In a recent decision on a motion to dismiss, a federal district judge in the Eastern District of California served a reminder that the cybersecurity requirements included in federal contracts have some teeth. United States ex rel. Brian Markus v. Aerojet Rocketdyne Holdings, Inc. and Aerojet Rocketdyne, Inc. is a False Claims Act case in which the relator alleges that his now-former employer falsely certified to the Department of Defense and to the National Aeronautics & Space Administration that it had complied with requirements in its contracts to safeguard unclassified controlled technical information from cybersecurity threats. After the government declined to pursue these claims, the relator pressed forward with them, relying upon an allegation that the defendants fraudulently entered into contracts with the federal government despite knowing they did not meet the minimum standards required to be awarded a government contract, and that the defendants repeatedly misrepresented their compliance with the required technical standards in communications with government officials. The relator was fired by his employer after he refused to sign documents representing that defendants were in compliance, contacted the company’s ethics hotline, and filed an internal report.
The defendants responded to the complaint with a motion to dismiss, which the Court denied in an order dated May 8, 2019. Much of the opinion deals with issues relating to the pleading of False Claim Act claims, including, in particular, a prolonged discussion of whether any misrepresentation here was “material,” as required by the statute. What is particularly significant, though, is simply that a claim premised on noncompliance with government contract cybersecurity standards survived a motion to dismiss. This decision may certainly be viewed as confirmation that compliance with such standards in government contracting is, indeed, critical, and that noncompliance may prevent companies from being awarded contracts and/or may result in civil or criminal liability for noncompliant companies. As with the broader requirement imposed on contractors for a code of business ethics and conduct, contractors ignore these contractual obligations at their peril.
Berenzweig Leonard is teaming up with Red Team Consulting for a monthly newsletter featuring upcoming contracts, key protest decisions, events, and more. This post was published in the June 2019 Monthly Insights newsletter. To sign up for Monthly Insights, please click here.