Sharon R. Klein, Jennifer A. Short, and Robyn N. Burrows
On October 6, 2021, the U.S. Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to pursue cybersecurity fraud matters using the enforcement mechanisms of the False Claims Act (“FCA”).
This initiative follows DOJ’s four-month effort to review its cybersecurity strategy and reflects the government’s increased focus on contractor data security. Led by the Civil Division’s Commercial Litigation Branch, Fraud Section—i.e., the DOJ Section responsible for investigating and litigating FCA matters—the initiative targets government contractors and grant recipients that “put U.S. information or systems at risk” by “knowingly”:
- providing deficient cybersecurity products or services;
- misrepresenting the company’s cybersecurity practices or protocols; or
- violating their obligations to monitor and report cybersecurity incidents and breaches.
We discuss the cybersecurity landscape preceding the new initiative, possible impacts and focus areas of the initiative, and how contractors should prepare for potential enforcement.
To read the full client alert, please visit our website.