With experience in government and the private sector, Paul brings in-depth knowledge of cyber and physical security, internal investigations, law enforcement and national security to every client matter.
Paul is a partner in the firm’s Washington office. He co-chairs the firm’s multidisciplinary cyber and physical security task force and its energy sector security team, and assists clients from a wide range of sectors with security, law enforcement, electronic surveillance and privacy issues. Paul regularly advises companies on risk management, preparedness, cyber incident response, compliance, litigation, policy and legislation.
Prior to joining Hunton & Williams LLP, Paul served as special counsel and then senior counselor for cybersecurity and technology to the Director of the Federal Bureau of Investigation, Robert S. Mueller. In that position, he advised the FBI Director on programmatic, policy and legal issues relating to cyber, counterintelligence and counter-terrorism. He also represented the FBI in senior-level discussions with other agencies, the White House, Congress and industry.
Paul previously served on the US Senate Judiciary Committee as counsel to the Senate Assistant Majority Leader, Richard J. Durbin, where he wrote legislation and provided advice on criminal and national security issues. He is a former Assistant US Attorney in the District of Maryland, where he prosecuted all manner of criminal violations and oversaw cyber crime and IP cases.
Paul began his career as a law clerk for the Honorable Mary Schroeder of the US Court of Appeals for the Ninth Circuit, and then served as a trial lawyer in the honors program of the Department of Justice Civil Rights Division. In between stints in the government, he was in private practice at a large law firm handling civil and criminal litigation matters involving complex technology.
Paul is an adjunct professor of cybersecurity law and policy at George Washington University, a guest lecturer on cybersecurity and privacy at various universities, and an instructor at the National Institute for Trial Advocacy. He is a member of the Virginia Cyber Security Commission, appointed by the Governor; a member of the Maryland Cybersecurity Council, appointed by the State Attorney General; and a member of the Montgomery County Criminal Justice Coordinating Commission, appointed by the County Executive (Chair in 2015).
Assisted energy, transportation, communications, financial, health care, and other companies in managing cybersecurity risk by restructuring the board of directors and executive committee to address cybersecurity; conducting inventories of sensitive data and networks; strengthening network security policies and practices; and entering into collaborative information-sharing arrangements with private and public entities.
Assisted companies from various industries in strengthening the cybersecurity provisions in contracts with third-party vendors, updating incident response plans and toolkits, conducting table-top exercises, and reducing financial risk through insurance and the SAFETY Act.
Assisted critical infrastructure companies and defense contractors in responding to and cyber incidents, including supervising the digital forensics analysis, leading the internal investigation, analyzing state and federal breach notification obligations, engaging with the FBI, US Secret Service and other agencies, communicating and preparing notice letters to affected individuals and state regulators, issuing public announcements, and responding to congressional inquiries.
Assisted one of the country’s largest utility electric utilities in responding to a “white hat” hacker who publicly disclosed a third party data exposure involving data regarding the utility’s operational assets, including negotiating with the hacker, engaging and overseeing digital forensics experts, and assisting with interviews; and advising on notifications and communications to employees, board members, state and federal agencies and the media.
Assisted a major electric utility company with the response to a ransomware attack on a generation facility.
Assisted major power grid company with the response to a significant insider threat, including engaging with the FBI, DHS, DOE, FERC, state regulatory agencies, and affected third parties; supervising the digital forensics analysis; leading the internal investigation; and managing communications with the public.
Advised major energy, financial, transportation, and communications companies on cybersecurity information-sharing and collaboration opportunities with private sector groups such as ISACs and the NCFTA, and with public entities such as the FBI, Department of Homeland Security, Department of Energy and NERC.
Assisted in negotiating confidentiality agreements with private and public entities from various industries.
Assisted energy and financial companies in negotiating the cybersecurity and privacy terms in contracts with major cloud and communications providers.
Advised leading financial institution on updates to information security policies, structure and content of table-top exercise, and improvements to security incident response plan.
Advised a transportation company on the government’s law enforcement and counter-terrorism authorities relating to the protection of physical infrastructure.
Advised major pipeline company on a physical security issue before the Pipeline and Hazardous Materials Safety Administration.
Advised major critical infrastructure company on reducing the potential legal liability associated with a terrorist attack by obtaining a certification or designation for a physical or cyber security system under the SAFETY Act.
Advised manufacturer on regulatory compliance with the Chemical Facilities Anti-Terrorism Standards (CFATS).
Assisted major critical infrastructure companies on various aspects of state and federal Freedom of Information Acts (FOIA), including the applicability of exemptions to disclosure based on trade secrets, confidential commercial or financial information, law enforcement proceedings, statutory nondisclosure requirements, personal privacy and other grounds.
Represented companies in negotiations with various federal agencies over the applicability of certain FOIA exemptions, and prepared extensive redactions and legal objections to an agency’s proposed release of documents under FOIA.
Advised critical infrastructure and other companies on requirements relating to obtaining security clearance, handling classified information and reporting security issues to the government.
Advised companies and government agencies on privacy requirements and government investigative authorities under the Patriot Act, the Foreign Intelligence Surveillance Act, the FISA Amendments Act, and the Electronic Communications Privacy Act, and the implications of corporate structure, contractual relationships, and data control arrangements on the government’s exercise of jurisdiction.
Advised Fortune 100 companies on policy, regulatory and legislative developments relating to cybersecurity and national security.
