Aerojet Rocketdyne received another blow last week in its long running battle to end a 2015 False Claims Act suit alleging it lied about its compliance with cybersecurity requirements in order to win several federal contracts. In United States ex rel. Brian Markus v. Aerojet Rocketdyne, Inc., the relator, Aerojet’s former senior director of cybersecurity, alleged that the company entered into several Department of Defense and NASA contracts while knowingly misrepresenting its compliance with cybersecurity requirements. The relator raised two separate legal theories—implied false certification and fraud in the inducement—based on the company’s alleged failure to fully disclose the extent of its noncompliance with cybersecurity controls required by DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, and NASA FARS 1852.204-76, Security Requirement for Unclassified Information Technology Resources. In 2019, the company’s motion to dismiss on the ground that the relator failed to demonstrate the cybersecurity requirements at issue were material was denied.
Read the full blog post.