This is the sixth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The fifth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in July 2025. 

Trump Administration Issues AI Action Plan, including Actions Focused on Cybersecurity

On July 23, the White House released its Artificial Intelligence (“AI”) Action Plan, outlining the key priorities of the Trump Administration’s AI policy agenda.  The 28-page plan, titled “Winning the Race: America’s AI Action Plan,”  fulfills the core requirement of President Trump’s January 23 EO 14179 on “Removing Barriers to American Leadership in Artificial Intelligence,” which directed the Assistant to the President for Science & Technology, White House AI & Crypto Czar, and National Security Advisor to develop and submit an action plan for achieving the EO’s policy of sustaining and enhancing America’s global AI dominance.  We wrote about the AI Action Plan and three supplemental EOs accompanying the AI Action Plan here.

The AI Action Plan includes a focus on AI cybersecurity and secure-by-design AI.  The AI Action Plan provides that promoting resilient and secure AI development and deployment is a “core activity of the U.S. government,” and calls for all AI used in safety-critical or homeland security applications to be “secure-by-design, robust, and resilient,” able to detect performance shifts, and alert to malicious activities, such as data poisoning or adversarial example attacks.  To achieve these goals, the AI Action Plan calls for certain efforts that are focused specifically on bolstering critical infrastructure cybersecurity and promoting secure by design practices, including:

  • Establishing an AI Information Sharing and Analysis Center (AI-ISAC) to promote AI-security threat information and intelligence sharing across critical infrastructure sectors;
  • Issuing private sector guidance on responding to AI-specific vulnerabilities and threats;
  • Ensuring that known AI vulnerabilities are shared by Federal agencies to the private sector as appropriate, using existing cyber vulnerability sharing mechanisms;
  • The Department of Defense to refine its Responsible AI and Generative AI Frameworks, Roadmaps, and Toolkits; and
  • The Director of National Intelligence to publish an Intelligence Community Standard on AI Assurance under Intelligence Community Directive 505 on AI governance and management.

Recent Cybersecurity FCA Settlements Demonstrate Heightened FCA Risk to Government Contractors

The Government announced several Civil False Claims Act (“FCA”) settlements focused on cybersecurity in July, signaling a continued focus on cybersecurity civil fraud.  On July 14, 2025, the U.S. Department of Justice (“DoJ”) and General Services Administration (“GSA”) announced a $14.75 million settlement of FCA allegations against IT company Hill ASC Inc.  We wrote about this settlement here.  This settlement is consistent with the current Administration’s focus on “fraud, waste, and abuse” in government procurement and the DoJ FCA initiative focused on cybersecurity fraud.  This also follows the Department’s Criminal Division announcement of corporate procurement fraud as an enforcement priority

Soon thereafter, on July 31, 2025, DoJ announced a settlement agreement with Illumina, Inc., which agreed to pay $9.8 million to resolve claims arising from alleged cybersecurity vulnerabilities in genomic sequencing systems that the company sold to federal agencies.  We wrote about this settlement here.

These cases are the latest in a series of FCA settlements under the current administration that evidence DoJ’s continued focus on compliance with cybersecurity obligations for government contractors, particularly those that maintain sensitive data and personal information on behalf of federal customers. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Nooree Lee Nooree Lee

Nooree Lee represents government contractors in all aspects of the procurement process and focuses his practice on the regulatory aspects of M&A activity, procurements involving emerging technologies, and international contracting matters.

Nooree advises government contractors and financial investors regarding the regulatory aspects of…

Nooree Lee represents government contractors in all aspects of the procurement process and focuses his practice on the regulatory aspects of M&A activity, procurements involving emerging technologies, and international contracting matters.

Nooree advises government contractors and financial investors regarding the regulatory aspects of corporate transactions and restructurings and – more recently – on equity investments by the U.S. government. His experience includes preparing businesses for sale, negotiating deal documents, coordinating large-scale diligence processes, and navigating pre- and post-closing regulatory approvals and integration. He has advised on 40+ M&A deals involving government contractors totaling over $30 billion in combined value. This includes Veritas Capital’s acquisition of Cubic Corp. for $2.8 billion; the acquisition of Perspecta Inc. by Veritas Capital portfolio company Peraton for $7.1 billion; and Cameco Corporation’s strategic partnership with Brookfield Renewable Partners to acquire Westinghouse Electric Company for $7.8+ billion.

Nooree also counsels clients focused on delivering emerging technologies to public sector customers. Over the past several years, his practice has expanded to include advising on the intersection of government procurement and artificial intelligence. Nooree counsels clients on the negotiation of AI-focused procurement and non-procurement agreements with the U.S. government and the rollout of federal and state-level regulations impacting the procurement and deployment of AI solutions on behalf of government agencies.

