Cybersecurity Spotlight: DOJ Intensifies Scrutiny of Contractors’ Cyber Practices

Last updated on by on Categories
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

Cybersecurity Under Scrutiny: DOJ Intensifies Inquiry into Contractors’ Cybersecurity Protocols

Federal contractors must diligently comprehend and implement their contractual responsibilities, particularly concerning the newly established DFARS mandates.

Joshua Mullen, Luke Cass, Christopher Lockwood, and Tyler Bridegan

December 4, 2025, 3:29 pm

The Department of Justice (DOJ) has recently concluded multiple investigations concerning the cybersecurity practices of federal contractors, a move encapsulated within the ambit of the federal government’s Civil Cyber-Fraud Initiative.

Initiated in 2021, this initiative represents the DOJ’s commitment to addressing cybersecurity-related fraud perpetrated by government contractors and grant recipients under the provisions of the False Claims Act.

In the intervening period, the DOJ has publicly disclosed approximately 15 settlements with federal contractors, though it is plausible that additional investigations are ongoing, shrouded from public scrutiny.

The recent settlements indicate a steadfast resolve from the current administration to uphold stringent cybersecurity practices among government contractors, thereby bolstering defenses against emergent cyber threats that compromise sensitive government data and vital systems.

These legal resolutions are particularly timely, coinciding with the impending November 10 implementation of the Defense Department’s final rule revising the Defense Federal Acquisition Regulation Supplement, which integrates the standards of the Cybersecurity Maturity Model Certification.

Significant DOJ Cyber-Fraud Resolutions

Among the notable judgments, one prominent case was announced in July 2025. Hill Associates consented to remit a minimum of $14.75 million to the United States.

The allegations stated that Hill Associates failed to meet the technical evaluations required by the General Services Administration (GSA) to provide adaptive cybersecurity services, yet still submitted claims for such services, thereby violating the FCA.

The second settlement, in the United States, ex. rel. Lenore v. Illumina Inc. was also revealed in July 2025, leading to Illumina committing to pay $9.8 million, despite a denial of wrongdoing.

Allegations claimed that Illumina sold genomic sequencing systems to federal agencies, including the Departments of Health and Human Services, Homeland Security, and Agriculture, despite the presence of cybersecurity vulnerabilities within those systems.

Specifically, it was alleged that Illumina:

(1) misrepresented compliance with cybersecurity standards,
(2) neglected to embed cybersecurity considerations in software design and operation,
(3) inadequately supported personnel responsible for product security, and
(4) failed to rectify design flaws that introduced cybersecurity weaknesses.

On the same day, the DOJ disclosed a third settlement involving Aero Turbine Inc. and Gallant Capital Partners, LLC, yielding a $1.75 million resolution.

The DOJ contended that Aero willfully neglected its cybersecurity contractual obligations with the Department of the Air Force.

The contractor failed to implement required security measures as delineated by NIST Special Publication 800-171, which governs the protection of controlled unclassified information, notably allowing unauthorized access to sensitive defense data.

The most recent DOJ settlement, announced in September 2025, concerned the Georgia Tech Research Corporation (GTRC), which agreed to pay $875,000 to resolve a whistleblower complaint regarding its failure to comply with cybersecurity protocols in its Department of Defense contracts.

Allegations posited that until December 2021, GTRC neglected to apply, update, or utilize anti-virus or anti-malware tools across various systems while conducting sensitive cyber-defense research.

Furthermore, they reportedly submitted a misleading cybersecurity assessment score of 98, based on an illusory environment that did not reflect actual operational conditions.

Implications for Federal Contractors

A brass padlock sits on a laptop keyboard illuminated by red and green lights, symbolizing cybersecurity or data protection.

These recent enforcement actions impart crucial insights for federal contractors:

  • Cyber fraud can be ascertained without a federal contractor experiencing a cyber breach.
  • The DOJ scrutinizes numerous practices indicative of cyber fraud, focusing on a contractor’s cybersecurity measures throughout product development and deployment, in addition to statements concerning assessment scores.
  • Whistleblower complaints receive significant attention, with many of the recent cases originating from former employees of federal contractors.
  • To alleviate these risks, it is imperative for federal contractors to thoroughly understand and enact their contractual obligations, especially in light of the new DFARS requirements.
  • Contractors are encouraged to:
  • (1) Review and internalize their cybersecurity contractual obligations;
  • (2) Foster collaboration with relevant internal teams (information security, IT, etc.) to ensure effective implementation of obligations;
  • (3) Establish processes for ongoing compliance monitoring with contractual responsibilities.

Source link: Federalnewsnetwork.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

RS Web Solutions

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.
Share the Love
Related News Worth Reading
 
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.

Trustpilot
Content Safety

HERO

rswebsols.com
Trustworthy

Approved by Sur.ly

Important Links
Free Tools
Categories
Popular Tags
Our Partners
Copyright © 2025 - RS Web Solutions (RSWEBSOLS) | All Rights Reserved. Image credit: Unsplash | Pixabay | Pexels | Freepik.