DOJ Highlights Importance of Whistleblowers and False Claims Act to Deter Cyber Fraud

October 19th, 2021

doj cyber fraud cybersecurity whistleblower fca

In 1865, it was whistleblowers who were critical in reporting fraud by those who provided the U.S. War Department with rusty rifles, boats that leaked, and hats that melted in the rain. Today, whistleblowers are now critical to protecting the United States in the digital space. No longer on the battlefield of the Civil War, fraud has moved into the cybersecurity space in the digital age.

Though a concern of the Government for many years, the Department of Justice (DOJ) is significantly increasing its focus on cybersecurity and has launched a Civil Cyber-Fraud Initiative. Deputy Attorney General Lisa Monaco announced at the recent 6th annual Aspen Institute’s Cyber Summit that the DOJ will use its civil enforcement tools, including the False Claims Act, to pursue government contractors who receive federal funds but fail to follow required cybersecurity standards. Said Deputy Attorney General Monaco: “For too long have companies chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward.” [1]

The focus of the task force implementing the Civil Cyber-Fraud Initiative is to pursue cybersecurity-related fraud by government contractors and grant recipients. DOJ has highlighted three types of fraudulent conduct on which it will focus:

    1. Knowingly providing deficient cybersecurity products or services;
    2. Knowingly misrepresenting cybersecurity practices or protocols; and
    3. Knowingly violating obligations to monitor and report cybersecurity incidents and breaches.

Employees and independent contractors who provide information technology and information security services are in a prime position to uncover cybersecurity fraud. But this fraud isn’t limited only to those entities actually providing information technology (IT) services directly to the government – it also includes any company that is contracting with the government to provide goods or services that are possible targets for cyber-attacks. For example, in 2019, DOJ reached an $8.6 million settlement with Cisco Systems, Inc. for selling video surveillance products with known vulnerabilities that could be exploited by hackers.

Another important focus of cybersecurity is government information. For example, compliance with cybersecurity requirements is critical for companies dealing with controlled unclassified information (CUI) and covered defense information (CDI). Protection of such information is critical for a Department of Defense contractor, perhaps selling rockets or missiles to the government, Even though this company isn’t providing IT services per se, its failure to maintain compliant digital security systems could give rise to False Claims Act liability, to say nothing of jeopardizing national security.

Whistleblowers play a critical role in protecting the United States from malicious cyber-attacks. They are often the only individuals in a position to identify a company’s failure to meet cybersecurity requirements including vulnerabilities in cybersystems or actual breaches that threaten the American People’s security and privacy. It is a distressing but true fact that some companies who do business with the Government lie about their cybersecurity compliance. That is the type of fraudulent conduct the DOJ is intent on bringing to light, using the False Claims Act as a powerful civil tool to deter the fraud and provide redress to the Government for compliance failures.

If you have knowledge of cybersecurity fraud involving Government expenditures, a False Claims Act attorney can help you come forward and provide information and assistance to the Government. Besides providing a means to assist the Government in its Civil Cyber-Fraud Initiative, the FCA includes provisions protecting whistleblowers from retaliation and rewarding them with a percentage of any damages proceeds the Government recovers. It may be a new kind of war, but the stakes are high and the Government continues to rely on private persons to blow the whistle and shine a light on cybersecurity fraud it has no other way of finding.

Nathaniel-headshotAs an attorney with Halunen Law’s FCA Practice Group, Nathaniel Smith is determined to bring fraudulent conduct to light, and to justice. Having recovered millions on behalf of whistleblowers in both employment retaliation cases and qui tam whistleblower lawsuits under the False Claims Act (FCA), he is relentless in his pursuit. Learn more about Nathaniel F. Smith.



Featured Image: Shutterstock/ By Skorzewiak