Civil Cyber-Fraud Initiative to Hold Government Contractors Responsible for Cybersecurity

On October 6, 2021, the Department of Justice (DoJ) announced the Civil Cyber-Fraud Initiative (the “Initiative”) to combat cyber threats, specifically to sensitive information and critical systems of the United States Government (USG).

In launching the Initiative, Deputy Attorney General Lisa O. Monaco made clear that a primary focus of the Initiative is to police government contractors and ensure that they are protecting government information and infrastructure and promptly reporting any cybersecurity incidents or data breaches. “For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” said Deputy Attorney General Monaco. “Well that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

Using the False Claims Act (FCA), which includes a whistleblower provision, the Initiative will pursue cybersecurity-related fraud by government contractors and grant recipients. Specifically, the Initiative will pursue companies that fail to follow required cybersecurity standards by “providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

The Initiative will be led by the Civil Division’s Commercial Litigation Branch, Fraud Section, with the collaboration of subject matter experts and law enforcement partners.

The creation of the Civil Cyber-Fraud Initiative is a clear indication that we should expect increased FCA enforcement, particularly with regards to government contractors’ CMMC requirements. We have been following this issue and will continue to monitor any developments. If you have any questions about how your company may be affected, please do not hesitate to contact Ward & Berry.