This is the sixth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration. The fifth blog is available here and our initial blog is available here. This blog describes key cybersecurity developments that took place in July 2025.
Trump Administration Issues AI Action Plan, including Actions Focused on Cybersecurity
On July 23, the White House released its Artificial Intelligence (“AI”) Action Plan, outlining the key priorities of the Trump Administration’s AI policy agenda. The 28-page plan, titled “Winning the Race: America’s AI Action Plan,” fulfills the core requirement of President Trump’s January 23 EO 14179 on “Removing Barriers to American Leadership in Artificial Intelligence,” which directed the Assistant to the President for Science & Technology, White House AI & Crypto Czar, and National Security Advisor to develop and submit an action plan for achieving the EO’s policy of sustaining and enhancing America’s global AI dominance. We wrote about the AI Action Plan and three supplemental EOs accompanying the AI Action Plan here.
The AI Action Plan includes a focus on AI cybersecurity and secure-by-design AI. The AI Action Plan provides that promoting resilient and secure AI development and deployment is a “core activity of the U.S. government,” and calls for all AI used in safety-critical or homeland security applications to be “secure-by-design, robust, and resilient,” able to detect performance shifts, and alert to malicious activities, such as data poisoning or adversarial example attacks. To achieve these goals, the AI Action Plan calls for certain efforts that are focused specifically on bolstering critical infrastructure cybersecurity and promoting secure by design practices, including:
- Establishing an AI Information Sharing and Analysis Center (AI-ISAC) to promote AI-security threat information and intelligence sharing across critical infrastructure sectors;
- Issuing private sector guidance on responding to AI-specific vulnerabilities and threats;
- Ensuring that known AI vulnerabilities are shared by Federal agencies to the private sector as appropriate, using existing cyber vulnerability sharing mechanisms;
- The Department of Defense to refine its Responsible AI and Generative AI Frameworks, Roadmaps, and Toolkits; and
- The Director of National Intelligence to publish an Intelligence Community Standard on AI Assurance under Intelligence Community Directive 505 on AI governance and management.
Recent Cybersecurity FCA Settlements Demonstrate Heightened FCA Risk to Government Contractors
The Government announced several Civil False Claims Act (“FCA”) settlements focused on cybersecurity in July, signaling a continued focus on cybersecurity civil fraud. On July 14, 2025, the U.S. Department of Justice (“DoJ”) and General Services Administration (“GSA”) announced a $14.75 million settlement of FCA allegations against IT company Hill ASC Inc. We wrote about this settlement here. This settlement is consistent with the current Administration’s focus on “fraud, waste, and abuse” in government procurement and the DoJ FCA initiative focused on cybersecurity fraud. This also follows the Department’s Criminal Division announcement of corporate procurement fraud as an enforcement priority.
Soon thereafter, on July 31, 2025, DoJ announced a settlement agreement with Illumina, Inc., which agreed to pay $9.8 million to resolve claims arising from alleged cybersecurity vulnerabilities in genomic sequencing systems that the company sold to federal agencies. We wrote about this settlement here.
These cases are the latest in a series of FCA settlements under the current administration that evidence DoJ’s continued focus on compliance with cybersecurity obligations for government contractors, particularly those that maintain sensitive data and personal information on behalf of federal customers.