Insights

Professional
Practice
Industry
Region
Trending Topics
Location
Type

Sort by:

Client Alerts 11 results

Client Alert | 4 min read | 07.02.26

Logged Out: How LOGZONE's DIBCAC Challenges Put It Squarely in DOJ's Crosshairs

On June 18, 2026, the U.S. Department of Justice (DOJ) announced that LOGZONE Inc., a defense contractor based in Huntsville, Alabama, agreed to pay $507,144 to resolve allegations that it violated the False Claims Act (FCA) by knowingly failing to satisfy cybersecurity requirements in its contracts with the U.S. Department of the Navy. The resolution is the latest action under DOJ’s Civil Cyber-Fraud Initiative and the first publicly reported settlement this fiscal year. It underscores a continued enforcement posture in which noncompliance with contractual cybersecurity obligations serves as the basis for potential FCA liability. Notably, this settlement did not arise from a whistleblower complaint but from a government-initiated assessment, signaling to contractors that proactive government assessments can pose enforcement consequences.
...

Client Alert | 9 min read | 03.16.26

Eight Takeaways After Seven Weeks of OFAC’s Six, wait Seven, New and Updated General Licenses for Venezuela

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued six new general licenses, and updated a seventh that allow for many activities related to: the export of Venezuelan oil and petrochemical products from Venezuela; the exploration, development, and production of oil, gas, and petrochemical products in Venezuela; the generation, transmission, storage, or distribution of electricity in Venezuela; the export to Venezuela of U.S.-origin diluents; negotiating for investment in the oil, gas, petrochemical, and electricity sectors in Venezuela; and the export of Venezuelan gold.
...

Client Alert | 4 min read | 12.23.25

An ITAR-ly Critical Reminder of Cybersecurity Requirements: DOJ Settles with Swiss Automation, Inc.

Earlier this month, the Department of Justice (DOJ) announced that Swiss Automation Inc., an Illinois-based precision machining company, agreed to pay $421,234 to resolve allegations that it violated the False Claims Act (FCA) by inadequately protecting technical drawings for parts delivered to Department of Defense (DoD) prime contractors.  This settlement reflects DOJ's persistent emphasis on cybersecurity compliance across all levels of the defense industrial base, reaching beyond prime contractors to encompass subcontractors and smaller suppliers.  The settlement is also a reminder to all contractors not to overlook the often confusing relationship between Controlled Unclassified Information (CUI) and export-controlled information.
...

Client Alert | 5 min read | 10.06.25

From Yellow Jackets to Red Flags: DOJ Stings Georgia Tech for Alleged Cybersecurity Noncompliance

On September 30, 2025, the Department of Justice (DOJ) announced that Georgia Tech Research Corporation (GTRC) agreed to pay $875,000 to settle allegations that it violated the False Claims Act (FCA) and federal common law by failing to meet cybersecurity requirements under certain Air Force and Defense Advanced Research Projects Agency (DARPA) contracts.  The settlement adds to the growing list of recoveries under DOJ’s Civil Cyber-Fraud Initiative and is yet another example of DOJ’s ongoing enforcement focus on cybersecurity obligations for federal contractors handling sensitive government information.  The settlement also provides insight into how government contractors may challenge FCA liability when faced with allegations of cybersecurity noncompliance.
...

Client Alert | 5 min read | 09.02.25

Landmark Proposed Rule May Open American Skies to Expanded Commercial Drone Deployments

For years, the deployment of unmanned aircraft systems (UAS), or drones, in U.S. airspace has been constrained by regulations that limited how those devices operated when they strayed beyond the sightline of their human controller. Heretofore, regulations required drone operators to receive individual waivers or exemptions when using drones “beyond their visual line of sight,” known as BVLOS. Industry has felt that these regulations have hampered widespread UAS usage in areas such as package delivery, surveying, and farming, among others.
...

Client Alert | 2 min read | 08.26.25

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:
...

Client Alert | 1 min read | 08.12.25

Grant Slam: New Executive Order Serves Up Changes for Federal Grants

On August 7, 2025, President Trump issued an Executive Order (EO) titled, “Improving Oversight of Federal Grantmaking,” setting out the framework for sweeping changes to the grantmaking process.  The order purports to address the Administration’s concerns about federal grants supporting controversial or ineffective programs and incurring excessive administrative costs.  The EO implements three key changes to federal grant requirements. 
...

Client Alert | 4 min read | 04.01.25

For Better or MORSE: Another Settlement Under DOJ’s Civil Cyber-Fraud Initiative

On March 26, 2025, the Department of Justice (DOJ) announced that defense contractor MORSECORP Inc. (MORSE) will pay $4.6 million to settle allegations that MORSE violated the False Claims Act (FCA) by failing to comply with cybersecurity requirements and subsequently submitting false or fraudulent claims for payment in its contracts with the Departments of the Army and Air Force. This is the first FCA settlement that is based on a defense contractor’s failure to reevaluate and promptly update its self-assessment score in the Supplier Performance Risk System (SPRS) after a third-party assessment resulted in a lower score.
...

Client Alert | 6 min read | 01.23.25

Trump Sets Stage for Future Tariffs and Trade Actions

On his first day in office, President Trump rolled out a sprawling set of directives to the heads of numerous government agencies charged with shaping U.S. trade policy.  While stopping short of enacting new tariffs, the Presidential Memorandum defining an “America First Trade Policy” lays the investigative groundwork for potentially sweeping changes to tariffs and the existing trade environment.   The Memorandum requires various agencies—including, e.g., the Department of Commerce, the Department of the Treasury, and the Office of the U.S. Trade Representative (“USTR”)—to issue upward of twenty reports by April 1, 2025, each one covering a unique trade-related issue pertaining to certain key themes, including unfair and unbalanced trade with all U.S. trading partners, the relationship and impact of trade relations with the People’s Republic of China, and the state of economic security matters relevant for goods entering and exiting the United States. 
...

Client Alert | 7 min read | 01.17.25

Cyber For All: Proposed Rule Introduces Government-Wide CUI Cybersecurity Requirements

On January 15, 2025, the FAR Council released a proposed rule (FAR CUI Rule) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors.  The rule’s key cybersecurity requirements closely mirror the Department of Defense’s Cyber Maturity Model Certification (CMMC) program (for example, compliance with National Institute of Standards and Technology Special Publication 800-171, Revision 2), but broaden the scope to include contractors and subcontractors working across all federal agencies.  The Rule is intended to standardize the handling of CUI by federal government contractors and subcontractors in accordance with Executive Order 13556, including by:
...

Client Alert | 21 min read | 01.07.25

The FY 2025 National Defense Authorization Act: Key Provisions Government Contractors Should Know

On December 23, 2024, the Servicemember Quality of Life Improvement and National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2025 (FY 2025 NDAA) (P.L. 118-159) was signed into law.  The final FY 2025 NDAA takes a narrower approach to acquisition policy and supply chain changes than watchers expected, but it still makes some consequential changes for contractors.  Read on as Crowell & Moring’s Government Contracts group discusses the FY 2025 NDAA’s new supply chain restrictions and requirements, changes to bid protest jurisdiction, cybersecurity requirements, and more.
...