We often write about regulatory violations related to the healthcare industry or finance, but the government investigates a wide range of cases. For example, the Department of Justice announced a few months ago that defense contractor Aerojet Rocketdyne, Inc. settled a case for $9 million for allegedly violating the False Claims Act. Of that $9 million settlement, the relator received a $2.61 million share. The case was pending in the Eastern District of California.
The violations
According to the complaint, Aerojet allegedly made false claims related to the Department of Defense’s cybersecurity guidelines under the Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 and National Aeronautics and Space Administration Federal Acquisition Regulation Supplement (NFARS) clause 1852.204-76.
In this case, a former senior director of cybersecurity, compliance and controls at Aerojet acted as the relator. The former employee alleged that the company misled the DOD and NASA in failing to comply with clauses that require contractors to control the spread of unclassified or otherwise sensitive information. The claim alleged that the company knowingly lied about the nature and effectiveness of its compliance in this area. The relator brought this lapse to the attention of their managers, but the company responded by terminating the employee.
Aerojet’s motion to dismiss the case was dismissed in 2019 by a U.S. District Judge in the Eastern District of California, ruling that the allegations could have a bearing on the government’s decision to award contracts to the company and pay its invoices. That decision was the first of its kind, setting a precedent for cybersecurity issues. This settlement involves not an outright crime but a failure to follow regulations and making reckless assertions regarding its compliance.
Putting contractors on notice
This settlement and action highlight the DOJ’s commitment to investigating False Claims Act cases that fall under 2021’s Civil Cyber-Fraud Initiative. Contractors and others working in defense serve their best interests by clearly understanding the initiative’s requirements. Many see this case as a statement that puts government contractors on notice about cybersecurity, particularly those in the defense industry.