SolutionsHire top legal talent for any scope of workGet Started Contact us to find the best fit for any in-house or law firm role Testimonials Trusted by the world's leading legal departments FAQ Frequently asked questions about working with Legal.ioEmployer Resources Tools and guides for hiring managers A notable case involves Penn State University, which is accused of non-compliance with DoD cybersecurity obligations and falsely attesting to DFARS compliance since 2018.
In recent weeks, there has been a significant increase in cyber-related False Claims Act (FCA) activity. This surge in activity signals that contractors and universities should brace for additional scrutiny and potential whistleblower claims in this area.
One notable example is a qui tam lawsuit against Penn State University, which was unsealed on September 1, 2023. The lawsuit alleges non-compliance with Department of Defense (DoD) cybersecurity obligations. Specifically, it is claimed that Penn State University failed to provide “adequate security” for Covered Defense Information (CDI), as contractually required by the DFARS 252.204-7012 clause.
Under this clause, “adequate security” is defined as implementing all 110 controls outlined in NIST SP 800-171. Federal regulations require DoD contractors to conduct a self-assessment of compliance with these controls and report a compliance score in DoD’s Supplier Performance Risk System (SPRS).
The lawsuit alleges that Penn State falsified at least 20 documents related to its NIST SP 800-171 self-assessment and other self-attestations. Despite never reaching DFARS compliance, the university had been falsely attesting to compliance since January 1, 2018.
Furthermore, the lawsuit alleges sensitive information was put at risk when the university migrated some of its data to a commercial cloud-storage service. The relator in the case served as the interim Chief Information Officer at Penn State’s Applied Research Laboratory in 2015 and was a part of a team assigned to evaluate Penn State University’s compliance in early 2022.
Implications
These cases suggest that the number of enforcement actions and publicity associated with previously-sealed qui tam cases will continue to increase. They also signal that contractors and universities should brace for additional scrutiny in this area.
In light of these developments, it is crucial for organizations to examine their cybersecurity practices and ensure they are in compliance with all relevant regulations. This includes conducting regular self-assessments of compliance with controls such as those outlined in NIST SP 800-171.
Moreover, organizations must be transparent about their cybersecurity practices. Falsifying documents or attesting to compliance without actually meeting the necessary standards can lead to serious consequences, as seen in the Penn State case. Failure to comply with these standards can result in significant legal and financial consequences.
A federal judge turned to AI programs to interpret a key legal term in a man's appeal of his more than 11-year prison sentence, and despite being “spooked” by variances, concluded that the software could be a "valuable" tool.
The Supreme Court will hear two landmark cases regarding content moderation on social media.
In-house legal professionals discuss what they wish they'd known prior to making the move to in-house.
Our in-house professional community their experiences finding and securing an in-house offer.
In this article, we will discuss 10 Google search tips that you may not be aware of and that will help you increase the efficiency of any legal research task.
Tao brings his extensive experience from Citigroup and Goldman Sachs to strengthen the company's legal operations.
Law firms are integrating AI training into their Summer Associate programs to enhance efficiency in routine tasks and prepare for the future of legal work.
Newly released data by the EEOC shows significant gaps in national median pay between men and women.
The Supreme Court of the United States came out with a flurry of exciting decisions last week, including the decision on the Defense of Marriage Act (“DOMA”).
