What Businesses Need to Know About the DOJ’s New Civil Cyber-Fraud Initiative
Author: Thomas H. Herndon, Jr.|November 1, 2021
The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients...
What Businesses Need to Know About the DOJ’s New Civil Cyber-Fraud Initiative
The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients...
The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients. The Civil Cyber-Fraud Initiative will rely on the DOJ’s existing enforcement authority under the False Claims Act (FCA).
“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it. Well that changes today,” Deputy Attorney General Lisa Monaco said in remarks at Aspen Institute’s Cyber Summit. “We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”
False Claims Act
In broad terms, the FCA imposes liability on any person who knowingly submits a false claim to the government or knowingly makes a false record or statement to get a false claim paid by the government. The FCA also imposes liability when false claims or statements are used to avoid having to pay money to the federal government. The law also contains qui tam provisions, which allow private persons to file suit for violations of the FCA on behalf of the government and to share in any recovery.
Although the FCA has been around since 1863, the government has stepped up enforcement and penalties in recent years. The DOJ’s latest initiative springs from a comprehensive review designed to develop actionable recommendations to enhance and expand the Justice Department’s efforts against cyber threats. According to the agency, it plans to rely on the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients. “We will extract very hefty fines,” Monaco said. “We will protect whistleblowers who bring those violations and those failures forward.”
New Cybersecurity Enforcement
The new initiative will be led by the Civil Division’s Commercial Litigation Branch, Fraud Section, whose goal will be to hold entities accountable when they put federal agency information or systems at risk “by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
According to the DOJ, the benefits of the initiative will include:
- Building broad resiliency against cybersecurity intrusions across the government, the public sector and key industry partners.
- Holding contractors and grantees to their commitments to protect government information and infrastructure.
- Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly-used information technology products and services.
- Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not at a competitive disadvantage.
- Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligations.
- Improving overall cybersecurity practices that will benefit the government, private users and the American public.
Key Takeaway
The DOJ is the latest federal agency to use its existing authority to crack down on companies that fail to adopt adequate cybersecurity standards. To avoid costly liability, we encourage businesses that contract with the federal government to thoroughly review their cybersecurity protocols and breach notification procedures.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Thomas Herndon, Jr., or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
- Categories:
- Cyber Security,
- Firm Insights
- Share:
AboutThomas H. Herndon, Jr.
Thomas H. Herndon, Jr. is a partner in Scarinci Hollenbeck’s litigation practice group with over nineteen years of experience handling a wide variety of general litigation matters and general corporate matters. Mr. Herndon, Jr. has routinely handled matters relating to corporate disputes, cyber litigation, transportation litigation, construction litigation, as well as corporate liability on behalf of his clients. He is also experienced in advising clients in matters relating to commercial real estate, labor & employment, corporate & regulatory compliance as well as corporate transactions & business.Full Biography
Get In Touch
Share this article
Get the latest from our attorneys!
Please fill out our short form to get the latest articles from the Scarinci Hollenbeckattorneys weekly on the cutting-edge legal topics.
What Businesses Need to Know About the DOJ’s New Civil Cyber-Fraud Initiative

The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients. The Civil Cyber-Fraud Initiative will rely on the DOJ’s existing enforcement authority under the False Claims Act (FCA).
“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it. Well that changes today,” Deputy Attorney General Lisa Monaco said in remarks at Aspen Institute’s Cyber Summit. “We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”
False Claims Act
In broad terms, the FCA imposes liability on any person who knowingly submits a false claim to the government or knowingly makes a false record or statement to get a false claim paid by the government. The FCA also imposes liability when false claims or statements are used to avoid having to pay money to the federal government. The law also contains qui tam provisions, which allow private persons to file suit for violations of the FCA on behalf of the government and to share in any recovery.
Although the FCA has been around since 1863, the government has stepped up enforcement and penalties in recent years. The DOJ’s latest initiative springs from a comprehensive review designed to develop actionable recommendations to enhance and expand the Justice Department’s efforts against cyber threats. According to the agency, it plans to rely on the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients. “We will extract very hefty fines,” Monaco said. “We will protect whistleblowers who bring those violations and those failures forward.”
New Cybersecurity Enforcement
The new initiative will be led by the Civil Division’s Commercial Litigation Branch, Fraud Section, whose goal will be to hold entities accountable when they put federal agency information or systems at risk “by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
According to the DOJ, the benefits of the initiative will include:
- Building broad resiliency against cybersecurity intrusions across the government, the public sector and key industry partners.
- Holding contractors and grantees to their commitments to protect government information and infrastructure.
- Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly-used information technology products and services.
- Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not at a competitive disadvantage.
- Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligations.
- Improving overall cybersecurity practices that will benefit the government, private users and the American public.
Key Takeaway
The DOJ is the latest federal agency to use its existing authority to crack down on companies that fail to adopt adequate cybersecurity standards. To avoid costly liability, we encourage businesses that contract with the federal government to thoroughly review their cybersecurity protocols and breach notification procedures.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Thomas Herndon, Jr., or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.