was invited to serve as a member of the Aspen Institute's Homeland Security Group. Evan also serves as a senior associate (non-resident), Homeland Security and Counterterrorism Program at the Center for Strategic & International Studies (CSIS).

Evan is ranked by The Best Lawyers in America in the category of Privacy and Data Security Law. In 2014, he co-authored an ABA Section of Criminal Justice article titled, "Industry Collaborations on Cybersecurity: Protecting Against Antitrust Violations," which was selected as one of the "Best Articles" for the Business category, Anticompetitive Practice section at the 2015 Antitrust Writing Awards in Washington, D.C.

Evan is currently teaching a class on Cybersecurity at Columbia University’s School of International and Public Affairs, and has previously been an adjunct professor at George Mason University School of Law, a global fellow with the Wilson Center, and a senior advisor to The Chertoff Group, a global security advisory firm based in Washington, D.C.

Career & Education

Department of Homeland Security
Special Assistant to the Assistant Secretary for Infrastructure Protection, 2001–2005
Department of Defense
Panel Member, Defense Science Board, 2003–2004
Nuclear Regulatory Commission
Senior Geologist, 1998–2000
- Department of Homeland Security
  Special Assistant to the Assistant Secretary for Infrastructure Protection, 2001–2005
- Department of Defense
  Panel Member, Defense Science Board, 2003–2004
- Nuclear Regulatory Commission
  Senior Geologist, 1998–2000
University of Maryland School of Law, J.D., 2000
Duquesne University School of Law, environmental law certificate and Chinese law certificate, 2000
Northern Arizona University, M.S., geology, 1997
University of Maryland, College Park, B.S., with honors, geology and education, 1994
- University of Maryland School of Law, J.D., 2000
- Duquesne University School of Law, environmental law certificate and Chinese law certificate, 2000
- Northern Arizona University, M.S., geology, 1997
- University of Maryland, College Park, B.S., with honors, geology and education, 1994
District of Columbia
Maryland
- District of Columbia
- Maryland
Professional Activities and Memberships

Fellow, The National Security Institute

Board Member, The AI Security Alliance

Member, Maryland Carey Law Alumni Board, 2018–Present

Member, Council on Foreign Relations

Global Fellow, Digital Futures Project, The Wilson Center, 2016–2018

Advisory Board Member and Panelist, 2013 National Cyber Education Symposium

Member, American and Maryland Bar Associations

Member, National Security Task Force, U.S. Chamber of Commerce, 2007–Present

Member, Board of Advisors, Homeland Security and Defense Business Council, 2008–Present

Member, Advisory Board, Energy, Climate & Infrastructure Security, Sandia National Labs, 2010–Present

Member, American Bar Association Working Group on Cybersecurity Law

Member, Advisory Board, Homeland Security and Defense Mission Area, Sandia National Labs, 2008–2012

Deputy Director, Aspen Homeland Security Group, 2011–Present

Member, Advisory Committee, Homeland Security Presidential Transition Initiative, Center for American Progress, 2008
Professional Activities and Memberships
- Fellow, The National Security Institute
- Board Member, The AI Security Alliance
- Member, Maryland Carey Law Alumni Board, 2018–Present
- Member, Council on Foreign Relations
- Global Fellow, Digital Futures Project, The Wilson Center, 2016–2018
- Advisory Board Member and Panelist, 2013 National Cyber Education Symposium
- Member, American and Maryland Bar Associations
- Member, National Security Task Force, U.S. Chamber of Commerce, 2007–Present
- Member, Board of Advisors, Homeland Security and Defense Business Council, 2008–Present
- Member, Advisory Board, Energy, Climate & Infrastructure Security, Sandia National Labs, 2010–Present
- Member, American Bar Association Working Group on Cybersecurity Law
- Member, Advisory Board, Homeland Security and Defense Mission Area, Sandia National Labs, 2008–2012
- Deputy Director, Aspen Homeland Security Group, 2011–Present
- Member, Advisory Committee, Homeland Security Presidential Transition Initiative, Center for American Progress, 2008

Evan's Insights

Event | 05.19.25 - 05.22.25

Law-Tech Connect and XPONENTIAL 2025

Join Crowell at Law-Tech Connect and AUVSI XPONENTIAL in Houston, where industry experts focus on how changes in technology, policy, safety, and society are shaping the uncrewed systems and robotics industry. Co-located at XPONENTIAL, Law-Tech Connect is designed to connect and inform all those involved in uncrewed and autonomous systems in a one-day session focused on the intersection between technology and legal issues.

