After passage by the Senate in December, the U.S. House of Representatives passed the Better Cybercrime Metrics Act in a 377-48 vote last week. As the latest version of the bill states, “The United States lacks comprehensive cybercrime data and monitoring, leaving the country less prepared to combat cybercrime that threatens national and economic security.” The bill seeks to empower agencies to develop taxonomies to categorize cybercrime, include appropriately-categorized cybercrime in federal departments’ and agencies’ crime reporting, and then analyze cybercrime reporting disparities vis-à-vis other types of crime.
As previously reported on this blog, one of the key ways companies and individuals doing business with the government may commit fraud includes “knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
This bill would increase agencies and contractors’ obligations to report cybersecurity breaches in a timely manner. Would-be whistleblowers, take note. Whistleblowers can hold accountable government contractors that fail to report cybersecurity breaches timely to the Cybersecurity and Infrastructure Security Agency (CISA) under the whistleblower provisions of the False Claims Act, through what is called a qui tam lawsuit. Whistleblowers can receive 15-25% of the government’s recovery of false claims in a successful qui tam lawsuit.