“Cybercrime is one of the defining issues of our time,” said the Assistant Attorney General last October at the Department of Justice Criminal Division’s Cybersecurity Roundtable on “The Evolving Cyber Threat Landscape.”
As Russian forces invade Ukraine, on terrain both physical and virtual, state-sponsored cyberattacks are a major threat in a world hyper-dependent on Internet-connected technology.
President Biden’s May 2021 Executive Order on Improving the Nation’s Cybersecurity and the DOJ’s Civil Cyber-Fraud Initiative may be put to the test in a big way to protect critical infrastructure in 2022.
The False Claims Act is the government’s main weapon to combat cyber fraud. Information security government contractors are submitting false claims to the government if they:
-
Knowingly fail to comply with cybersecurity standards
-
Misrepresent security controls and practices
-
Fail to timely report suspected breaches
As noted in the DOJ’s 2021 summary of False Claims Act Settlements and Judgments, the DOJ “will pursue misrepresentations by companies in connection with the government’s acquisition of information technology, software, cloud-based storage and related services designed to protect highly-sensitive government information from cybersecurity threats and compromises.”
In an increasingly digitally interconnected and interdependent world, being able to trust in service providers’ information security is crucial to the day-to-day functioning of the economy. Whistleblowers can help keep all manner of IT service providers honest. As part of the False Claims Act, a private citizen–or relator–can report fraud against the government and sue on the government’s behalf. If the lawsuit is successful, the whistleblower can receive 15-25% of the government’s recovery.