Nooree also counsels clients navigating the Foreign Military Sales (FMS) program and Foreign Military Financing (FMF) arrangements. Nooree has advised both U.S. and ex-U.S. companies in connection with defense sales to numerous foreign defense ministries, including those of Australia, Israel, Singapore, South Korea, and Taiwan.

In addition to his government contracts advising, Nooree assists clients with navigating federal Freedom of Information Act and state public records requirements, including objecting to a government agency’s proposed release of a company’s proprietary information.

Nooree maintains an active pro bono practice focusing on appeals of denied industrial security clearance applications and public housing and housing discrimination matters. In addition to his work within the firm, Nooree is an active member of the American Bar Association’s Section of Public Contract Law and has served on the Section Council and the Section’s Diversity Committee. He also served as the firm’s Fellow for the Leadership Council on Legal Diversity program in 2023.

Read more about Nooree LeeEmailNooree's Linkedin Profile
Show more Show less
Photo of Robert Huffman Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing…

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under President Trump’s AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice’s Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Read more about Robert HuffmanEmail
Show more Show less
Photo of Ryan Burnette Ryan Burnette

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain…

Ryan Burnette is a government contracts and technology-focused lawyer that advises on federal contracting compliance requirements and on government and internal investigations that stem from these obligations. Ryan has particular experience with defense and intelligence contracting, as well as with cybersecurity, supply chain, artificial intelligence, and software development requirements.

Ryan also advises on Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) compliance, public policy matters, agency disputes, and government cost accounting, drawing on his prior experience in providing overall direction for the federal contracting system to offer insight on the practical implications of regulations. He has assisted industry clients with the resolution of complex civil and criminal investigations by the Department of Justice, and he regularly speaks and writes on government contracts, cybersecurity, national security, and emerging technology topics.

Ryan is especially experienced with:

Government cybersecurity standards, including the Federal Risk and Authorization Management Program (FedRAMP); DFARS 252.204-7012, DFARS 252.204-7020, and other agency cybersecurity requirements; National Institute of Standards and Technology (NIST) publications, such as NIST SP 800-171; and the Cybersecurity Maturity Model Certification (CMMC) program.
Software and artificial intelligence (AI) requirements, including federal secure software development frameworks and software security attestations; software bill of materials requirements; and current and forthcoming AI data disclosure, validation, and configuration requirements, including unique requirements that are applicable to the use of large language models (LLMs) and dual use foundation models.
Supply chain requirements, including Section 889 of the FY19 National Defense Authorization Act; restrictions on covered semiconductors and printed circuit boards; Information and Communications Technology and Services (ICTS) restrictions; and federal exclusionary authorities, such as matters relating to the Federal Acquisition Security Council (FASC).
Information handling, marking, and dissemination requirements, including those relating to Covered Defense Information (CDI) and Controlled Unclassified Information (CUI).
Federal Cost Accounting Standards and FAR Part 31 allocation and reimbursement requirements.

Prior to joining Covington, Ryan served in the Office of Federal Procurement Policy in the Executive Office of the President, where he focused on the development and implementation of government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year.  While in government, Ryan helped develop several contracting-related Executive Orders, and worked with White House and agency officials on regulatory and policy matters affecting contractor disclosure and agency responsibility determinations, labor and employment issues, IT contracting, commercial item acquisitions, performance contracting, schedule contracting and interagency acquisitions, competition requirements, and suspension and debarment, among others.  Additionally, Ryan was selected to serve on a core team that led reform of security processes affecting federal background investigations for cleared federal employees and contractors in the wake of significant issues affecting the program.  These efforts resulted in the establishment of a semi-autonomous U.S. Government agency to conduct and manage background investigations.

Read more about Ryan BurnetteEmail
Show more Show less
Photo of August Gweon August Gweon

August Gweon counsels national and multinational companies on new regulatory frameworks governing artificial intelligence, robotics, and other emerging technologies, digital services, and digital infrastructure. August leverages his AI and technology policy experiences to help clients understand AI industry developments, emerging risks, and policy…

August Gweon counsels national and multinational companies on new regulatory frameworks governing artificial intelligence, robotics, and other emerging technologies, digital services, and digital infrastructure. August leverages his AI and technology policy experiences to help clients understand AI industry developments, emerging risks, and policy and enforcement trends. He regularly advises clients on AI governance, risk management, and compliance under data privacy, consumer protection, safety, procurement, and platform laws.

August’s practice includes providing comprehensive advice on U.S. state and federal AI policies and legislation, including the Colorado AI Act and state laws regulating automated decision-making technologies, AI-generated content, generative AI systems and chatbots, and foundation models. He also assists clients in assessing risks and compliance under federal and state privacy laws like the California Privacy Rights Act, responding to government inquiries and investigations, and engaging in AI public policy advocacy and rulemaking.

Read more about August GweonEmailAugust's Linkedin Profile
Show more Show less