Webinar: Evolving Federal Cybersecurity Requirements and False Claims Act Implications

links

The continuous cadence of cyber-attacks, data breaches, and software vulnerabilities is driving U.S. Government cybersecurity initiatives as a critical component of national security, both internally and within the Federal supply chain. The result is increasingly prescriptive (and False Claims Act-enforceable) cybersecurity and supply chain integrity requirements applicable to both the Defense Industrial Base ("DIB") and the civilian Federal supply chain. Cybersecurity mandates include (among others) the:

  • DIB-applicable Cybersecurity Maturity Model Certification (CMMC) 2.0,
  • Section 889 U.S. Government-wide prohibition on the use of adversary technology in Federal Information Systems,
  • New regulations prohibiting the use of adversary country technologies in Information Technology and Communication Systems and in energy infrastructure and controls systems, and
  • New software security requirements for the Federal Government supply chain pursuant to Executive Order 14028.

These mandates are being embedded in U.S. Government contracts through mandatory attestation provisions.

In parallel with these enforceable cybersecurity mandates, the U.S. Department of Justice announced a Civil Cyber-Fraud Initiative to prioritize False Claims Act ("FCA") enforcement against Government contractors who commit cybersecurity fraud. In this context, the U.S. Government is currently engaged in its first public FCA cybersecurity enforcement litigation against defense contractor Aerojet Rocketdyne, which arises from a qui tam claim of fraudulent contract attestations made by the company’s former senior director of cybersecurity.

These developments create new risks that Government contractors and counsel need to understand. Our expert panel of former federal prosecutors, contractor counsel, and cybersecurity standards experts addressed these topics on March 15th, 2022, in a webinar discussion which addressed the following topics (among others):

  • What is driving the U.S. Government's focus on cybersecurity and IT supply chain integrity?
  • What are some of the new mandates reflecting this focus?
  • How are these mandates being translated into enforceable contract attestations?
  • What is the scope of potential liability under these attestations?
  • What is the significance of the DOJ Civil Cyber Fraud initiative?
  • What can we learn from the Aerojet Rocketdyne litigation?
  • What should contractors and counsel do in order to account for these developments?
Back to events