201-896-4100 info@sh-law.com

What Businesses Need to Know About the DOJ’s New Civil Cyber-Fraud Initiative

Author: Scarinci Hollenbeck|November 1, 2021

The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients…

What Businesses Need to Know About the DOJ’s New Civil Cyber-Fraud Initiative

The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients…

The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients. The Civil Cyber-Fraud Initiative will rely on the DOJ’s existing enforcement authority under the False Claims Act (FCA).

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it. Well that changes today,” Deputy Attorney General Lisa Monaco said in remarks at Aspen Institute’s Cyber Summit. “We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

False Claims Act

In broad terms, the FCA imposes liability on any person who knowingly submits a false claim to the government or knowingly makes a false record or statement to get a false claim paid by the government. The FCA also imposes liability when false claims or statements are used to avoid having to pay money to the federal government. The law also contains qui tam provisions, which allow private persons to file suit for violations of the FCA on behalf of the government and to share in any recovery.

Although the FCA has been around since 1863, the government has stepped up enforcement and penalties in recent years. The DOJ’s latest initiative springs from a comprehensive review designed to develop actionable recommendations to enhance and expand the Justice Department’s efforts against cyber threats. According to the agency, it plans to rely on the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients.  “We will extract very hefty fines,” Monaco said. “We will protect whistleblowers who bring those violations and those failures forward.”

New Cybersecurity Enforcement

The new initiative will be led by the Civil Division’s Commercial Litigation Branch, Fraud Section, whose goal will be to hold entities accountable when they put federal agency information or systems at risk “by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

According to the DOJ, the benefits of the initiative will include:

  • Building broad resiliency against cybersecurity intrusions across the government, the public sector and key industry partners.
  • Holding contractors and grantees to their commitments to protect government information and infrastructure.
  • Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly-used information technology products and services.
  • Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not at a competitive disadvantage.
  • Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligations.
  • Improving overall cybersecurity practices that will benefit the government, private users and the American public.

Key Takeaway

The DOJ is the latest federal agency to use its existing authority to crack down on companies that fail to adopt adequate cybersecurity standards. To avoid costly liability, we encourage businesses that contract with the federal government to thoroughly review their cybersecurity protocols and breach notification procedures.

If you have questions, please contact us

If you have any questions or if you would like to discuss the matter further, please contact me, Thomas Herndon, Jr., or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.

What Businesses Need to Know About the DOJ’s New Civil Cyber-Fraud Initiative

Author: Scarinci Hollenbeck

The Department of Justice (DOJ) recently announced a new initiative targeting cybersecurity-related fraud by government contractors and grant recipients. The Civil Cyber-Fraud Initiative will rely on the DOJ’s existing enforcement authority under the False Claims Act (FCA).

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it. Well that changes today,” Deputy Attorney General Lisa Monaco said in remarks at Aspen Institute’s Cyber Summit. “We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

False Claims Act

In broad terms, the FCA imposes liability on any person who knowingly submits a false claim to the government or knowingly makes a false record or statement to get a false claim paid by the government. The FCA also imposes liability when false claims or statements are used to avoid having to pay money to the federal government. The law also contains qui tam provisions, which allow private persons to file suit for violations of the FCA on behalf of the government and to share in any recovery.

Although the FCA has been around since 1863, the government has stepped up enforcement and penalties in recent years. The DOJ’s latest initiative springs from a comprehensive review designed to develop actionable recommendations to enhance and expand the Justice Department’s efforts against cyber threats. According to the agency, it plans to rely on the FCA to pursue cybersecurity-related fraud by government contractors and grant recipients.  “We will extract very hefty fines,” Monaco said. “We will protect whistleblowers who bring those violations and those failures forward.”

New Cybersecurity Enforcement

The new initiative will be led by the Civil Division’s Commercial Litigation Branch, Fraud Section, whose goal will be to hold entities accountable when they put federal agency information or systems at risk “by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

According to the DOJ, the benefits of the initiative will include:

  • Building broad resiliency against cybersecurity intrusions across the government, the public sector and key industry partners.
  • Holding contractors and grantees to their commitments to protect government information and infrastructure.
  • Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly-used information technology products and services.
  • Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not at a competitive disadvantage.
  • Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligations.
  • Improving overall cybersecurity practices that will benefit the government, private users and the American public.

Key Takeaway

The DOJ is the latest federal agency to use its existing authority to crack down on companies that fail to adopt adequate cybersecurity standards. To avoid costly liability, we encourage businesses that contract with the federal government to thoroughly review their cybersecurity protocols and breach notification procedures.

If you have questions, please contact us

If you have any questions or if you would like to discuss the matter further, please contact me, Thomas Herndon, Jr., or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.

Firm News & Press Releases