Federal Court Rules Noncompliance is Triable Under False Claims Act

By Carl Herberger • February 8, 2022

Consequences for not complying with cybersecurity requirements could have further repercussions than just losing a government contract.


A federal court in California recently ruled that there was a triable issue of fact whether a government contractor violated the False Claims Act (FCA) by committing promissory fraud.


In October, the Department of Justice (DOJ) announced the Civil Cyber-Fraud Initiative, designed to “hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”


The DOJ’s strategy is to use the FCA to pursue companies that don’t comply with cybersecurity requirements, and the first ruling on the matter offers support. In the case United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., the court ruled on Feb. 1, 2022 that cybersecurity regulations were relevant to materiality under the FCA.


Brian Markus was laid off as the chief information security officer (CISO) at Aerojet in September 2015, two months after refusing to sign a document that claimed the company had met compliance and instead writing an internal memo that showed concerns with the company’s practices. Markus filed suit in a qui tam, which means he can sue on behalf of the federal government.


Markus spoke about his case at CMMC Con 2021, and the effect that the FCA now has on the Defense Industrial Base (DIB) since the advent of the Civil Cyber-Fraud Initiative. His case is due to be heard before a jury March 15.


The DOJ’s initiative highlights the importance for federal government contractors to meet required cybersecurity mandates. Noncompliance could have a much more detrimental effect on contractors than merely losing a contract. As we follow the Markus case, contractors could be subject to investigation, whistleblower lawsuits, and the newfound efforts of the Civil Cyber-Fraud Initiative to punish companies that don’t take their compliance responsibilities seriously enough.


CyberSheath has helped more than 500 clients discover their compliance starting point and roadmap. Federal Enclave simplifies adherence to the difficult cybersecurity business requirements and puts CyberSheath in your corner to ensure compliance. Register for CyberSheath’s webinar to launch Federal Enclave at 12 p.m. EST on Feb. 23.

Federal Enclave Webinar

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO