Cybersecurity Compliance Fraud

The U.S. Department of Justice is taking a strong stand against cybersecurity compliance fraud amongst government contractors. Government contractors and subcontractors could be hit with False Claims Act (FCA) violations if they are not complying with the strict cybersecurity requirements in federal contracts. The DOJ will use the False Claims Act “to identify, pursue, and deter cyber vulnerabilities and incidents that arise with government contracts and grants and that put sensitive information and critical government systems at risk.”

False Claims Act (FCA)

The False Claims Act is used to enforce the misuse of taxpayer dollars. Under the FCA, whistleblowers from the public sector can bring a case on the government’s behalf. This means when an individual has inside information about fraud in federal programs, they can file a lawsuit on behalf of the federal government. Whistleblowers are also afforded certain protections by the FCA. As a reward for coming forward with this information, whistleblowers can receive a share of the money recovered.

Cybersecurity FCA Cases

Contractors doing business with the federal government must follow the required cybersecurity requirements set forth by the government in order to procure a contract. Some contractors have knowingly failed to implement or follow the cybersecurity requirements but misrepresent their compliance and continue to seek government contracts for which they are not actually eligible.

Using the False Claims Act the assistance of whistleblowers, the DOJ expects to improve overall cybersecurity practices, hold contractors accountable to their commitments to protect government information and systems, ensure a level playing field for the companies that follow cybersecurity rules, and abuse taxpayer money lost to non-compliance.

The DOJ has announced that that the prosecution of cybersecurity cases under the FCA is a priority. Through its Civil Cyber-Fraud Initiative, DOJ is holding “accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.” The DOJ is also relying on whistleblowers as key partners in the Civil Cyber-Fraud Initiative.

Common Cybersecurity Failures

Cybersecurity related FCA cases are likely at the beginning of a new wave of cases and litigation against government contractors. Employees working for companies that contract with the government should be on the lookout for non-compliance with cybersecurity requirements.

The federal government has found three common types of cybersecurity compliance fraud:

1. Failure to comply with cybersecurity standards – Contractors must comply with policies and measures put in place to protect government data and systems
2. Misrepresentation of security practices and controls – Contractors seeking a government contract make representations about their cybersecurity practices, products and services. When contractors knowingly misrepresent their cybersecurity practices in order to obtain a government contract, this is fraud.
3. Failure to report suspected security breaches – Contractors are required to report cyber incidents that threaten the security of government information and systems.

Whistleblowers with inside information about these types of cybersecurity compliance fraud should contact an experienced whistleblower attorney for guidance.

Our Team

With more than 30 years of experience, the attorneys on Baron & Budd’s whistleblower representation team have represented dozens of clients in government fraud cases returning over $5.4 billion to federal and state agencies, with whistleblower recovery shares as high as 49%. They are ready to help if you have evidence of cybersecurity compliance fraud.

Please call (866) 824-1498 or complete our contact form if you would like more information. For more information, see What You Need to Know About Becoming a Whistleblower.  Please understand that contacting us does not mean that you have established an attorney-client relationship with Baron & Budd, P.C.