Since 1986, the little brother to the civil False Claims Act, known as the Program Fraud Civil Remedies Act of 1986 (“PFCRA”), has seen very little use. Section 5203 of the Fiscal Year 2025 National Defense Authorization Act (“NDAA”) seeks to breathe new life into the law by renaming it
Continue Reading Congress Attempts to Revitalize the Program Fraud Civil Remedies ActRobert Huffman
Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under the October 2023 AI Executive Order.
Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice's Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.
Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based.
Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.
November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken…
Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity StrategyDepartment of Defense Publishes Notice of Proposed Rulemaking on Disclosure of Computer and Source Code to Foreign Entities
On November 15, 2024, the Department of Defense (“DoD”) published a Notice of Proposed Rulemaking (“Proposed Rule”) entitled “Defense Federal Acquisition Regulation Supplement: Disclosure of Information Regarding Foreign Obligations.” The Proposed Rule would impose new disclosure obligations on “Offeror[s]” (pre-award) and “Contractor[s]” (post-award) that are triggered in certain…
Continue Reading Department of Defense Publishes Notice of Proposed Rulemaking on Disclosure of Computer and Source Code to Foreign EntitiesNovember 2024 Developments Under President Biden’s AI Executive Order
This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023. The first blog summarized the AI EO’s key provisions and related OMB guidance, and subsequent blogs described the actions taken by various government agencies to implement the AI EO from November 2023 through October 2024. This blog describes key actions taken to implement the AI EO during November 2024 and potential implications of the 2024 U.S. election. We will discuss developments during November 2024 to implement President Biden’s 2021 Executive Order on Cybersecurity in a separate post. Continue Reading November 2024 Developments Under President Biden’s AI Executive Order
October 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by…
Continue Reading October 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity StrategyCISA Releases Guidance on Minimum Expectations for Software Bill of Materials
On October 15, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published software bill of materials (“SBOM”) guidance through the third edition of Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) (dated September 3, 2024) (the “Guidance”). The Guidance provides “a minimum expectation for creating…
Continue Reading CISA Releases Guidance on Minimum Expectations for Software Bill of MaterialsOctober 2024 Developments Under President Biden’s AI Executive Order
This is part of an ongoing series of Covington blogs on the implementation of Executive Order No. 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (the “AI EO”), issued by President Biden on October 30, 2023. The first blog summarized the AI EO’s key provisions and related OMB guidance, and subsequent blogs described the actions taken by various government agencies to implement the AI EO from November 2023 through September 2024. This blog describes key actions taken to implement the AI EO during October 2024. We will discuss developments during October 2024 to implement President Biden’s 2021 Executive Order on Cybersecurity in a separate post. Continue Reading October 2024 Developments Under President Biden’s AI Executive Order
Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations
On Tuesday, October 22, 2024, Pennsylvania State University (“Penn State”) reached a settlement with the Department of Justice (“DoJ”), agreeing to pay the US Government (“USG”) $1.25M for alleged cybersecurity compliance violations under the False Claims Act (“FCA”). This settlement follows a qui tam action filed by a whistleblower and former employee of Penn State’s Applied Research Laboratory. The settlement agreement provides some additional insight into the priorities of DoJ’s Civil Cyber Fraud Initiative (“CFI”) and the types of cybersecurity issues of interest to the Department. It also highlights the extent to which DoJ is focusing on the full range of cybersecurity compliance obligations that exist in a company’s contract in enforcement actions.Continue Reading Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations
September 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through August 2024. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during September 2024. We discuss developments during September 2024 to implement President Biden’s Executive Order on Artificial Intelligence in a separate post. Continue Reading September 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
Cybersecurity Maturity Model Certification (CMMC) Program Final Rule Announced
On October 11, 2024, the U.S. Department of Defense (“DoD”) released an unpublished version of the Cybersecurity Maturity Model Certification (“CMMC”) Program Rule. The final rule will be published in the Federal Register on October 15, 2024 and will become effective sixty days after publication. This rule formally establishes the CMMC Program for DoD and is one of two complementary sets of regulations that govern operation of the Program. Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Final Rule Announced