Government Contracts FCA Claims Alleging Cybersecurity Noncompliance Survive
Tuesday, June 25, 2019

FCA Claims Alleging Cybersecurity Noncompliance Survive

By Government Contracts Editorial Staff

A motion to dismiss a False Claims Act qui tam action was denied in part because the District Court for the Eastern District of California found the relator plausibly pled that the contractor’s alleged failure to fully disclose the full extent of its noncompliance with cybersecurity requirements was material to the government’s decision to award and make payments on the relevant contracts. Alleging promissory fraud, or fraud in the inducement, and false certification in violation of 31 USC 3729(a)(1)(A) and (B), the relator contended the defense and aerospace contractor and its parent company misrepresented the contractor’s compliance with cybersecurity requirements under DFARS 252.204-7012 and NFS 1852.204-76, and the government awarded the contracts and made payments based on allegedly false and misleading statements. The defendants contended the relator insufficiently pled facts as to whether the misrepresentations were material. Under §3729(b)(4), a falsehood is material if it has “a natural tendency to influence, or be capable of influencing, the payment or receipt of money or property.” The materiality standard is “demanding,” and a misrepresentation is not material simply because the government requires compliance with certain requirements as a condition of payment, but “[h]alf-truths … omitting critical qualifying information … can be actionable misrepresentations” (Universal Health Services, Inc. v U.S. ex rel. Escobar, 136 SCt 1989).

“Cherrypicked” Disclosures. The defendants first argued the contractor disclosed to the government that it did not comply with the relevant regulations, but the relator alleged the defendants did not fully disclose the extent of the contractor’s noncompliance and the misrepresentations persisted while the contractor submitted invoices for its services. Evidence the government informed the contracting officer it could not waive compliance and the contractor “cherrypicked” the data it chose to report suggested the government may not have awarded the contracts if it had known the full extent of the contractor’s noncompliance. In addition, the government’s award of additional contracts since its investigation into the relator’s allegations and its decision not to intervene were not dispositive, and the appropriate inquiry was whether the contractor’s alleged misrepresentations were material at the time the government entered into or made payments on the relevant contracts. There also was no merit to the defendants’ argument the contractor’s noncompliance did not go to the central purpose of the contracts, because noncompliance with the cybersecurity regulations could have affected the contractor’s ability to handle technical information pertaining to missile defense and rocket engine technology. Finally, the defendants argued the government’s response to the defense industry’s noncompliance as a whole weighed against a finding of materiality. However, even if the government never expected full technical compliance, the relator properly pled that the extent to which a company was technically compliant mattered to the government’s decision to enter into a contract. (U.S. ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., et al., DC ED Cal, 63 CCF ¶81,670)

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More