Aggressive enforcement of DOJ cyber standards for government contractors

0

It is imperative that companies with contracts with the government, or those receiving federal grants, ensure that they have adequate cybersecurity protocols in place. The announcement by the Department of Justice (DOJ) of the Cyber ​​Fraud Initiative strongly signals its intention to be aggressive in holding government contractors accountable with lax cybersecurity standards and controls. In addition, the initiative’s announcement will undoubtedly lead to more lawsuits that tam brought by private actors seeking to share any monetary clawback for reporting poor cybersecurity practices or data breaches. Failure to implement robust cybersecurity measures that comply with federal requirements could result in financial penalties and significant litigation costs for businesses. In addition, knowingly providing false information to the government could result in criminal prosecution and fines.

Recently, the Department of Justice (DOJ) announced the creation of two new enforcement programs to combat cyber fraud. On October 6, 2021, the DOJ unveiled a new civilian cyber fraud initiative (the Cyber ​​Fraud Initiative) aimed at using civil enforcement actions under the False Claims Act (FCA) to “combat new and emerging cyber threats. the security of sensitive information. and critical systems.[1]

The FCA, first enacted during the Civil War to combat fraud by contractors supplying the military, awards damages and imposes penalties on parties who make false statements to the government in connection with the ” obtaining federal funds and assets through government programs. The Cyber ​​Fraud Initiative will now hold accountable companies that are government contractors and / or recipients of federal grants and fail to report data breaches or meet required security standards.[2]

Deputy Attorney General Lisa Monaco warned of “very heavy fines” for these companies and underscored the Justice Department’s commitment to protecting whistleblowers who report such violations and failures.[3]. She noted: “For too long, companies have chosen silence in the mistaken belief that it is less risky to hide a violation than to report it and report it.”[4]

The FCA also has a whistleblower provision encouraging individuals to report suspected misconduct and to prosecute on behalf of the government (called “qui tam»Prosecutions) against those who defraud it. The FCA has been described as “one of the most important tools [the government has] to combat healthcare fraud, grant fraud, financial fraud, procurement fraud and many other types of taxpayer fraud. “[5] Private citizens who successfully file qui tam lawsuits are eligible to receive a portion of the government clawback.

According to the DOJ, “the Cyber ​​Fraud Initiative seeks to” hold accountable entities or individuals who endanger United States information or systems by knowingly providing deficient cybersecurity products or services, by knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating the obligations to monitor and report cybersecurity incidents and breaches.[6] In an effort to encourage businesses to proactively report violations, Monaco’s Deputy Attorney General expressed DOJ’s commitment to building partnerships and helping reporting businesses themselves.[7] “Victims can help avoid liability by working with law enforcement, and the companies that support us and work with us will see that we support them following an incident,” she said.[8] She added, “If businesses don’t come forward in this threat environment. . . I think legitimate questions will and should be asked of businesses: “Why haven’t you come forward to help prevent the next victim? “[9]

On the same day, the DOJ announced the creation of a National Cryptocurrency Enforcement Team (The Crypto Team), designed to “tackle complex investigations and prosecutions of criminal cryptocurrency abuses. ”, Including acts of money laundering.[10] The Crypto team will also “help locate and recover assets lost due to fraud and extortion, including cryptocurrency payments to ransomware groups.”[11] The Cyber ​​Fraud Initiative and the Crypto Team stem from the DOJ’s review of its existing cyber capabilities with the aim of “improving[ing] and extend[ing] the efforts of the Department of Justice against cyber threats.[12]

The creation of the Cyber ​​Fraud Initiative is in line with the government’s recent approach of aggressively using the FCA as a means of protecting the country from cyber threats. Traditionally, “the [FCA] is used by the government to fight civil lawsuits regarding false allegations of federal funds and property related to government programs.[13] In recent years, under the Obama and Trump administrations, the government has successfully used the FCA to prosecute various industries and professional corporations, including military contractors, medical professionals, healthcare providers, and others for billing fraud and for submitting false statements.

Notably, in a speech at the Federal Bar Association’s Qui Tam conference in February 2021, Acting Assistant Attorney General Brian M. Boyton underscored the Biden administration’s intention to expand the use of the FCA. other areas, including COVID-19 fraud, fraud targeting the elderly, electronic health record fraud, telehealth and opioids.[14] In the speech, Boynton also presented an overview of the government’s use of the FCA to combat cybersecurity, noting, “It’s not hard to imagine a situation where [FCA] liability may arise “from a government contractor who” fails to comply with required safety standards. “[15]

FOOTNOTES

[1] United States Department of Justice, “Deputy Attorney General Lisa O. Monaco Announces New Civilian Initiative Against Cyber ​​Fraud,” October 6, 2021

[2] Identifier.

[3] Jason Miller, “DoJ’s New Civilian Cyber ​​Fraud Initiative to Hold Entrepreneurs Accountable for Cyber ​​Security,” Federal News Network, October 6, 2021

[4] Identifier.

[5] United States Department of Justice, “Acting Assistant Attorney General Brian M. Boynton Speaks at Federal Bar Association Qui Tam Conference,” February 17, 2021

[6] United States Department of Justice, “Deputy Attorney General Lisa O. Monaco Announces New Civilian Initiative Against Cyber ​​Fraud,” October 6, 2021

[7] US Department of Justice, “DAG Monaco Speaks at Criminal Division Cyber ​​Security Roundtable on Changing Cyber ​​Threat Landscape”, October 20, 20201

[8] Identifier.

[9] Identifier.

[10] United States Department of Justice, “Deputy Attorney General Lisa O. Monaco Announces National Cryptocurrency Implementation Team,” October 6, 2021

[11] Identifier.

[12] United States Department of Justice, “Deputy Attorney General Lisa O. Monaco Announces New Civilian Initiative Against Cyber ​​Fraud,” October 6, 2021

[13] Ax Sharma, “US Government To Slap Contractors With Civil Lawsuits For Hiding Violations,” Ars Technica, October 7, 2021

[14] United States Department of Justice, “Acting Assistant Attorney General Brian M. Boynton Speaks at Federal Bar Association Qui Tam Conference,” February 17, 2021

[15] Identifier.

© 2021 Dinsmore & Shohl LLP. All rights reserved.Revue nationale de droit, volume XI, number 295


Source link

Leave A Reply

Your email address will not be published.