In the summer of 2015, we cautioned that the Department of Defense’s (DoD’s) new cybersecurity regulations could be used offensively to support False Claims Act (FCA) cases and bid protests. Four years later, those premonitions have unfortunately come true. Recently, a federal court refused to dismiss a relator’s implied certification FCA case in which he alleged that his employer “misrepresented … to the government the extent to which it had equipment required by the regulations, instituted required security controls, and possessed necessary firewalls” in violation of DoD’s cybersecurity regulations. United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:15-cv-2245, 2019 WL 2024595, *3 (E.D. Cal. May 8, 2019).
Continue Reading False Claims Act Case Based On DoD’s Cybersecurity Regulations Survives Motion to Dismiss

Guides and best practices against cyber-attacks often provide only the illusion of security. In an attempt to turn that illusion into reality, the National Cybersecurity Center of Excellence at the National Institute of Standards and Technologies (NIST) intends to create a lab environment to simulate, test, and address cybersecurity problems for robotic-based and chemical manufacturing processes through standards-based solutions using commercially available software.

The intent is to produce a series of NIST Cybersecurity Practice Guides for four cybersecurity capabilities for
Continue Reading Can You Prevent Cyber Attacks to Industrial Control Systems for Advanced Robotic-Based and Chemical Manufacturers with Off-the-Shelf Software and NIST Guidelines?

On June 4, 2015, the Office of Personnel Management announced that personally identifiable information for 4 million current and retired U.S. Government employees had been breached. China was suspected of having facilitated the breach.

Two weeks later, after the number of data breach victims had risen to 14 million, the National Institute of Standards and Technology (NIST) published its new Guidelines for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171.

We published our
Continue Reading Did China’s Agreement Not to Steal U.S. Intellectual Property Influence the Defense Department’s Decision to Grant a Two-Year Extension for Contractors to Comply with NIST SP 800-171’s Guidelines for Protecting Controlled Unclassified Information?

New obligations are being imposed on government contractors for protecting Controlled Unclassified Information (CUI). The National Institute of Standards and Technology (NIST), which is responsible for developing information security standards and guidelines, recently published Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, released June 2015. Contracting officers for federal agencies will impose the NIST recommended requirements for protecting the confidentiality of CUI:

  1. when the CUI is resident in nonfederal information systems and organizations;
  2. when


Continue Reading Government Contractors: New Obligations for Protecting Controlled Unclassified Information