Last week, the District Court for the Eastern District of California denied the defendant’s motion for summary judgment of a False Claims Act (FCA) count against Aerojet Rocketdyne (Aerojet) for allegedly fraudulently inducing the government to enter into federal contracts when the company knew it was not compliant with cybersecurity requirements.
The order contains important lessons for government contractors in the emerging area of FCA liability based on noncompliance with cybersecurity obligations. While the litigation is ongoing and may ultimately be resolved in Aerojet’s favor, the order demonstrates the growing importance of cybersecurity compliance.
Background
On October 29, 2015, Brian Markus, Aerojet’s former senior director of Cyber Security, Compliance and Controls, filed an FCA action alleging that Aerojet had failed to comply with its cybersecurity obligations under Department of Defense (DoD) and NASA cybersecurity contract provisions. Markus claimed that Aerojet became aware of its noncompliance after it engaged a company to audit its cybersecurity program yet continued to seek and be awarded government contracts based in part on false statements regarding cybersecurity compliance. Subsequently, Markus claimed that he refused to sign cybersecurity compliance certifications, reported the issue, and was terminated shortly after.
After the government declined to intervene, the relator filed an amended complaint including the following counts:
Singapore’s consumer watchdog has flagged three online retailers for using “dark patterns” including fake countdowns, false scarcity claims and fabricated visitor numbers to pressure shoppers into ...