Defense Contractor Denied FCA Summary Judgment in First Test of DOJ’s New Civil Cyber-Fraud InitiativeOn February 1, 2022, the United States District Court for the Eastern District of California ruled that a False Claims Act (FCA) case against defense contractor Aerojet Rocketdyne Holdings and Aerojet Rockdyne Inc. (collectively “Aerojet”) could go forward on triable issues of fact as to whether noncompliance with government cybersecurity requirements are material to the government’s decisions to approve contracts. The federal court denied Aerojet’s motion for summary judgment and issued the first major ruling in an FCA case testing the Department of Justice’s new Civil Cyber-Fraud Initiative.

Announced in October 2021, the purpose of the government’s Civil Cyber-Fraud Initiative is to utilize the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients. DOJ announced plans to focus on entities that knowingly misrepresent their cybersecurity practices or protocols, knowingly violate obligations to monitor and report cybersecurity incidents and breaches, or knowingly provide deficient cybersecurity products or services. In this case, the relator — the defendant’s former senior director of Cybersecurity, Compliance & Controls — alleged that Aerojet knew its cybersecurity programs fell short of Department of Defense and NASA acquisition regulations, which were part of contracts between Aerojet and the agencies.

Despite declining to intervene in the Aerojet case in June 2018, the government filed a statement of interest two weeks after it announced the Civil Cyber-Fraud Initiative, assailing Aerojet’s arguments that it was entitled to summary judgement. Notably, the government argued that the contractual deficiencies were a source of damages even if Aerojet otherwise complied with the contracts because “the government did not just contract for rocket engines, but also contracted with [Aerojet] to store the government’s technical data on a computer system that met certain cybersecurity requirements.” The government also argued that assertions that the entire defense industry is not compliant with cybersecurity requirements has no bearing on whether such compliance is material to the government’s payment decision in any particular case.

The court commented on how the relevant regulations required government contractors to implement specific safeguards to protect unclassified technical information from cybersecurity threats. Although the court acknowledged that Aerojet may have disclosed certain cybersecurity shortcomings to the government, the court questioned whether Aerojet failed to disclose key events, and the results of audits showing gaps in Aerojet’s cybersecurity. The court also expressed concern as to whether Aerojet knowingly misrepresented their intention to comply with the cybersecurity provisions of their contracts in the first place. Given the new initiative, the filing of the statement of interest in this case, and this recent federal ruling, government contractors and grant recipients would be wise to review the cybersecurity requirements in their contracts, grants, and licenses to ensure compliance and avoid being caught in the snare of the government’s new focus on cybersecurity.

For more information on this developing case and other updates and alerts regarding privacy law developments, subscribe to Bradley’s privacy blog Online and On Point.

Photo of Brad Robertson Brad Robertson

Brad Robertson works with clients facing government investigations and litigations, dealing with whistleblower allegations and qui tam actions, and planning compliance programs to prevent these occurrences in the first place. He helps his clients navigate compliance and potential liability under the False Claims…

Brad Robertson works with clients facing government investigations and litigations, dealing with whistleblower allegations and qui tam actions, and planning compliance programs to prevent these occurrences in the first place. He helps his clients navigate compliance and potential liability under the False Claims Act, Anti-Kickback Statute and FIRREA, in addition to other areas of healthcare fraud and abuse, financial/mortgage fraud, and white collar criminal law.

Photo of Daniel Fortune Daniel Fortune

Daniel Fortune represents clients in matters involving cybersecurity, white collar defense, government enforcement actions, and regulatory compliance. Prior to joining Bradley, Daniel served as the lead cybersecurity attorney at a litigation boutique, and as a state prosecutor and federal prosecutor litigating matters involving…

Daniel Fortune represents clients in matters involving cybersecurity, white collar defense, government enforcement actions, and regulatory compliance. Prior to joining Bradley, Daniel served as the lead cybersecurity attorney at a litigation boutique, and as a state prosecutor and federal prosecutor litigating matters involving computer forensics, white collar crime, and government investigations. As the Deputy Chief Assistant U.S. Attorney in the Criminal Division, he supervised major cybercrime, white collar fraud, public corruption, asset forfeiture, and national security matters. He also served as the Computer Hacking and Intellectual Property Coordinator with top-secret security clearance, working on matters involving cleared defense contractors.

Photo of Ocasha O. Musah Ocasha O. Musah

Ocasha Musah is an associate in Bradley’s Government Enforcement and Investigations Practice Group. He has experience advising clients on various types of internal investigations, including FCPA and securities enforcement actions. His litigation experience includes complex multidistrict litigation and arbitrations. He also has experience…

Ocasha Musah is an associate in Bradley’s Government Enforcement and Investigations Practice Group. He has experience advising clients on various types of internal investigations, including FCPA and securities enforcement actions. His litigation experience includes complex multidistrict litigation and arbitrations. He also has experience advising clients on antitrust issues related to emerging technologies.