February 6, 2023

Volume XIII, Number 37

Error message

  • Warning: Undefined variable $settings in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
  • Warning: Trying to access array offset on value of type null in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).

February 03, 2023

Subscribe to Latest Legal News and Analysis

Defense Contractor Denied FCA Summary Judgment in First Test of DOJ’s New Civil Cyber-Fraud Initiative

On February 1, 2022, the United States District Court for the Eastern District of California ruled that a False Claims Act (FCA) case against defense contractor Aerojet Rocketdyne Holdings and Aerojet Rockdyne Inc. (collectively “Aerojet”) could go forward on triable issues of fact as to whether noncompliance with government cybersecurity requirements are material to the government’s decisions to approve contracts. The federal court denied Aerojet’s motion for summary judgment and issued the first major ruling in an FCA case testing the Department of Justice’s new Civil Cyber-Fraud Initiative.

Announced in October 2021, the purpose of the government’s Civil Cyber-Fraud Initiative is to utilize the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients. DOJ announced plans to focus on entities that knowingly misrepresent their cybersecurity practices or protocols, knowingly violate obligations to monitor and report cybersecurity incidents and breaches, or knowingly provide deficient cybersecurity products or services. In this case, the relator — the defendant’s former senior director of Cybersecurity, Compliance & Controls — alleged that Aerojet knew its cybersecurity programs fell short of Department of Defense and NASA acquisition regulations, which were part of contracts between Aerojet and the agencies.

Despite declining to intervene in the Aerojet case in June 2018, the government filed a statement of interest two weeks after it announced the Civil Cyber-Fraud Initiative, assailing Aerojet’s arguments that it was entitled to summary judgement. Notably, the government argued that the contractual deficiencies were a source of damages even if Aerojet otherwise complied with the contracts because “the government did not just contract for rocket engines, but also contracted with [Aerojet] to store the government’s technical data on a computer system that met certain cybersecurity requirements.” The government also argued that assertions that the entire defense industry is not compliant with cybersecurity requirements has no bearing on whether such compliance is material to the government’s payment decision in any particular case.

The court commented on how the relevant regulations required government contractors to implement specific safeguards to protect unclassified technical information from cybersecurity threats. Although the court acknowledged that Aerojet may have disclosed certain cybersecurity shortcomings to the government, the court questioned whether Aerojet failed to disclose key events, and the results of audits showing gaps in Aerojet’s cybersecurity. The court also expressed concern as to whether Aerojet knowingly misrepresented their intention to comply with the cybersecurity provisions of their contracts in the first place. Given the new initiative, the filing of the statement of interest in this case, and this recent federal ruling, government contractors and grant recipients would be wise to review the cybersecurity requirements in their contracts, grants, and licenses to ensure compliance and avoid being caught in the snare of the government’s new focus on cybersecurity.

© 2023 Bradley Arant Boult Cummings LLPNational Law Review, Volume XII, Number 39

About this Author

Brad Robertson Birmingham Alabama Partner Whistleblower Litigation Bradley Arant Boult Cummings LLP

Brad Robertson works with clients facing government investigations and litigations, dealing with whistleblower allegations and qui tam actions, and planning compliance programs to prevent these occurrences in the first place. He helps his clients navigate compliance and potential liability under the False Claims Act, Anti-Kickback Statute and FIRREA, in addition to other areas of healthcare fraud and abuse, financial/mortgage fraud, and white-collar criminal law.

Whether necessitated by an employee raising compliance concerns, a visit...

Daniel J. Fortune Birmingham Alabama Partner Cybersecurity Data Lawyer Bradley Arant Boult Cummings LLP

Daniel Fortune represents clients in matters involving cybersecurity, white-collar defense, government enforcement actions and regulatory compliance. In addition, Daniel has litigated more than 75 jury trials in federal and state courts involving complex matters and computer forensics. His clients value his proactive approach, as well as his commitment to protecting and defending their best interests and reputations.

Prior to joining Bradley, Daniel served as the lead cybersecurity attorney at a litigation boutique, and as a state prosecutor and...

Ocasha O. Musah Nashville Tennessee FCPA Securities Lawyer Bradley Arant Boult Cummings LLP

Ocasha Musah is an associate in Bradley’s Government Enforcement and Investigations Practice Group. He has experience advising clients on various types of internal investigations, including FCPA and securities enforcement actions. His litigation experience includes complex multidistrict litigation and arbitrations. He also has experience advising clients on antitrust issues related to emerging technologies.

Prior to beginning private practice, Ocasha interned with the Criminal Division, Fraud Section at the Department of Justice in Washington, D...