Photo of Robert Huffman

Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under President Trump’s AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice's Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Contact:Read more about Robert HuffmanEmail

On February 20, 2026, the Supreme Court struck down an extensive series of tariffs imposed last year by President Trump, holding that they were not authorized under the International Emergency Economic Powers Act (“IEEPA”).  And on March 4, 2026, the United States Court of International Trade began the process of refunding certain of “the millions of entries that were subject to IEEPA,” through a process known in the international trade context as liquidating. 

These recent decisions by the Supreme Court and Court of International Trade may prompt federal contractors to consider seeking refunds of tariffs paid to import goods required to perform under their government contracts.  As we covered in a previous post, government contracts may contain clauses allowing for price increases following the imposition of a new federal tax.  These clauses can also work the other way and require a price decrease (or a credit to the Government under a cost-reimbursement contract) in the event of an after-relieved tax.  

Continue Reading Tariff Takedown:  Implications of Tariff Refunds for Government Contractors

On January 23, 2026, the Office of Management and Budget (OMB) issued Memorandum M-26-05 “Adopting a Risk-based Approach to Software and Hardware Security,” which rescinds a previous Biden Administration’s requirement for all federal agencies to obtain a self-attestation from software producers in the “Common Form” developed by the Cybersecurity and Infrastructure Security Agency (CISA) before using certain third-party software.  As its rationale, OMB noted that the prior memoranda diverted agencies from developing tailored assurance requirements and failed to account for threats posed by insecure hardware.  Memorandum M-26-05 signals that the federal government is moving away from a “one-size fits-all” approach to software security and will instead allow each agency to develop tailored requirements.  In creating their own assurance requirements, agencies may still require a self-attestation and/or Software Bill of Materials (SBOM) from the software vendor if the agency determines that such assurances are necessary based on the risks involved and the agency’s needs.

Continue Reading OMB Rescinds the “Common Form” Secure Software Attestation Requirement

The past month has marked a series of announcements from the Department of War (the “Department”) emphasizing rapid deployment of artificial intelligence (“AI”) industry partnerships.  These announcements signal opportunities for not only the defense industrial base, but also nontraditional defense contractors focused on technology and data.

On January 9, 2026, the Department released two key memoranda: (1) Artificial Intelligence Strategy for the Department of War, setting out measurable pace-setting projects, barrier removal authorities, and mandated data access; and (2) Transforming the Defense Innovation Ecosystem to Accelerate Warfighting Advantage, which aims to unify the defense innovation ecosystem under the Under Secretary of War for Research & Engineering as Chief Technology Officer (“CTO”).  

Shortly after, on January 12, Secretary Hegseth delivered a speech, presenting an overhaul of the Department’s innovation and acquisition ecosystems.

The January 9 memoranda and Secretary Hegseth’s speech signal the Department’s intent to formalize a single, CTO-led innovation operating system designed to produce three outputs: next-generation technology, scalable products, and new ways of fighting—and to do it at “wartime speed,” with AI as the first major proving ground.

Continue Reading Pentagon Releases Artificial Intelligence Strategy

This is the seventh blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The sixth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in August, September

Continue Reading August, September, and October 2025 Cybersecurity Developments Under the Trump Administration

Now that the final Cybersecurity Maturity Model Certification (CMMC) Program and Procurement Rules have been issued by the Department of War (DoW) (see our CMMC Toolkit for in-depth analysis of these Rules) and the CMMC Program is set to begin in earnest, there is some uncertainty in industry as to

Continue Reading How Will DoW Determine Which Level of CMMC Applies to My Agreement?

This blog post discusses the Department of Defense’s (“DoD”) new cybersecurity rule that imposes certain cybersecurity requirements on relevant DoD contractors and subcontractors. The post will be of interest to all DoD contractors, subcontractors, and possibly affiliates of contractors that may be impacted by the new rule’s cybersecurity requirements.

On

Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Procurement Final Rule Announced

Though the 2nd Trump Administration has dramatically turned away from the energy and industrial policies of the Biden Administration, private-sector proponents of advanced energy projects may still find opportunities to partner with the federal government on certain Research and Development (R&D) or commercialization projects in the energy sector. 

Since January 2025, nearly all corners of the federal government have sought to terminate federal grants, loans, and contracts that the Trump Administration has determined are out of step with the government’s revised priorities (such as in the case of various clean energy focused programs or decarbonization initiatives).  Nonetheless, federal agencies have also announced new initiatives providing both financial and non-financial benefits for energy projects that the Trump Administration continues to support.  In particular, there are significant opportunities available for developers of nuclear energy, critical minerals, and geothermal projects, as detailed further below.  

Continue Reading Opportunities for Advanced Energy Partnerships in the 2nd Trump Administration

This is the sixth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The fifth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in July 2025. 

Continue Reading July 2025 Cybersecurity Developments Under the Trump Administration

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  This blog describes AI actions taken by the Trump Administration in July 2025, and prior articles in this series are available here.

White House Issues AI

Continue Reading July 2025 AI Developments Under the Trump Administration

On July 14, 2025, the U.S. Department of Justice (DoJ) and General Services Administration (GSA) announced a $14.75 million settlement of Civil False Claims Act allegations against IT company Hill ASC Inc. (Hill).  This settlement is consistent with the current Administration’s focus on “fraud, waste, and abuse” in government procurement

Continue Reading Recent Cybersecurity FCA Settlement Demonstrates Heightened FCA Risk to Government Contractors