Event | 04.10.25
Crowell's CMMC Day
Speaking Engagement | 04.10.25
"Crowell's CMMC Day," Seminar, Washington, D.C.
Client Alert | 2 min read | 03.31.25
Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

View All Insights

Representative Matters

Advised hundreds of companies develop cybersecurity incident response and crisis management plans and respond to data breaches, including facilitating public- and private-sector notifications in compliance with state regulatory programs.
Advised a broad sector of companies, including the nation’s critical infrastructure, develop site security plans in compliance with national and international governmental cybersecurity and privacy programs and standards.
Advised companies on physical security audits and assessments.
Advised numerous chemical and manufacturing companies on chemical security regulation compliance, including compliance with the Chemical Facility Anti-Terrorism Standards (CFATS).
Advised a broad base of companies in the areas of infrastructure protection, science and technology, and public policy in the national security area, and the SAFETY Act.
Advised and counseled energy companies on NERC compliance issues, with a particular focus on Critical Infrastructure Protection (CIP) Standards.
Represented a manufacturing company regarding Chemical Safety and Hazard Investigation Board (CSB) assessment of an industrial accident.
Advised Fortune 100 corporation on compliance with security-related provisions including CFATS, the Maritime Transportation Security Act, and Federal Energy Regulatory Commission regulations.
Advised multiple companies on security and safety regulation issues associated with construction and management of critical infrastructure including pipeline and energy.
Developed environmental management systems in energy and chemical industries, focusing on various environmental statutes and multilateral environmental agreements.
Significant project management and work experience in India, China, Nigeria, the European Union and the Middle East.
Advised U.S. government and private corporations on trade and business transactions regarding domestic, foreign and international laws and treaties in the areas of environmental law and policy, and international trade.
Advised Fortune 500 defense contractor on legal issues associated with participation in Foreign Intelligence Surveillance Act and Electronic Communications Privacy Act related activities on behalf of U.S. government agency.

Evan's Insights

Event | 05.19.25 - 05.22.25

Law-Tech Connect and XPONENTIAL 2025

Join Crowell at Law-Tech Connect and AUVSI XPONENTIAL in Houston, where industry experts focus on how changes in technology, policy, safety, and society are shaping the uncrewed systems and robotics industry. Co-located at XPONENTIAL, Law-Tech Connect is designed to connect and inform all those involved in uncrewed and autonomous systems in a one-day session focused on the intersection between technology and legal issues.

Event | 04.10.25
Crowell's CMMC Day
Speaking Engagement | 04.10.25
"Crowell's CMMC Day," Seminar, Washington, D.C.
Client Alert | 2 min read | 03.31.25
Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

View All Insights

Recognition

The Year in Homeland Security: Homeland Security Professional to Watch, 2009
Honored Alumni, Honored Alumni and Hall of Fame Ceremony, Northern Arizona University, 2024

Evan's Insights

Event | 05.19.25 - 05.22.25

Law-Tech Connect and XPONENTIAL 2025

Join Crowell at Law-Tech Connect and AUVSI XPONENTIAL in Houston, where industry experts focus on how changes in technology, policy, safety, and society are shaping the uncrewed systems and robotics industry. Co-located at XPONENTIAL, Law-Tech Connect is designed to connect and inform all those involved in uncrewed and autonomous systems in a one-day session focused on the intersection between technology and legal issues.

Event | 04.10.25
Crowell's CMMC Day
Speaking Engagement | 04.10.25
"Crowell's CMMC Day," Seminar, Washington, D.C.
Client Alert | 2 min read | 03.31.25
Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

View All Insights

Insights

Event | 05.19.25 - 05.22.25

Law-Tech Connect and XPONENTIAL 2025

Event | 04.10.25

Crowell's CMMC Day

Speaking Engagement | 04.10.25

"Crowell's CMMC Day," Seminar, Washington, D.C.

