Published on October 9th, 2021 📆 | 5506 Views ⚑
0Department of Justice Announces New Civil Fraud Cybersecurity Enforcement Team | Alston & Bird
On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the Department of Justiceâs Civil Cyber-Fraud Initiative. The Department plans to use civil enforcement tools to âpursueâŚthose who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards.â Stating the Department will pursue âvery hefty fines,â this initiative will combine the Departmentâs roles in civil fraud enforcement, government procurement, and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.
- Government Contractors Should Expect Increased False Claims Act Risk.
The Department states it will use the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients. It expects to focus on three groups of entities: (a) those that knowingly provide deficient cybersecurity products or services; (b) those that knowingly misrepresent their cybersecurity practices or protocols; and (c) those that knowingly violate obligations to monitor and report cybersecurity incidents and breaches.
This announcement comes on the heels of the Department of Defenseâs Cybersecurity Maturity Model Certification which requires contractors to, among other things, attest to certain levels of cybersecurity compliance. It also comes as the Biden Administration has already ordered the development of cybersecurity standards for government contractors and Congress is considering new reporting requirements for cybersecurity incidents and ransomware payments by companies providing critical infrastructure. These factors all combine to increase the risk that government contractors will be forced to defend against False Claims Act allegations.
- The Department of Justice Is Already Seeking Whistleblowers Which May Also Trigger Private False Claims Act Enforcement.
The Departmentâs announcement specifically mentions relying on whistleblowers and private parties to assist the government in bringing these actions. It also solicits âtips and complaints from all sourcesâ regarding cyber-related fraud, waste, abuse, and mismanagement. The False Claims Actâs qui tam provisions allow whistleblowers to sue on behalf of the government and receive a portion of the award as compensation. As such, government contractors may expect not only DOJ enforcement but also plaintiffsâ lawyers alleging lapses in cybersecurity and data breach reporting.
[View source.]
Gloss