DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance

On Wednesday, October 6, 2021, the Division of Justice (“DOJ”) announced a brand new Civil Cyber-Fraud Initiative to implement cybersecurity requirements and reporting necessities. The Initiative will use DOJ’s civil enforcement mechanisms, particularly the False Claims Act, to pursue authorities contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ won’t restrict enforcement to entities; people additionally may be held accountable for cybersecurity-related fraud. Underneath the False Claims Act, penalties for such violations could possibly be substantial, together with treble damages.

The brand new Initiative is being launched following DOJ’s broad evaluate of cybersecurity threats and an in depth Could 2021 Govt Order geared toward bettering the Nation’s cybersecurity (mentioned beforehand here). Underneath the Govt Order, the federal government plans to launch a number of new Federal Acquisition Regulation (“FAR”) clauses relevant to contractors that can standardize cybersecurity guidelines throughout businesses, impose further reporting necessities, and set requirements for safe software program growth. As soon as launched, contractors will want time to digest and implement these new guidelines.

The DOJ Initiative seemingly will create further stress for firms to commit substantial sources to cybersecurity compliance. Additional, given the present surroundings of quite a few, complicated necessities that aren’t at all times clear, such uncertainty, coupled with DOJ’s announcement, might result in an uptick in whistleblower exercise. Certainly, in remarks issued following announcement of the Initiative, DOJ stated it “expect[s] whistleblowers to play a significant role” in figuring out “knowing” compliance failures and misconduct, and plans to guard and compensate whistleblowers utilizing all obtainable authorized authorities.[1]

To cut back danger related to this new Initiative, contractors ought to search workable insurance policies and powerful groups devoted to information safety and the continual monitoring of system exercise. Processes for figuring out and reporting cyber incidents ought to be developed and understood. Additional, making certain the federal government buyer is supplied with correct and present info ought to cut back the probability a contractor shall be topic to scrutiny below the newly-announced DOJ Initiative.

Co-authored by Lauren Weiss, an affiliate within the Authorities Contracts, Investigations & Worldwide Commerce Follow Group in the agency’s Washington, D.C. workplace and Lillia Damalouji, a regulation clerk within the agency’s Washington, D.C. workplace.

FOOTNOTES

[1] See additionally “Justice Official Dangles Legal responsibility Protections to Encourage Personal Sector Breach Studies, obtainable at https://www.nextgov.com/cybersecurity/2021/10/justice-official-dangles-liability-protections-encourage-private-sector-breach-reports/186253/

Source link