Client Alert | 2 min read | 03.31.25

Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

Changes to Critical Infrastructure Requirements
|
01.28.25
Preparing for CMMC in 2025
|
01.28.25
Critical Infrastructure: Updating the 2013 NIPP and other Risk Mitigation Actions
|
05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
Tabletop Exercises: A Leading Practice to Strengthen Defenses
|
05.14.24
Privacy and Cybersecurity Outlook: The 2024 Landscape
The Impact Of The Cybersecurity Maturity Model Certification On The Defense Industrial Base
|
05.01.24
Contract Magazine
What Sections 9 And 10 Of The Executive Order On AI Mean For Government Contractors
|
01.15.24
Federal News Network
Solarwinds Whips Up a Software Cybersecurity Storm
|
January 2024
Contract Management Magazine
Five Key Takeaways From The SEC's Final Cybersecurity Rules For Public Companies, 2023 WL 5012018
|
08.08.23
Westlaw
Spy Games: Biden Administration Issues Executive Order Restricting Federal Use Of Commercial Spyware
|
06.15.23
Government Contracting Law Report
Cybersecurity Provisions Proliferate In The National Defense Authorization Act
|
03.15.22
Government Contracting Law Report
View All Publications
Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers
|
03.31.25
FedRAMP 20x: Proposed Framework Aims To Increase Automation and Efficiency
|
03.26.25
SEC Shifts Enforcement Focus With Launch of Cyber and Emerging Technologies Unit
|
03.10.25
An Un[waiver]ing Commitment to CMMC: The Department of Defense Issues Guidance for Determining Assessment Levels
|
02.21.25
Cyber For All: Proposed Rule Introduces Government-Wide CUI Cybersecurity Requirements
|
01.17.25
Six Years in the Making, DoD Releases Proposed Rule Requiring Disclosure of Foreign Review of Code for IT, Cybersecurity, Critical Infrastructure, and Weapons System Products and Services
|
11.19.24
Cybersecurity Matured: DoD Finalizes Cybersecurity Maturity Model Certification (CMMC) Program
|
10.14.24
DFARS 7021 Clause 2.0: DoD Releases Proposed Rule Updating CMMC Clause
|
08.20.24
FedRAMP Revamp: OMB Publishes Memorandum Contemplating Sweeping Changes to Federal Government Cloud Procurement Security Standards and Strategy
|
07.30.24
U.S. Federal District Court Judge Dismisses Much of SEC’s Claims Against SolarWinds and its CISO Relating to SUNBURST Cybersecurity Attack
|
07.24.24
View All Client Alerts
"Crowell's CMMC Day," Seminar, Washington, D.C.
|
04.10.25
"Panel: Executive Leadership, Aerospace Cybersecurity Research Needs," The President's Forum on Research and Innovation Symposium on Aviation and Aerospace Cyber Resilience
|
02.04.25
“Artificial Intelligence 360 Course: Information Security Risks and Exploits," ACC AI Forum
|
01.28.25
"Cyber For All: A FAR CUI Proposed Rule Webinar," Crowell & Moring Webinar.
|
01.27.25
"Regulatory: Hot Topics," SentinelOne Charleston CyberLaw Forum
|
01.23.25
"CMMC Finalized: How to Prepare & Achieve Certification," Crowell & Moring Seminar, Washington, D.C.
|
11.19.24
"The State of Cyber Regulation", Conference on Cyber Regulation and Harmonization
|
11.13.24
"Making CMMC 2.0 Requirements Work for Your Organization," NCMA World Congress 2024
|
07.23.24
"Digital Threats and Innovation Opportunities: U.S. Priorities and Challenges," 2024 Privacy in Practice Conference
|
05.31.24
"Fireside Chat with National Security Council's Deputy Homeland Security Advisor Caitlin Durkovich," Hack the Capitol
|
05.29.24
View All Speaking Engagements
Cybersecurity & Privacy Group Of The Year: Crowell & Moring
|
02.01.24
Law360
SEC/SolarWinds Legal Analysis w/Evan Wolff (podcast)
|
11.09.23
The Cyber Ranch Podcast
SolarWinds Says SEC Sucks: Watchdog 'Lacks Competence' To Regulate Cybersecurity
|
11.09.23
The Register
How The New National Cybersecurity Strategy Will Shape the Future of Offensive Security
|
06.13.23
BishopFox
Revised NIST Guidelines May Put Contractors In Straitjacket
|
05.12.23
Law360
White House Strategy Prompts Debate Over 'Secure' Software
|
04.07.23
Law360
Software Maker Liability Is Elusive Target of Biden Cyber Plan
|
03.03.23
Bloomberg Law
Crowell Looks To Bolster Cyber Group As Feds Respond To Threats
|
10.06.22
Bloomberg Law
Assessment Draft For DOD Cyber Program Lacks Key Details
|
08.05.22
Law360
Ransomware Goes To Business School
|
05.18.22
Slate
View All Press Coverage
The Best Lawyers in America 2025 Recognizes 42 Crowell & Moring Attorneys, Three Selected as Lawyer of the Year
|
08.15.24
Crowell Earns Top Rankings from Legal 500 United States 2024
|
06.24.24
ArmorText and Crowell & Moring Release New Open Source Cybersecurity Tabletop Exercises
|
06.04.24
Crowell & Moring’s Privacy and Cybersecurity Group Named a Law360 Practice Group of the Year
|
02.08.24
New Cyber Resilience Guide Helps Executives Strengthen Cybersecurity
|
10.18.23
Crowell & Moring Participates In New York Cyber Task Force Report on Cyber Response Readiness
|
03.09.21
Crowell & Moring Achieves CMMC Registered Provider Organization Status
|
03.02.21
DEAL NOTE: Crowell & Moring Advises Humana Inc. on Acquisition of Enclara Healthcare
|
12.16.19
Partner Evan Wolff Participates in First Annual Cyber Day on Capitol Hill
|
09.23.19
Law360 Names Crowell & Moring's Government Contracts Group a "Practice Group of the Year" for the Ninth Consecutive Year
|
02.22.19
View All Firm News
Byte-Sized Q&A: What Should Contractors Know About the Cybersecurity Provisions Included In, and Left Out Of, the National Defense Authorization Act
|
02.15.22
Byte-Sized Q&A: What is CISA and Why is it Important to Government Contractors?
|
01.19.22
Byte-Sized Q&A: What’s not in CMMC 2.0?
|
12.03.21
Byte-Sized Q&A: What can we expect under CMMC 2.0?
|
11.16.21
Byte-Sized Q&A: What About Micro-Purchases?
|
11.02.21
Byte-Sized Q&A: Part 2 - The NIST DoD Assessment Clauses
|
09.07.21
Byte-Sized Q&A: Part 1 - The Safeguarding Clause
|
08.17.21
Byte-Sized Q&A: What is Ransomware?
|
07.15.21
Byte-Sized Q&A: What Do Contractors Need To Know About The New Cybersecurity Executive Order?
|
06.23.21
Byte-Sized Q&A: What are the basics of NIST SP 800-53?
|
04.23.21
View All Podcast Episodes
Energy Cybersecurity Act of 2019
|
02.10.20
Crowell & Moring's Data Law Insights
Privacy & Cybersecurity – New York Enacts the SHIELD Act
|
08.20.19
Crowell & Moring's International Trade Law
DoD Increases DCMA Cybersecurity Responsibilities: DCMA to Implement and Assess Company-Wide Cyber Compliance
|
02.21.19
Crowell & Moring's Government Contracts Legal Forum
Navy Boils The Ocean on Cyber
|
10.24.18
Crowell & Moring's Data Law Insights
Safety Act Liability Protections Will Be Tested
|
07.25.18
Crowell & Moring's Data Law Insights
Colorado’s New Data Privacy Bill Increases Notification and Safeguarding Requirements
|
07.17.18
Crowell & Moring's Data Law Insights
New Draft NIST Guidance on Systems Security Engineering
|
04.24.18
Crowell & Moring's Government Contracts Legal Forum
FERC Proposes to Require Expanded Cyber Security Incident Reporting
|
01.17.18
Crowell & Moring's Data Law Insights
2nd Circuit: Government Cannot Force Companies to Hand Over Communications Data Stored Overseas
|
07.15.16
Crowell & Moring's Data Law Insights
Interim Rule Could Expand Already Onerous DFARS Cyber Requirements
|
08.27.15
Crowell & Moring's Data Law Insights
View All Blog Posts

