The Department of Justice Details New Civil Cyber-Fraud Initiative and the False Claims Act
Key Details: The Department of Justice (DOJ) announced on October 6, 2021, a new Civil Cyber-Fraud Initiative. This initiative is aimed at combatting emerging cyber threats that target the sensitive information worked with by the federal contracting community.
Who is Involved in DOJ’s Civil Cyber-Fraud Initiative?
This initiative combines the Department of Justice’s civil fraud enforcement expertise with government procurement and pursues contractors who fail to follow cybersecurity standards, misreport their compliance status, or misrepresent their response to cybersecurity related incidents. The Civil Cyber-Fraud Initiative will be led by the Fraud Section of the Civil Division’s Commercial Litigation Branch.
What Inspired the Initiative?
This Initiative is a result of an extensive and ongoing cybersecurity review that was ordered in May 2021 by the Deputy Attorney General. Overall, the review has created proactive recommendations that will help defend against cyber security threats.
What is Considered Fraud Under the Initiative?
This new Initiative will utilize the False Claims Act (FCA) for pursuing any cybersecurity fraud committed by government contractors. The False Claims Act was enacted in 1863 and imposes liability on individuals or businesses who knowingly defraud a government program. Thus, the False Claims Act will be utilized by this Initiative to hold accountable individuals (or entities) who knowingly:
- Put U.S. information at risk.
- Provide deficient cybersecurity products.
- Misrepresent their cybersecurity standards.
- Violate their reporting and monitoring requirements in terms of security incidents.
DOJ’s Civil Cyber-Fraud Initiative Compliance Steps
Cybersecurity enforcement and compliance is a growing focus for all areas of the government and will remain a priority for the foreseeable future. For government contractors, this Initiative will put their cybersecurity protocols, products, controls, and reporting under a microscope. Government contractors are encouraged to consider the following key planning steps in light of the Civil Cyber-Fraud Initiative:
Ensure your cybersecurity products can prevent attacks.
Understand your obligations for different contracts in terms of maintaining sufficient data security.
Review your cybersecurity protocols and practices.
Review cybersecurity certifications to ensure compliance with regulations.
Build onto current procedures in terms of identifying and mitigating any cybersecurity risks.
Educate your employees and staff on these new requirements:
- FAR 52.204-21: requires basic safeguarding of covered contractor information systems
- DFARS 252.204-7012: requires compliance with NIST standards.
- DFARS 252.204-7019: requires contractors certify and meet Department of Defense (DoD) NIST assessment requirements
- DFARS 252.204-7021: requires current CMMC certification.
For more information, please see the official DOJ press release.
With this new Initiative in mind, it is now more important than ever to speak with a trusted advisor. Contact Ryan & Wetmore today to learn more.
Today’s Thought Leaders
Contact us today by calling 301-585-0506.
About Peter Ryan
Partner, Co-founder, & CPA
Peter T. Ryan co-founded Ryan & Wetmore in 1988 with business partner Michael J. Wetmore. Peter provides clients with the best strategies for success. His expertise extends across various industries, including government contracting. Peter obtained a Master of Business Administration in Finance from the University of Baltimore and a Bachelor of Arts in Accounting from the Catholic University of America.
Read Pete’s full bio.
About Rosie Cheng
Rosie Cheng is a Finance Consultant at Ryan & Wetmore. She focuses on government contracting services and produces many of the firm’s government contracting newsletters. Rosie graduated from Georgetown University with a Master of Science in Management and from William and Mary with a Bachelor of Business Administration.