Assisted public and private entities in addressing congressional inquiries regarding cybersecurity and other sensitive incidents.
Successfully tried a dozen federal jury trials involving white collar fraud, organized crime, narcotics trafficking and violent crimes, and defended the results in appearances before the US Courts of Appeals.
Provided representation in negotiations relating to cybersecurity and electronic surveillance legislation, executive orders on cyber and physical security; presidential policy directives concerning cybersecurity, weapons of mass destruction, and other technology issues; federal cybersecurity programs; and the coordination of the government's response to major cyber intrusions.
Wrote bills in the US Senate concerning criminal law and online fraud, and provided advice on the FISA Amendments Act during committee consideration and floor debate.
Handled complex civil cases involving a national financial institution, and a worldwide pharmaceutical company.
Prosecuted intellectual property and computer hacking cases at the US Attorney’s Office in Maryland.
Appointed Member, Virginia Cyber Security Commission, and Chair of the Commission’s Cyber Crime Working Group
Appointed Member and Chair, Montgomery County Criminal Justice Coordinating Commission
Appointed Member, Maryland Cybersecurity Council
Awards & Recognition
Listed for Cyber Law, Legal 500 United States, 2016
Speaker, Cybersecurity Information Sharing Act (CISA) and Privacy: An Overview from the Government, Today’s General Counsel, May 11, 2016
Speaker, Cybersecurity Preparedness: The Evolving Role of In-House Counsel, Association of Corporate Counsel National Capital Region, April 5, 2016
Speaker, Organizational Cybersecurity Challenges, Coastal Virginia Cyber Symposium, March 24, 2016
Speaker, Energy Sector Security: Legislative & Regulatory Update, March 17, 2016
Speaker, Cybersecurity Act of 2015: A How-To Guide, PLI Webinar, February 2, 2016
Speaker, Cyber Insurance: Addressing Corporate Risks and Liabilities, IAPP Richmond KnowledgeNet, January 28, 2016
Speaker, Cybersecurity – State of the Healthcare Environment and the Role of the General Counsel, Blue Plan Legal Department Cooperative General Counsel Roundtable, December 15, 2015
Speaker, Panel on Cybersecurity Threats and Solutions, Virginia Ship Repair Association, October 7, 2015
Speaker, Panel on the Chinese Cyberthreat: Challenges and Solutions, American Enterprise Institute, July 22, 2015
Speaker, Recent Developments on Cyber and Physical Security Issues for Utilities, ABA Public Utility, Communications, and Transportation Law Webinar, June 23, 2015
Speaker, Cybersecurity Legislative and Policy Update, National Cyber Forensics and Training Alliance Conference, June 18, 2015
Speaker, Hearing on Commercial Espionage and Barriers to Digital Trade in China, U.S.-China Economic and Security Review Commission, Dirksen Building, U.S. Senate, June 15, 2015
Speaker, Virginia Cybersecurity Commission Panel, Northern Virginia Tech Council Event, June 3, 2015
Speaker, Panel on Cybersecurity Information Sharing, EEI Cybersecurity Law Conference, April 23, 2015
Speaker, SAFETY Act Panel, EEI Cybersecurity Law Conference, April 23, 2015
Speaker, Cybersecurity Threats and Solutions, Blue Cross Blue Shield 2015 Blue National Summit, April 21, 2015
Speaker, Panel on Physical and Cyber Security in Today’s Utility Industry, Energy Bar Association Conference, March 31, 2015
Speaker, Cyber Policy and Legal Environment, 2014 Edison Electric Institute Cybersecurity Law Conference, October 24, 2014
Speaker, Global payments—What challenges are ahead? In U.S., U.K., and EU International payments?, Financial Services Roundtable’s Global Financial Conference, October 9, 2014
Speaker, Hot Topics in Cybersecurity & Privacy, Hunton & Williams LLP’s IT/Procurement Leadership Forum, Washington, DC, October 8, 2014
Speaker, U.S. and Global Policy Landscape, PLI’s Cybersecurity 2014: Managing the Risk, September 10, 2014
Speaker, Hot Topics in Cybersecurity & Privacy, Hunton & Williams LLP’s IT/Procurement Leadership Forum, May 19, 2014
Speaker, Why Every Board Should Care About Cybersecurity, Hunton & Williams LLP, the Lockton Companies and AEGIS, May 13, 2014
Speaker, Cybersecurity Threats, Trends and Strategies for Protection, Hunton & Williams LLP, ThreatTrack Security and the Lockton Companies, April 24, 2014
Speaker, Cybersecurity 2014: The Impact of U.S. Cybersecurity Policy and Regulation on Global Companies, Ethisphere Institute, February 4, 2014
Speaker, Panel: Recent Legal Developments in the Underpinnings for Cyber Security Law, Cybersecurity Law and Strategies Conference, Seattle, WA, January 27, 2014
Speaker, Panel: Hot Topics in Cybersecurity, Princeton University, October 19, 2013
Speaker, Important Considerations for Corporate Cybersecurity Programs, American Insurance Association's Cybersecurity Symposium, October 3, 2013
Speaker, Panel: Delivering Cyber Intelligence – What is Missing?, Armed Forces Communications and Electronics Association Global Intelligence Conference, National Press Club, Washington, DC, July 31, 2013
Speaker, Cybersecurity: Managing the Risk, PLI's Cybersecurity Summit 2013, July 1, 2013
By collecting this information, we learn how to best tailor this site to our visitors. To learn more, view our