DOJ: Federal Contractors Liable for False Claims Act Violations

Whistleblowers — Federal Contractors Must Comply with Cyber Security Requirements: Government Contractors Liable for False Claims Act Violations Under DOJ’s Civil Cyber-Fraud Initiative

NOTICE: If you have inside knowledge about a government contractor that is not following required cybersecurity standards and reporting requirements in their dealings with federal government agencies, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Recently the U.S. Department of Justice (“DOJ”) announced an exciting new initiative to pursue civil False Claims Act (“FCA”) actions against government contractors that knowingly fail to follow cybersecurity standards and reporting requirements that various government agencies require.

According to DOJ Deputy Attorney General (“AG”) Lisa Monaco’s announcement, the DOJ’s new Civil Cyber-Fraud Initiative will combine the DOJ’s expertise in civil fraud enforcement, government procurement, and cyber-security “to combat new and emerging cyber threats to the security of sensitive information and critical systems.” The DOJ will use the FCA—the government’s primary remedy to redress fraud against the government—to hold accountable companies or individuals that put U.S. systems or information at risk by knowingly providing deficient cybersecurity products or services; misrepresenting their cybersecurity practices or protocols, or violating obligations to monitor and report cybersecurity incidents and breaches.

The DOJ needs individuals to step up and provide inside knowledge of these false claims. If you are a potential Relator, or Whistleblower, that has substantive knowledge that your employer or other company is defrauding the government by not following through on the cyber security promises they have made to the federal government, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

The Justice Department’s initiative comes during an intense amount of regulatory and legislative activity related to cybersecurity and government supply chain risks. Government agencies are in the process of implementing President Biden’s broad May 12, 2021, Executive Order on Improving the Nation’s Cybersecurity (EO 14028), which calls for strict new requirements for information technology contractors to share information about potential cyber threats, among other things; including inadequate cloud security, unreasonable cybersecurity assessments and responses, and knowing misinterpretation of FedRAMP and other regulatory systems.

On February 1, 2022, the United States District Court for the Eastern District of California ruled that a FCA case against defense contractor Aerojet Rocketdyne Holdings and Aerojet Rockdyne Inc. could go forward on triable issues of fact as to whether noncompliance with government cybersecurity requirements are material to the government’s decisions to approve contracts. The federal court denied Aerojet’s motion for summary judgment and issued the first major ruling in an FCA case testing the DOJ’s new Civil Cyber-Fraud Initiative.

The U.S. Department of Defense is conducting a review of its Cybersecurity Maturity Model Certification (“CMMC”) program, whereby nearly all defense contractors will have to undergo third-party assessments and certifications of their compliance as a condition of receiving a contract. If the company you work for is experiencing this review, and you suspect that the DoD’s assessment is preventing your company from receiving a contract, please contact us now.

NOTICE: If you have inside knowledge about a government contractor that is not following required cybersecurity standards and reporting requirements in their dealings with federal government agencies, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.