In the summer of 2015, we cautioned that the Department of Defense’s (DoD’s) new cybersecurity regulations could be used offensively to support False Claims Act (FCA) cases and bid protests. Four years later, those premonitions have unfortunately come true. Recently, a federal court refused to dismiss a relator’s implied certification FCA case in which he alleged that his employer “misrepresented … to the government the extent to which it had equipment required by the regulations, instituted required security controls, and … Read More