In furthering its mission of combatting cybersecurity threats, the Department of Justice (DOJ) announced on October 6 the creation of the Civil Cyber-Fraud Initiative. The initiative will also hold companies accountable for following protocol on protecting their internal information. The initiative will “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems,” Deputy Attorney General Lisa O. Monaco stated in the announcement.

“This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust,” Deputy Attorney General Monaco said.

Specifically, this initiative looks to encourage companies to speak out when security breaches occur, and reinforce the importance of complying with standards already in place. Any cases of wrongdoing will be charged under the False Claims Act (FCA), which the DOJ considers their “primary civil tool to redress false claims for federal funds and property involving government programs and operations.”

This allows individuals to come forward and blow the whistle on fraudulent acts, assist government investigations, and receive monetary awards for their contributions in reporting misconduct. Whistleblowers are protected under the FCA and have recovered over $64 billion since the act was strengthened by Congress in 1986.

“The False Claims Act has proven time and again to be one of the government’s most effective resources against fraud,” Todd Yoder, associate attorney for Kohn, Kohn, & Colapinto, said. “As numerous recent events have shown, adequate cyber security needs to be a top priority for companies to avoid crippling attacks. Potential False Claims Act liability should be a powerful tool to ensure that taxpayer dollars and sensitive government information are not left needlessly exposed to cyber security threats by government contractors.”

This initiative strives to hold both companies and individuals accountable for “knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches,” according to the DOJ.

Details of the initiative include the following:

• Building broad resiliency against cybersecurity intrusions across the government, the public sector and key industry partners.
• Holding contractors and grantees to their commitments to protect government information and infrastructure.
• Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly used information technology products and services.
• Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not a competitive disadvantage.
• Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligations.
• Improving overall cybersecurity practices that will benefit the government, private users and the American public.

The initiative will also include collaboration with other federal agencies, subject matter experts, and law enforcement partners throughout the government.