With increasing cybersecurity obligations placed on government contractors come expanding legal risks. Bid protests challenging agency evaluations of offerors' abilities to meet cybersecurity solicitation criteria are becoming more common. See, e.g., Systems Analysis & Integration, Inc., B-416899.2, 2019 Comp. Gen. Proc. Dec. ¶P15, January 2, 2019. A federal district court in California recently denied a motion to dismiss a qui tam case alleging that a company fraudulently entered into a contract knowing that its cybersecurity system did not meet the contract's requirements. United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:25-cv-2245 WBS AC (E.D. Cal. May 2, 2019). Even more recently, the government suspended a contractor for cybersecurity failures evidencing a lack of business integrity.
The suspended company, that was a subcontractor for Custom and Border Protection (CBP) Agency, supplied stationary license place readers at land border crossings in the United States. In May of this year, an individual hacker contacted The Register, a technology publication, advising the publication of a hack of the company's corporate network and providing a list of files exfiltrated from the network. The hacked information included images of license plates and travelers' faces, as well as other personal information. The subcontractor had transferred this information to its own network in violation of CBP policy.
The suspension bars the company from bidding on new work on federal government projects pending completion of an investigation and legal proceedings. These proceedings could lead to up to a three-year debarment prohibiting the company from doing business with the government.
This recent suspension action, the False Claims Act case, and the GAO protests drive home the risk of adverse consequences awaiting contractors who do not have cybersecurity policies and procedures meeting the federal government's mandates. As always, Holland & Knight's Government Contracts group stands ready to assist companies navigate these requirements.
Please note that email communications to the firm through this website do not create an attorney-client relationship between you and the firm. Do not send any privileged or confidential information to the firm through this website. Click "accept" below to confirm that you have read and understand this notice.