DOJ Acting Assistant Attorney General Brian Boynton detailed the Department's new Civil Cyber-Fraud Initiative. The Initiative "will use the False Claims Act to identify, pursue and deter cyber vulnerabilities and incidents that arise with government contracts and grants and that put sensitive information and critical government systems at risk."
He explained that "the False Claims Act is the government’s primary tool for addressing the knowing misuse of taxpayer funds. The Act prohibits knowingly submitting or causing the submission of false claims to the government. And it permits the government to recover three times its losses, plus a penalty for each false claim."
At the Cybersecurity and Infrastructure Security Agency Fourth Annual National Cybersecurity Summit, Mr. Boynton identified "prime candidates" under this initiative which include:
the knowing failure to comply with contractually mandated cybersecurity standards (e.g., if a contractor does not take specific contractually required measures to protect government data);
the knowing misrepresentation of security controls and practices (e.g., misrepresenting how a company monitors its systems for breaches, or misrepresenting password requirements); and
the knowing failure to timely report cyber incidents.
Mr. Boynton anticipates that whistleblowers will play a "significant role" in this initiative, as the whistleblower (or "qui tam") provisions under the False Claims Act will be applied to private parties who report failures and misconduct in the cyber arena.