Photo of Robert Huffman

Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under the October 2023 AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice's Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Contact:Read more about Robert HuffmanEmail

On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144”) (the “Order”) that modifies certain initiatives in prior Executive Orders issued by Presidents Obama and Biden and highlights key cybersecurity priorities for

Continue Reading White House Issues New Cybersecurity Executive Order

On May 22, 2025, the Cybersecurity and Infrastructure Security Agency (“CISA”), which sits within the Department of Homeland Security (“DHS”) released guidance for AI system operators regarding managing data security risks.  The associated press release explains that the guidance provides “best practices for system operators to mitigate cyber risks through

Continue Reading CISA Releases AI Data Security Guidance

The Government Accountability Office (“GAO”) released a report on the Defense Contract Audit Agency’s (“DCAA”) past and future use of private-sector, independent public accountants to augment its auditor workforce. The initiative—approved under Section 803 of the Fiscal Year (“FY”) 2018 National Defense Authorization Act (“NDAA”)—began in fiscal year 2020 and was originally envisioned by Congress as a tool to reduce DCAA’s backlog of incurred cost audits. But, as GAO noted, DCAA had largely eliminated its audit backlog by the end of FY 2018, primarily through its reliance on risk-based sampling methodology, which reduced the number of audits DCAA was required to complete.Continue Reading GAO: DCAA Built a Valuable Bench of Independent Public Accountants, Now What?

This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in April 2025. 

NIST Publishes Initial Draft of Guidance for High Performance Computing Systems

U.S. National

Continue Reading April 2025 Cybersecurity Developments Under the Trump Administration

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  This blog describes AI actions taken by the Trump Administration in April 2025, and prior articles in this series are available here.

White House OMB Issues

Continue Reading April 2025 AI Developments Under the Trump Administration

Last Monday, April 28, 2025, the House passed a bill titled Removing Our Unsecure Technologies to Ensure Reliability and Security (“ROUTERS”) Act (H.R. 866), which directs the Secretary of Commerce to study national security risks and cybersecurity vulnerabilities “posed by consumer routers, modems, and devices that combine a modem and router, that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the influence of a covered country.”  Similar to some other recent supply chain requirements imposed on federal contractors, the bill defines “covered countries” by reference to 10 U.S.C. 4872, which prohibits the acquisition of sensitive materials from North Korea, Russia, Iran, and China.Continue Reading ROUTERS Act on the Horizon: U.S. House Passes New Legislation

This is the second blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in March 2025. 

Trump Administration Executive Order on Achieving Efficiency

On March 19, 2025, the Trump

Continue Reading March 2025 Cybersecurity Developments Under the Trump Administration

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  This blog describes AI actions taken by the Trump Administration in March 2025, and prior articles in this series are available here.

White House Receives Public

Continue Reading March 2025 AI Developments Under the Trump Administration

On April 3, the White House Office of Management and Budget (“OMB”) released two memoranda with AI guidance and requirements for federal agencies, Memorandum M-25-21 on Accelerating Federal Use of AI through Innovation, Governance, and Public Trust (“OMB AI Use Memo“) and Memorandum M-25-22 on Driving Efficient Acquisition of Artificial

Continue Reading OMB Issues First Trump 2.0-Era Requirements for AI Use and Procurement by Federal Agencies

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  The first blog summarized key actions taken in the first weeks of the Trump Administration, including the revocation of President Biden’s 2023 Executive Order 14110 on the “Safe, Secure, and Trustworthy Development and Use of AI” and the release of President Trump’s Executive Order 14179 on “Removing Barriers to American Leadership in Artificial Intelligence” (“AI EO”).  This blog describes actions on AI taken by the Trump Administration in February 2025.Continue Reading February 2025 AI Developments Under the Trump Administration