In July 2022, the Department of Justice (DOJ) released a Comprehensive Cyber Review report (the “Review”) summarizing its assessment of its own cyber-related activities and including recommendations focused on its cyber-centric “offensive” (i.e., cyber threat investigations and enforcement) and “defensive” (i.e., approaches to risk mitigation) activities. A key finding declared that “many of the cybersecurity provisions and standards set forth for federal contractors were found to be insufficiently rigorous.” The Review went on to note that where contractual cybersecurity standards were not met, the Department’s Civil Cyber-Fraud Initiative (CCFI), first announced in October 2021, would continue to utilize the False Claims Act (FCA) to pursue cybersecurity-related cases against government contractors and grant recipients. The Review comes on the heels of a recent FCA settlement with Aerojet Rocketdyne Inc. And, many colleges, universities and independent research institutions are now in the midst of planning for enhanced research security obligations arising out of the January 2022 National Security Presidential Memorandum 33 Implementation Guidance (the “NSPM-33 Guidance”).

So what does this mean for the research community?

• DOJ’s cyber-fraud initiative should not be ignored. Although the Aerojet case has been pending for several years, it illustrates that the risks of FCA liability in the cyber space are real.
• Careful consideration should be given to the numerous...

Read Full Story: https://www.jdsupra.com/legalnews/the-beginnings-of-a-perfect-storm-doj-s-633...