In July 2022, the DOJ released a Comprehensive Cyber Review report (the “Review”) summarizing its assessment of its own cyber-related activities and including recommendations focused on its cyber-centric “offensive” (i.e., cyber threat investigations and enforcement) and “defensive” (i.e., approaches to risk mitigation) activities. A key finding declared that “many of the cybersecurity provisions and standards set forth for federal contractors were found to be insufficiently rigorous.” The Review went on to note that where contractual cybersecurity standards were not met, the Department’s Civil Cyber-Fraud Initiative (CCFI), first announced in October 2021, would continue to utilize the False Claims Act (FCA) to pursue cybersecurity-related cases against government contractors and grant recipients. The Review comes on the heels of a recent FCA settlement with Aerojet Rocketdyne Inc. Many colleges, universities and independent research institutions are now in the midst of planning for enhanced research security obligations arising out of the January 2022 National Security Presidential Memorandum 33 Implementation Guidance (the “NSPM-33 Guidance”).
Beginnings of a Perfect Storm? DOJ’s Cyber Review Report, NSPM-33 Research Security Requirements and Aerojet’s FCA Settlement
© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.