A blue transparent gavel and block graphic overlaid with code

Federal Court Rules Noncompliance is Triable Under False Claims Act

Consequences for not complying with cybersecurity requirements could have further repercussions than just losing a government contract.


A federal court in California recently ruled that there was a triable issue of fact whether a government contractor violated the False Claims Act (FCA) by committing promissory fraud.


In October, the Department of Justice (DOJ) announced the Civil Cyber-Fraud Initiative, designed to “hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”


The DOJ’s strategy is to use the FCA to pursue companies that don’t comply with cybersecurity requirements, and the first ruling on the matter offers support. In the case United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., the court ruled on Feb. 1, 2022 that cybersecurity regulations were relevant to materiality under the FCA.


Brian Markus was laid off as the chief information security officer (CISO) at Aerojet in September 2015, two months after refusing to sign a document that claimed the company had met compliance and instead writing an internal memo that showed concerns with the company’s practices. Markus filed suit in a qui tam, which means he can sue on behalf of the federal government.


Markus spoke about his case at CMMC Con 2021, and the effect that the FCA now has on the Defense Industrial Base (DIB) since the advent of the Civil Cyber-Fraud Initiative. His case is due to be heard before a jury March 15.


The DOJ’s initiative highlights the importance for federal government contractors to meet required cybersecurity mandates. Noncompliance could have a much more detrimental effect on contractors than merely losing a contract. As we follow the Markus case, contractors could be subject to investigation, whistleblower lawsuits, and the newfound efforts of the Civil Cyber-Fraud Initiative to punish companies that don’t take their compliance responsibilities seriously enough.


CyberSheath has helped more than 500 clients discover their compliance starting point and roadmap. Federal Enclave simplifies adherence to the difficult cybersecurity business requirements and puts CyberSheath in your corner to ensure compliance. Register for CyberSheath’s webinar to launch Federal Enclave at 12 p.m. EST on Feb. 23.

Federal Enclave Webinar

Join us for CMMC CON 2024 on Sept. 25, 2024, at 9am EST for a free, virtual, one-day conference focused on safeguarding against cyber threats.
This is default text for notification bar