Photo of Robert Huffman

Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under President Trump’s AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice's Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Contact:Read more about Robert HuffmanEmail

This is the seventh blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The sixth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in August, September

Continue Reading August, September, and October 2025 Cybersecurity Developments Under the Trump Administration

Now that the final Cybersecurity Maturity Model Certification (CMMC) Program and Procurement Rules have been issued by the Department of War (DoW) (see our CMMC Toolkit for in-depth analysis of these Rules) and the CMMC Program is set to begin in earnest, there is some uncertainty in industry as to

Continue Reading How Will DoW Determine Which Level of CMMC Applies to My Agreement?

This blog post discusses the Department of Defense’s (“DoD”) new cybersecurity rule that imposes certain cybersecurity requirements on relevant DoD contractors and subcontractors. The post will be of interest to all DoD contractors, subcontractors, and possibly affiliates of contractors that may be impacted by the new rule’s cybersecurity requirements.

On

Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Procurement Final Rule Announced

Though the 2nd Trump Administration has dramatically turned away from the energy and industrial policies of the Biden Administration, private-sector proponents of advanced energy projects may still find opportunities to partner with the federal government on certain Research and Development (R&D) or commercialization projects in the energy sector. 

Since January 2025, nearly all corners of the federal government have sought to terminate federal grants, loans, and contracts that the Trump Administration has determined are out of step with the government’s revised priorities (such as in the case of various clean energy focused programs or decarbonization initiatives).  Nonetheless, federal agencies have also announced new initiatives providing both financial and non-financial benefits for energy projects that the Trump Administration continues to support.  In particular, there are significant opportunities available for developers of nuclear energy, critical minerals, and geothermal projects, as detailed further below.  Continue Reading Opportunities for Advanced Energy Partnerships in the 2nd Trump Administration

This is the sixth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The fifth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in July 2025. 

Continue Reading July 2025 Cybersecurity Developments Under the Trump Administration

This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration.  This blog describes AI actions taken by the Trump Administration in July 2025, and prior articles in this series are available here.

White House Issues AI

Continue Reading July 2025 AI Developments Under the Trump Administration

On July 14, 2025, the U.S. Department of Justice (DoJ) and General Services Administration (GSA) announced a $14.75 million settlement of Civil False Claims Act allegations against IT company Hill ASC Inc. (Hill).  This settlement is consistent with the current Administration’s focus on “fraud, waste, and abuse” in government procurement

Continue Reading Recent Cybersecurity FCA Settlement Demonstrates Heightened FCA Risk to Government Contractors

On July 23, the White House released its AI Action Plan, outlining the key priorities of the Trump Administration’s AI policy agenda.  In parallel, President Trump signed three AI executive orders directing the Executive Branch to implement the AI Action Plan’s policies on “Preventing Woke AI in

Continue Reading Trump Administration Issues AI Action Plan and Series of AI Executive Orders

This is the fifth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The fourth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in June 2025. 

Continue Reading June 2025 Cybersecurity Developments Under the Trump Administration

This is the fourth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in May 2025. 

CISA Releases AI Data Security Guidance

On May 22, the Cybersecurity and Infrastructure

Continue Reading May 2025 Cybersecurity Developments Under the Trump Administration