View All Insights

Practices

Industries

Artificial Intelligence

Evan's Insights

Event | 05.19.25 - 05.22.25

Law-Tech Connect and XPONENTIAL 2025

Join Crowell at Law-Tech Connect and AUVSI XPONENTIAL in Houston, where industry experts focus on how changes in technology, policy, safety, and society are shaping the uncrewed systems and robotics industry. Co-located at XPONENTIAL, Law-Tech Connect is designed to connect and inform all those involved in uncrewed and autonomous systems in a one-day session focused on the intersection between technology and legal issues.

Event | 04.10.25
Crowell's CMMC Day
Speaking Engagement | 04.10.25
"Crowell's CMMC Day," Seminar, Washington, D.C.
Client Alert | 2 min read | 03.31.25
Canadian CMMC? Canada Proposes Cyber Compliance Regime for Canadian Defense Suppliers

View All Insights

Evan D. Wolff

Overview

Overview

Career & Education

Government Experience

Education

Admissions

Affiliations

Professional Activities and Memberships

Professional Activities and Memberships

Evan's Insights

Representative Matters

Evan's Insights

Recognition

Evan's Insights

Insights

Publications

Client Alerts

Speaking Engagements

Press Coverage

Firm News

Podcasts

Blog Posts

Practices

Industries

Evan's Insights