Crowell & Moring – A recent FCA settlement stands at the intersection of two evolving trends: DOJ’s increasing focus on cybersecurity lapses by government contractors as part of its Civil Cyber-Fraud Initiative, and DOJ policies incentivizing corporations to voluntarily self-disclose violations of federal law.
On September 5, 2023, DOJ announced a $4 million settlement with Verizon Business Network Services LLC addressing allegations that Verizon violated the FCA because certain telecommunications services it provided to federal agencies under its GSA contracts did not comply with applicable cybersecurity requirements, namely the OMB’s Trusted Internet Connections (TIC) initiative. DOJ specifically alleged that Verizon’s Managed Trusted Internet Protocol Service (MTIPS)—an information technology service that allows federal agencies to securely connect to public internet and external networks—did not comply with three security controls in the Department of Homeland Security’s TIC Reference Architecture Document, including a control that required the use of FIPS 140-2 validated cryptography. The Verizon settlement represents the latest example of DOJ’s continued focus on cybersecurity cases, a trend that we believe will only continue to escalate going forward.
Source:
- Crowell & Moring: Civil Cyber-Fraud Settlement Highlights Potential for Cooperation Credit