While the DOJ Civil Cyber-Fraud Initiative is still in its early stages and cybersecurity regulations are evolving, whistleblower plaintiffs have already begun leveraging the FCA to pursue alleged noncompliance with government cybersecurity requirements.
This past October, Deputy Attorney General Lisa Monaco announced the launch of the Department of Justice's (DOJ) Civil Cyber-Fraud Initiative targeting entities and individuals that fail to follow government cybersecurity standards. Under the initiative, to be led by the Fraud Section of the Civil Division's Commercial Litigation Branch, the DOJ announced that it would utilize its powerful enforcement tool — the False Claims Act (FCA) — to pursue cybersecurity-related fraud by government contractors and grant recipients. Shortly after the announcement, in remarks at the Cybersecurity and Infrastructure Security Agency (CISA) 4th Annual National Cybersecurity Summit on Oct. 13, 2021, DOJ Civil Division acting Assistant Attorney General Brian Boynton described three "prime candidates" for potential FCA enforcement under the initiative: 1) providing products or services that fail to comply with cybersecurity standards; 2) misrepresenting security controls and practices; and 3) failing to timely report suspected cybersecurity breaches.
To read the full article, please click here.
Originally published by Law Journal Newsletters.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.