Inside DOJ’s New Cyber-Fraud Initiative

Bradley Arant Boult Cummings LLP

Bradley Arant Boult Cummings LLP

The Department of Justice (DOJ) recently announced the launch of the Civil Cyber-Fraud Initiative, which will utilize the False Claims Act (FCA) to pursue cybersecurity-related fraud by government contractors and grant recipients. Key features of and takeaways from this new initiative are discussed below.

Key Features 

  • The initiative aims to hold accountable entities or individuals that put U.S. information or systems at risk by (1) knowingly providing deficient cybersecurity products or services, (2) knowingly misrepresenting their cybersecurity practices or protocols, or (3) knowingly violating obligations to monitor and report cybersecurity incidents and breaches.
  • The initiative will utilize the FCA — which “is the government’s primary civil tool to redress false claims for federal funds and property involving government programs and operations” — to pursue cybersecurity-related fraud by government contractors and grant recipients. The FCA includes a unique whistleblower provision that “allows private parties to assist the government in identifying and pursing fraudulent conduct and to share in any recovery and protects whistleblowers . . . from retaliation.”
  • The creation of the initiative “is a direct result of the department’s ongoing comprehensive cyber review, ordered by Deputy Attorney General Monaco this past May.” The review is “aimed at developing actionable recommendations to enhance and expand” DOJ’s efforts against cyber threats.
  • The initiative will be led by the DOJ Civil Division’s Commercial Litigation Branch, Fraud Section, but DOJ will work closely on the initiative with other federal agencies, subject matter experts and its law enforcement partners throughout the government.

Key Takeaways

In 2019, a federal district court signaled for the first time that cybersecurity compliance by government contractors could be the subject of an FCA lawsuit (see United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc.). In December of 2020 and February of 2021, DOJ officials remarked publicly that cybersecurity-related fraud is an area where we could see enhanced FCA activity in the near future. In hindsight, these events and remarks foretold DOJ’s formation of the Civil Cyber-Fraud Initiative, which is perhaps the most significant development to date pertaining to DOJ’s increased focus on cybersecurity-related fraud.

This new initiative strongly suggests that DOJ will initiate, and intervene in, more FCA lawsuits involving allegations that government contractors and grant recipients failed to fulfill contractual and other legal requirements relating to cybersecurity. Accordingly, government contractors and grant recipients would be wise to review and strengthen their practices with respect to cybersecurity compliance, education, and reporting.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bradley Arant Boult Cummings LLP | Attorney Advertising

Written by:

Bradley Arant Boult Cummings LLP

Bradley Arant Boult Cummings LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.