Investigations, Enforcement, & Compliance Alerts

Cybersecurity requirements for contractors doing business with the U.S. federal government are nothing new. 

On October 22, 2024, the Department of Justice announced a False Claims Act (FCA) settlement related to a government contractor’s failure to adhere to certain cybersecurity requirements. Specifically, Pennsylvania State University (Penn State) has agreed to pay US$1.25M to resolve allegations that it violated the FCA by failing to comply with cybersecurity requirements in fifteen contracts or subcontracts involving the Department of Defense (DOD) or the National Aeronautics and Space Administration (NASA). The DOJ announcement is available here: https://www.justice.gov/opa/pr/pennsylvania-state-university-agrees-pay-125m-resolve-false-claims-act-allegations-relating.

It is no longer a secret that the U.S. Department of Justice (DOJ) has recently, and in some ways radically, increased its enforcement of the Foreign Agents Registration Act (FARA or the Act) and related foreign influence and lobbying laws that require adequate disclosure and transparency about domestic activities performed on behalf of foreign governments, companies, nonprofits, and other foreign actors. The uptick in recent prosecutions centered around improper foreign influence has been highlighted by the latest indictment of New York Mayor Eric Adams for allegedly receiving bribes and soliciting illegal campaign contributions from foreign sources tied to Turkey. He’s the third politician in just the last year who has been charged with crimes involving foreign influence operations—in the case of New Jersey Senator Bob Menendez, it was Egypt, and for Texas Congressman Henry Cuellar, it was Azerbaijan and a Mexican bank.

The Securities and Exchange Commission (SEC) recently charged a public company with violations of Regulation Fair Disclosure (“Regulation FD”) stemming from social media posts by the company’s CEO. These charges are evidence of a trend toward increased Regulation FD enforcement by the SEC.

The U.S. Department of Justice (DOJ) recently updated its Evaluation of Corporate Compliance Programs (ECCP) to reflect emerging challenges in corporate compliance.

The Department of Defense (DOD) is expected to finalize a new rule by the end of 2023 that will significantly enhance the Cybersecurity Maturity Model Certification (CMMC) framework and related cybersecurity requirements for defense contractors.