Evan D. Wolff is a partner in Crowell & Moring's Washington, D.C. office, where he is co-chair of the firm's Chambers USA-ranked Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators. Evan also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework.
Representing a broad range of companies across multiple sectors including government contractors, the defense industrial base, transportation, energy, health care, insurance, hospitality, education, and non-profit, Evan's legal practice has a focus on regulatory compliance including Defense Federal Acquisition Regulation Supplement (DFARS), General Data Protection Regulation (GDPR), Privacy Shield, the SAFETY Act, and the Chemical Facility Anti-Terrorism Act (CFATS). Evan also advises companies on computer network security, general security issues, investigation coordination after intrusions, data breaches, and insurance-related issues.
Prior to entering private practice, Evan served as an advisor to the senior leadership at the Department of Homeland Security (DHS). Previously, he held the position of principal homeland security policy analyst/project manager to The MITRE Corporation and also served as general counsel and senior geospatial analyst for isciences LLC; vice president and principal of Environmental Protection International; and senior geologist at the U.S. Nuclear Regulatory Commission.
Adding to his credentials, Evan was inducted into the Council on Foreign Relations in 2017 joining other thought leaders, including top government officials, global business leaders, members of the intelligence and foreign policy community, journalists, and prominent lawyers, to help shape foreign policy. Evan serves on the Sandia National Lab External Advisory Board, the U.S. Chamber of Commerce National Security Task Force, as a panel member on the Defense Science Board at the Department of Defense, and as a senior adviser at the Homeland Security and Defense Business Council. Evan is currently the co-chair of the ABA Homeland Security Law Institute, as well as a senior adviser to the ABA Committee on Law and National Security. In 2011, Evan was invited to serve as a member of the Aspen Institute's Homeland Security Group. Evan also serves as a senior associate (non-resident), Homeland Security and Counterterrorism Program at the Center for Strategic & International Studies (CSIS).
In 2014, Evan co-authored an ABA Section of Criminal Justice article titled, "Industry Collaborations on Cybersecurity: Protecting Against Antitrust Violations," which was selected as one of the "Best Articles" for the Business category, Anticompetitive Practice section at the 2015 Antitrust Writing Awards in Washington, D.C.
Evan is currently teaching a class on Cybersecurity at Columbia University’s School of International and Public Affairs, and has previously been an adjunct professor at George Mason University School of Law, a global fellow with the Wilson Center, and a senior advisor to The Chertoff Group, a global security advisory firm based in Washington, D.C.
Relevant Experience
- Advised hundreds of companies develop cybersecurity incident response and crisis management plans and respond to data breaches, including facilitating public- and private-sector notifications in compliance with state regulatory programs.
- Advised a broad sector of companies, including the nation’s critical infrastructure, develop site security plans in compliance with national and international governmental cybersecurity and privacy programs and standards.
- Advised companies on physical security audits and assessments.
- Advised numerous chemical and manufacturing companies on chemical security regulation compliance, including compliance with the Chemical Facility Anti-Terrorism Standards (CFATS).
- Advised a broad base of companies in the areas of infrastructure protection, science and technology, and public policy in the national security area, and the SAFETY Act.
- Advised and counseled energy companies on NERC compliance issues, with a particular focus on Critical Infrastructure Protection (CIP) Standards.
- Represented a manufacturing company regarding Chemical Safety and Hazard Investigation Board (CSB) assessment of an industrial accident.
- Advised Fortune 100 corporation on compliance with security-related provisions including CFATS, the Maritime Transportation Security Act, and Federal Energy Regulatory Commission regulations.
- Advised multiple companies on security and safety regulation issues associated with construction and management of critical infrastructure including pipeline and energy.
- Developed environmental management systems in energy and chemical industries, focusing on various environmental statutes and multilateral environmental agreements.
- Significant project management and work experience in India, China, Nigeria, the European Union and the Middle East.
- Advised U.S. government and private corporations on trade and business transactions regarding domestic, foreign and international laws and treaties in the areas of environmental law and policy, and international trade.
- Advised Fortune 500 defense contractor on legal issues associated with participation in Foreign Intelligence Surveillance Act and Electronic Communications Privacy Act related activities on behalf of U.S. government agency.