Attention Whistleblowers: DOJ Announces Cyber Fraud Initiative
On October 6, Deputy Attorney General Lisa Monaco announced that the Department of Justice will launch a Civil Cyber-Fraud Initiative to combat new cyber threats and hold accountable those “that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
Why is this interesting to whistleblowers? To combat cyber-fraud, DOJ will lean heavily on the government’s main fraud-fighting tool, the federal False Claims Act, which permits whistleblowers to file suit on behalf of the government and share in 15-30% of the recovery. Successful whistleblower actions have been brought regarding failures by information technology companies to comply with government standards, and in July, 2019, the first-ever settlement involving violations of the cybersecurity standards became public, in a case against Cisco involving a Constantine Cannon client.
By combining the department’s expertise in civil fraud enforcement, government procurement and cybersecurity, DOJ will use the new Civil Cyber Fraud Initiative to pursue federal contractors and other recipients of federal funds that fail follow required cybersecurity standards. According to Monaco, the initiative will offer new tools to “ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”
Federal Government Actions on Cybersecurity Enforcement
Earlier this summer, the Biden administration announced a plan to improve the nation’s cybersecurity infrastructure, made cybersecurity an enforcement priority, devoted additional resources to enforcement and upgrades, and strengthened technology standards. Many of these planned improvements focus on the federal government’s own information resources and modernization of federal networks.
Compliance with security standards for federal contractors has long been a requirement in many federal contracts (and a source for False Claims Act liability if those provisions are not complied with). And with the government being a major purchaser of information and cybersecurity technology, this can be a moment where the government can help set standards for the entire industry.
Next Steps for DOJ’s Civil Cyber-Fraud Initiative
An announcement like this one generally leads to significantly more resources being contributed to a focus area and thus more enforcement actions. We expect to see that here. The specific priorities that the DOJ announced were any misrepresentations about a company’s cybersecurity practices or failures to monitor and report breaches. These areas are often highly technical, opaque, fact specific, and hard for an outsider to spot problems in. That’s what makes whistleblowers and insiders with the courage to come forward and report fraud so important. The government’s choice to enforce these requirements through the FCA is a very clear signal that they agree.
So, whistleblowers, the DOJ is speaking to you: if you see cybersecurity breaches by a federal contractor or recipient of federal funds, they want to hear about it.
- Blowing the Whistle on Data Breaches and Cybersecurity Flaws
- The False Claims Act
- Cisco Whistleblower Represented by Constantine Cannon Wins First-Ever False Claims Act Settlement for Cybersecurity Fraud
- Whistleblower FAQs
- Contact us for a confidential consultation