On October 7, 2021, the Department of Justice (DOJ) announced its new Civil Cyber-Fraud Initiative, focused on civil enforcement against government contractors that fail to follow cybersecurity contract requirements. The Initiative, led by the Civil Division’s Commercial Litigation Branch and Fraud Section, will utilize the False Claims Act to combat cyber threats to sensitive information and critical systems by enforcing the government’s contractual cybersecurity standards. The Initiative will hold accountable contractors that knowingly: 1) provide deficient cybersecurity products or services; 2) misrepresent cybersecurity compliance; or 3) fail to monitor and report cybersecurity incidents in accordance with contract requirements.
In addition to contractor accountability, the benefits of the new Initiative are intended to include:
- Building broad resiliency against cybersecurity intrusions across the public and private sectors;
- Ensuring contractors that meet cybersecurity requirements are not at a competitive disadvantage;
- Reimbursing government and taxpayer losses incurred when contractors fail to satisfy their cybersecurity obligations; and
- Supporting efforts to timely issue patches for vulnerabilities in information technology products and services.
The Initiative formalizes what has for several years now been a stated priority area by DOJ for False Claims Act enforcement, as we have previously reported. In accord with the new Initiative, we expect to see an uptick in False Claims Act investigations, settlements, and litigation concerning cybersecurity issues, increased coordination among government agencies, and increased interest by those in the relator’s bar for qui tam actions.