In latest edition of The Wright Toolbox:
- Government Contractors Beware – The False Claims Act Will Be Applied In Cyber Breach Matters – read now
Government Contractors Beware – The False Claims Act Will Be Applied In Cyber Breach Matters
The Department of Justice (“DOJ”) has announced a new initiative to focus enforcement efforts under the False Claims Act (“FCA”) on failures to comply with government cyber security requirements. On Oct. 6, 2021, the DOJ advised of the creation of a new Civil Cyber-Fraud Initiative. The Initiative combines various DOJ expertise to fight emerging cyber threats to critical information and systems. Under the new initiative, the DOJ will pursue FCA enforcement actions against government contractors who have failed to comply with the government data security standards and who have put governmental information or systems at risk. The DOJ said in its announcement that this new initiative is necessary because some contractors have chosen silence under the mistaken belief that it is less risky to hide a cyber breach than to report it.
In the Weekly Wright Report, I have detailed the nature and purpose of the FCA in several articles. Under the FCA, the government can impose fines, penalties, sanctions, including treble damages, and even prison for making false claims. A false claim can include certifying that you have complied with all applicable cybersecurity laws and regulations when in fact you have not. One of the unique features of the FCA is the fact that “relators” or “whistleblowers” can assert the violations and recover significant awards under the law. These whistleblowers can and frequently do come from current or former employees who have intimate knowledge of the inner workings of your business, including what cyber laws may not be enforced.
Under the new Initiative, the DOJ will utilize the FCA to punish government contractors who knowingly fail to provide proper cybersecurity related products and/or services; knowingly misrepresent their cybersecurity practices or protocols; and/or knowingly violate obligations to monitor and report cybersecurity incidents and breaches. The goals of the DOJ with this Initiative include: improving overall governmental cyber security; protecting governmental information and systems; improve reporting so that the government can identify and correct problems and vulnerabilities in a more timely manner; force government contractors to make the necessary investments in cybersecurity as required under the various applicable laws; and obtain reimbursement for costs, losses and damages incurred by the government as a result of a cyber breach.
Now is the time to ensure that your company and its suppliers and subcontractors are in compliance with the applicable laws, rules and regulations regarding cybersecurity and protection of government data. After a breach has occurred it is too late because then the government will be asking how and why the breach happened. The DOJ has put government contractors on notice that a failure to comply will be costly. Contact our Government Contracts Practice Group to help you.