With experience in government and the private sector, Paul brings in-depth knowledge of cyber and physical security, internal investigations, law enforcement and national security to every client matter.

Paul is a partner in the firm’s Washington office. He co-chairs the firm’s multidisciplinary cyber and physical security task force and its energy sector security team, and assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.

Prior to joining Hunton & Williams LLP, Paul served as special counsel and then senior counselor for cybersecurity and technology to the director of the Federal Bureau of Investigation. In that position, he advised the FBI director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.

Paul previously served on the US Senate Judiciary Committee as counsel to the Senate Assistant Majority Leader, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland. At the US Attorney's Office, Paul investigated and prosecuted cyber intrusions, intellectual property violations, white collar fraud, organized crime, drug trafficking and violent crimes. He also served as the coordinator of computer hacking and intellectual property cases.

Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.

Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by Governor Terry McAuliffe; a member of the Maryland Cybersecurity Council, appointed by Attorney General Brian Frosh; and chair of the Montgomery County Criminal Justice Coordinating Commission, appointed by County Executive Ike Leggett. 

Relevant Experience

  • Assisted energy, transportation, communications, financial, health care, and other companies in managing cybersecurity risk by restructuring the board of directors and executive committee to address cybersecurity; conducting inventories of sensitive data and networks; strengthening network security policies and practices; and entering into collaborative information-sharing arrangements with private and public entities.
  • Assisted companies from various industries in strengthening the cybersecurity provisions in contracts with third-party vendors, updating incident response plans and toolkits, conducting table-top exercises, and reducing financial risk through insurance and the SAFETY Act.
  • Assisted critical infrastructure companies and defense contractors in responding to and cyber incidents, including supervising the digital forensics analysis, leading the internal investigation, analyzing state and federal breach notification obligations, engaging with the FBI, US Secret Service and other agencies, communicating and preparing notice letters to affected individuals and state regulators, issuing public announcements, and responding to congressional inquiries.
  • Assisted one of the country’s largest utility electric utilities in responding to a “white hat” hacker who publicly disclosed a third party data exposure involving data regarding the utility’s operational assets, including negotiating with the hacker, engaging and overseeing digital forensics experts, and assisting with interviews; and advising on notifications and communications to employees, board members, state and federal agencies and the media.
  • Assisted a major electric utility company with the response to a ransomware attack on a generation facility.
  • Assisted major power grid company with the response to a significant insider threat, including engaging with the FBI, DHS, DOE, FERC, state regulatory agencies, and affected third parties; supervising the digital forensics analysis; leading the internal investigation; and managing communications with the public.
  • Advised major energy, financial, transportation, and communications companies on cybersecurity information-sharing and collaboration opportunities with private sector groups such as ISACs and the NCFTA, and with public entities such as the FBI, Department of Homeland Security, Department of Energy and NERC.
  • Assisted in negotiating confidentiality agreements with private and public entities from various industries.
  • Assisted energy and financial companies in negotiating the cybersecurity and privacy terms in contracts with major cloud and communications providers.
  • Advised leading financial institution on updates to information security policies, structure and content of table-top exercise, and improvements to security incident response plan.
  • Advised a transportation company on the government’s law enforcement and counter-terrorism authorities relating to the protection of physical infrastructure.
  • Advised major pipeline company on a physical security issue before the Pipeline and Hazardous Materials Safety Administration.
  • Advised major critical infrastructure company on reducing the potential legal liability associated with a terrorist attack by obtaining a certification or designation for a physical or cyber security system under the SAFETY Act.
  • Advised manufacturer on regulatory compliance with the Chemical Facilities Anti-Terrorism Standards (CFATS).
  • Assisted major critical infrastructure companies on various aspects of state and federal Freedom of Information Acts (FOIA), including the applicability of exemptions to disclosure based on trade secrets, confidential commercial or financial information, law enforcement proceedings, statutory nondisclosure requirements, personal privacy and other grounds.
  • Represented companies in negotiations with various federal agencies over the applicability of certain FOIA exemptions, and prepared extensive redactions and legal objections to an agency’s proposed release of documents under FOIA.
  • Advised critical infrastructure and other companies on requirements relating to obtaining security clearance, handling classified information and reporting security issues to the government.
  • Assisted Fortune 100 companies in preparing language for login banners, employee manuals, privacy notices and website terms of use that meet privacy requirements in the federal Wiretap Act, Stored Communications Act, and Pen Register Act, state surveillance and pen register laws, and foreign data transfer, database registration and labor laws.
  • Advised companies and government agencies on privacy requirements and government investigative authorities under the Patriot Act, the Foreign Intelligence Surveillance Act, the FISA Amendments Act, and the Electronic Communications Privacy Act, and the implications of corporate structure, contractual relationships, and data control arrangements on the government’s exercise of jurisdiction.
  • Advised Fortune 100 companies on policy, regulatory and legislative developments relating to cybersecurity and national security.
  • Assisted public and private entities in addressing congressional inquiries regarding cybersecurity and other sensitive incidents.
  • Successfully tried a dozen federal jury trials involving white collar fraud, organized crime, narcotics trafficking and violent crimes, and defended the results in appearances before the US Courts of Appeals.
  • Provided representation in negotiations relating to cybersecurity and electronic surveillance legislation, executive orders on cyber and physical security; presidential policy directives concerning cybersecurity, weapons of mass destruction, and other technology issues; federal cybersecurity programs; and the coordination of the government's response to major cyber intrusions.
  • Wrote bills in the US Senate concerning criminal law and online fraud, and provided advice on the FISA Amendments Act during committee consideration and floor debate.
  • Handled complex civil cases involving a national financial institution, and a worldwide pharmaceutical company.
  • Prosecuted intellectual property and computer hacking cases at the US Attorney’s Office in Maryland.

Memberships

  • Appointed Member, Virginia Cyber Security Commission, and Chair of the Commission’s Cyber Crime Working Group
  • Appointed Member and Chair, Montgomery County Criminal Justice Coordinating Commission
  • Appointed Member, Maryland Cybersecurity Council

Awards & Recognition

  • Listed for Cyber Law, Legal 500 United States, 2016

Insights