Government contractors are no strangers to the numerous quality standards and assurances required by the government. Over the past several years, cybersecurity in federal contracting has emerged as yet another standard to achieve. While data breaches are big news in the private sector, the issue remained somewhat under the radar for public contracts — until now.
Last summer, two significant whistleblower cases sent ripples through the False Claims Act (FCA) community by demonstrating the specter of FCA liability resulting from the failure to comply with cybersecurity requirements in government contracts. In May, the U.S. District Court for the Eastern District of California refused to dismiss a case alleging that Aerojet Rocketdyne Holdings Inc. falsely asserted its compliance with the Department of Defense’s (DOD) cybersecurity standards. Then, in late July, the government announced that Cisco Systems Inc. agreed to pay $8.6 million to settle a whistleblower suit alleging that the company fell short of federal cybersecurity standards by selling video surveillance products with known vulnerabilities that hackers could exploit. These cases show that cybersecurity-based FCA claims may be the new frontier and that such claims may prove difficult to defeat depending on the facts in any given case.
Continue reading at: Carlton Fields
