Deputy Attorney General Lisa Monaco announced two major cyberspace-related enforcement initiatives on October 6. These latest developments from DOJ's recently launched "comprehensive cyber review" came just hours after Monaco published an editorial encouraging Congress to pass legislation creating a national standard for reporting significant cyber incidents. Here's a quick break down of these newest additions to the government's enforcement toolbelt:
Civil Cyber-Fraud Initiative: In the world of civil False Claims Act enforcement, DAG Monaco warned that DOJ's new "Civil Cyber-Fraud Initiative" will pursue FCA actions to "extract very hefty fines" from those "entrusted with government dollars" or "entrusted to work on sensitive government systems" who are deemed to be "fail[ing] to follow required cybersecurity standards." The Initiative's launch broadly outlined some of the expected enforcement targets, including individuals and entities that receive federal funds and knowingly (1) provide deficient cybersecurity products or services; (2) misrepresent their cybersecurity practices or protocols; or (3) violate obligations to monitor and report cybersecurity incidents and breaches. DAG Monaco's comments also encouraged whistleblowers to come forward with information about companies' deficient cybersecurity practices, emphasizing the FCA's recovery-sharing provisions and whistleblower protections.
Based on DAG Monaco's comments, we expect to see DOJ increasingly argue that cybersecurity compliance is a "material" condition for government contracts. Contractors of all kinds, but especially those working frequently with sensitive information or government data, should brace themselves for a rise in allegations—whether from Justice Department attorneys working on this newest initiative or from would-be relators—about deficient cybersecurity measures or inadequate incident reporting.
National Cryptocurrency Enforcement Team (NCET): DAG Monaco also announced a new Criminal Division-based initiative focused on cryptocurrency-related crime, emphasizing that DOJ is strengthening its capacity to "investigate, prosecute, and disrupt" bad actors and ensure consumers "can have confidence when they are using [cryptocurrency] systems." NCET will include attorneys from multiple sections of the department's Criminal Division, including the Money Laundering and Asset Recovery Section and the Computer Crime and Intellectual Property Section, as well as cryptocurrency-focused experts detailed from various federal prosecutors' offices across the country. This initiative is yet another sign of DOJ's increased efforts to infiltrate the complex and rapidly evolving world of cybercrime. Earlier this year, DOJ established the Ransomware and Digital Extortion Task Force and more recently announced a Criminal Division-based Cyber Fellowship Program to train prosecutors on a variety of cybersecurity-related cases, including cryptocurrency, ransomware and state-sponsored cybersecurity threats.
Check back in with us at Qui Notes and Enforcement Edge as we closely track how DOJ utilizes these newest initiatives. Those of us here at Enforcement Edge have been keeping tabs on a variety of developments in the cybersecurity and cryptocurrency world in recent months, and you can bet that Qui Notes will be keeping you updated as DOJ appears poised to take the Civil War-born False Claims Act into the digital era.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.