This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken
Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity StrategyDoD
Department of Defense Publishes Notice of Proposed Rulemaking on Disclosure of Computer and Source Code to Foreign Entities
On November 15, 2024, the Department of Defense (“DoD”) published a Notice of Proposed Rulemaking (“Proposed Rule”) entitled “Defense Federal Acquisition Regulation Supplement: Disclosure of Information Regarding Foreign Obligations.” The Proposed Rule would impose new disclosure obligations on “Offeror[s]” (pre-award) and “Contractor[s]” (post-award) that are triggered in certain…
Continue Reading Department of Defense Publishes Notice of Proposed Rulemaking on Disclosure of Computer and Source Code to Foreign EntitiesOctober 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by…
Continue Reading October 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity StrategyPenn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations
On Tuesday, October 22, 2024, Pennsylvania State University (“Penn State”) reached a settlement with the Department of Justice (“DoJ”), agreeing to pay the US Government (“USG”) $1.25M for alleged cybersecurity compliance violations under the False Claims Act (“FCA”). This settlement follows a qui tam action filed by a whistleblower and former employee of Penn State’s Applied Research Laboratory. The settlement agreement provides some additional insight into the priorities of DoJ’s Civil Cyber Fraud Initiative (“CFI”) and the types of cybersecurity issues of interest to the Department. It also highlights the extent to which DoJ is focusing on the full range of cybersecurity compliance obligations that exist in a company’s contract in enforcement actions.Continue Reading Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations
DOD Office of Strategic Capital Begins Its Direct Lending Efforts to Secure U.S. Industrial Base
The Office of Strategic Capital (“OSC”) within the Department of Defense (“DOD”) has launched a Credit Program, under which it will provide debt financing in critical technology areas that drive national and economic security. As an initial step, OSC is soliciting applications for equipment loans, which may be submitted between…
Continue Reading DOD Office of Strategic Capital Begins Its Direct Lending Efforts to Secure U.S. Industrial BaseCybersecurity Maturity Model Certification (CMMC) Program Final Rule Announced
On October 11, 2024, the U.S. Department of Defense (“DoD”) released an unpublished version of the Cybersecurity Maturity Model Certification (“CMMC”) Program Rule. The final rule will be published in the Federal Register on October 15, 2024 and will become effective sixty days after publication. This rule formally establishes the CMMC Program for DoD and is one of two complementary sets of regulations that govern operation of the Program. Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Final Rule Announced
Percipient.ai, Inc. v. U.S.: Government Requests Reconsideration of Federal Circuit’s Decision on Bid Protest Jurisdiction and Standing
As previously discussed on this blog, the Federal Circuit issued a major decision in June 2024 addressing bid protest jurisdiction and standing at the Court of Federal Claims (“COFC”): Percipient.ai, Inc. v. United States.
On September 5, 2024, the United States filed a petition for rehearing of that case — requesting that the Federal Circuit reconsider its decision, either through a rehearing by the same panel or by the full court in an en banc proceeding. Subsequently, on September 26, 2024, the protester (Percipient) filed an opposition to the petition. It will be worth watching whether the Federal Circuit grants the government’s petition and, if so, whether any rehearing will result in a change to Percipient.ai’s holdings.Continue Reading Percipient.ai, Inc. v. U.S.: Government Requests Reconsideration of Federal Circuit’s Decision on Bid Protest Jurisdiction and Standing
You Can’t Always Get What You Want: ASBCA Channels Rolling Stones and Awards Contractor $4.9 Million in Delay Damages
A recent decision by the Armed Services Board of Contract Appeals found the Navy liable to a commercial crane manufacturer for delay damages. In Konecranes Nuclear Equip. & Servs., LLC, ASBCA No. 62797, 2024 WL 2698011 (May 7, 2024), the Board reiterated the age-old lesson—you have to read the contract—and provided guidance about how to calculate the delay damages. Beyond that, the Board found apparent inspiration for part of its holding in an unlikely source: a classic song by the Rolling Stones.Continue Reading You Can’t Always Get What You Want: ASBCA Channels Rolling Stones and Awards Contractor $4.9 Million in Delay Damages
Percipient.ai, Inc. v. U.S.: Matters of Contract Administration Can Be Fair Game For COFC Protests, Even When They Involve a Task Order
On June 7, 2024, the Federal Circuit issued a major decision addressing bid protest jurisdiction and standing at the Court of Federal Claims (“COFC”). In Percipient.ai, Inc. v. United States, the court found that COFC has jurisdiction to hear a protest challenging a matter of contract administration — even where the matter arose in connection with a task order — and articulated a new test for standing applicable to the facts presented in that case. Continue Reading Percipient.ai, Inc. v. U.S.: Matters of Contract Administration Can Be Fair Game For COFC Protests, Even When They Involve a Task Order
DoD Expands Contractor Cybersecurity Information Sharing Program
On March 12, 2024, the Department of Defense (DoD) published a final rule, revising the eligibility criteria for the voluntary DoD Defense Industrial Base (DIB) Cybersecurity (CS) Activities Program. The intent of the rule is to permit all defense contractors that own or operate unclassified information systems that process, store, or transmit covered defense information to participate in the program. Previously, only cleared contractors were permitted to participate in the sharing of this information. The final rule also amends identity proofing requirements by eliminating the need to obtain a medium security certificate to participate in either the voluntary or mandatory reporting regimes. The rule will take effect on April 11, 2024, and DoD anticipates a significant increase in contractor participation.
Additional information about the rule is outlined below.Continue Reading DoD Expands Contractor Cybersecurity Information Sharing Program