Federal Court Rules Noncompliance is Triable Under False Claims Act

By Carl Herberger • February 8, 2022

Consequences for not complying with cybersecurity requirements could have further repercussions than just losing a government contract.

 

A federal court in California recently ruled that there was a triable issue of fact whether a government contractor violated the False Claims Act (FCA) by committing promissory fraud.

 

In October, the Department of Justice (DOJ) announced the Civil Cyber-Fraud Initiative, designed to “hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

 

The DOJ’s strategy is to use the FCA to pursue companies that don’t comply with cybersecurity requirements, and the first ruling on the matter offers support. In the case United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., the court ruled on Feb. 1, 2022 that cybersecurity regulations were relevant to materiality under the FCA.

 

Brian Markus was laid off as the chief information security officer (CISO) at Aerojet in September 2015, two months after refusing to sign a document that claimed the company had met compliance and instead writing an internal memo that showed concerns with the company’s practices. Markus filed suit in a qui tam, which means he can sue on behalf of the federal government.

 

Markus spoke about his case at CMMC Con 2021, and the effect that the FCA now has on the Defense Industrial Base (DIB) since the advent of the Civil Cyber-Fraud Initiative. His case is due to be heard before a jury March 15.

 

The DOJ’s initiative highlights the importance for federal government contractors to meet required cybersecurity mandates. Noncompliance could have a much more detrimental effect on contractors than merely losing a contract. As we follow the Markus case, contractors could be subject to investigation, whistleblower lawsuits, and the newfound efforts of the Civil Cyber-Fraud Initiative to punish companies that don’t take their compliance responsibilities seriously enough.

 

CyberSheath has helped more than 500 clients discover their compliance starting point and roadmap. Federal Enclave simplifies adherence to the difficult cybersecurity business requirements and puts CyberSheath in your corner to ensure compliance. Register for CyberSheath’s webinar to launch Federal Enclave at 12 p.m. EST on Feb. 23.

Federal Enclave Webinar

CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO