Matthew B. Welling

Washington, D.C.
Phone: +1 202.624.2588
1001 Pennsylvania Avenue NW
Washington, DC 20004

Matthew B. Welling is a counsel in Crowell & Moring's Washington, D.C. office, where he practices in the firm's Privacy & Cybersecurity and Energy groups. Matthew has a deep technical background that he leverages to represent clients in a wide range of counseling and regulatory matters. His experience includes cybersecurity and privacy incident response, compliance reviews, risk assessments, and the development of corporate policies and procedures, such as incident response plans. Matthew has a diverse background in M&A and other corporate transactional issues, with specific recent experience with technology transactions, cybersecurity issues, and critical infrastructure project development.

Matthew is a leader in Crowell & Moring’s Blockchain / Distributed Ledger Technology (DLT) practice and speaks frequently on blockchain and DLT issues. He is currently a vice chair of the ABA’s Information Security Committee of its Science & Technology Law section.

Prior to practicing law, Matthew was a software developer and management consultant with PricewaterhouseCoopers, IBM, and Accenture.


Utilizing his technical background, Matthew advises clients on a wide range of cybersecurity and privacy issues. Matthew regularly counsels clients through responding to and managing cyber incidents and data breaches, and he has experience covering the full incident response lifecycle. Matthew has helped numerous clients develop or modernize their incident response programs and other cyber-related corporate policies and procedures, across industries that include energy & critical infrastructure, finance & banking, government contractors, media, hospitality, and IT service providers. He has also led privileged investigations, conducted tabletop simulations and other training exercises, interacted with regulators and law enforcement, and counseled clients through a diverse range of cybersecurity-related disputes.


Matthew frequently represents companies in technology-focused M&A activities and has significant experience with cybersecurity and privacy-related transactional due diligence and post-merger integration matters for both buyers and sellers across a broad range of industries. Matthew’s experience also includes helping clients develop novel information technology due diligence programs and counseling clients through incident response and forensic investigations arising in the course of M&A activities. Matthew additionally advises clients on a wide range of commercial transactions involving cybersecurity and other technology-related issues.


Matthew is an active leader in the firm’s Blockchain and DLT practice, where he is a Business Lead in Crowell’s Digital Transformation initiative. He advises clients on security and regulatory issues related to blockchain applications, helps clients navigate service provider relationships, and is currently engaged with clients developing novel blockchain and DLT projects in multiple industries. Matthew frequently speaks and conducts trainings on blockchain-related issues, both publicly and for clients.


Matthew also has considerable experience in the energy sector, representing clients in a range of regulatory, transactional, policy, and litigation-related issues at the state and federal levels, including matters before the Federal Energy Regulatory Commission (FERC) and state regulatory commissions. Matthew has significant experience in energy project development, and the projects he has worked on include renewable energy (wind, solar and biomass), energy storage, natural gas, and coal-fired generation facilities. His clients include wind and solar developers, merchant generators, integrated utilities, rural electric cooperatives, municipal utilities, manufacturers of equipment, and industrial wholesale customers. Matthew also counsels clients on NERC reliability standards.

Additionally, Matthew has advised numerous clients on appliance energy conservation standards before the U.S. Department of Energy (DOE), including multiple appeals to FERC under the Energy Policy and Conservation Act (EPCA), and before the California Energy Commission (CEC).

Matthew graduated with honors from Indiana University's Kelley School of Business in 2002 with a B.S. in business administration and a concentration in computer information systems. He also has a minor in Spanish.

Matthew received his law degree from the Georgetown University Law Center in 2010, where he served as the managing editor of the Georgetown Journal of Law and Public Policy. During law school, Matthew twice clerked for Sen. John Cornyn on the United States Senate Committee on the Judiciary.


Admitted to practice: District of Columbia, Virginia

Recent Highlights, News & Knowledge

"2021 PCL Public Procurement Symposium: Hot Topics in Cybersecurity—Current Trends in Ransomware and Its Impact to Your Organization," ABA (October 13, 2021). Speaker: Matthew Welling. Speech/Presentation
"OFAC Issues Updated Guidance on Ransomware Attacks and Imposes First Sanctions Designation on a Virtual Currency Exchange," International Trade Bulletin (September 28, 2021). Contacts: Caroline E. Brown, Laura Foggan, Carlton Greene, Jeffrey L. Poston, David (Dj) Wolff, Evan D. Wolff, Maida Oringher Lerner, Alexander Urbelis, Anand Sithian, Matthew B. Welling, Rebecca Lennon Baskin Client Alert / Newsletter
"Cyber Insights – Lessons Learned from Recent Ransomware Attacks," Webinar in collaboration with IBJ/IJE (September 21, 2021). Moderator: Maarten Stassen. Speakers: Evan D. Wolff and Matthew B. Welling. Speech/Presentation
"Byte-Sized Q&A: What is Ransomware?," Podcast: Byte-Sized Q&A (July 15, 2021). Contacts: Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Matthew B. Welling Client Alert / Newsletter
"Don’t be that Victim: The Critical Need for Ransomware Response Plans," Privacy Law Alert (June 23, 2021). Contacts: Michael K. Atkinson, Caroline E. Brown, Laura Foggan, Carlton Greene, Michelle J. Linderman, Jeffrey L. Poston, Paul M. Rosen, David (Dj) Wolff, Evan D. Wolff, Maida Oringher Lerner, Matthew B. Welling Client Alert / Newsletter
"A Ransomware Attack Primer: What You Need to Know and What Crowell Can Do to Help," Privacy Law Alert (June 17, 2021). Contacts: Michael K. Atkinson, Caroline E. Brown, Laura Foggan, Carlton Greene, Michelle J. Linderman, Jeffrey L. Poston, Paul M. Rosen, David (Dj) Wolff, Evan D. Wolff, Maida Oringher Lerner, Matthew B. Welling Client Alert / Newsletter
"Anatomy of a Cyber Incident," Investigations: Readiness and Response Webinar Series (April 30, 2021). Presenters: Kate M. Growley, Jeffrey L. Poston, Paul M. Rosen, Evan D. Wolff, and Matthew B. Welling. Speech/Presentation
"Navigating The SolarWinds Supply Chain Attack," The Procurement Lawyer (March 25, 2021). Authors: Evan D. Wolff, Kate M. Growley, Maida Oringher Lerner, Matthew B. Welling, Michael G. Gruden, and Jacob Canter. Publication
"Appliance Manufacturers Should Prepare for Increased DOE Enforcement Activity," Energy Law Alert (January 8, 2021). Contacts: Matthew B. Welling, Charlene Sun, Cheryl A. Falvey Client Alert / Newsletter
"SolarWinds and Navigating Uncertain and Evolving Threats," Crowell & Moring Webinar (December 21, 2020). Presenters: Cheryl A. Falvey, Evan D. Wolff, and Matthew B. Welling. Speech/Presentation