Cybersecurity Fraud
Do you suspect fraud? Your attorney is the bridge between you and the government.
When many think of cybersecurity fraud, they think of hackers stealing information and money from unsuspecting people and businesses. And while the FBI and the White House have weighed in on possible cybersecurity threats to the nation, cybersecurity qui tam whistleblowers are looking at it differently.
Let’s put cybersecurity in the context of the government and its many, many contractors. The fraud is more often domestic and much less dramatic, though it can cause crippling damage if not addressed. In many cases, the government needs a whistleblower to step forward to have any chance of identifying and eliminating these sometimes-subtle frauds.
What is cybersecurity fraud against the government?
In simplest terms, cybersecurity fraud is the same as other fraud against the government: taxpayer dollars have paid for a product or service promised but not delivered. Or, a contractor has agreed to contractual provisions regarding cybersecurity and has failed to meet those terms – while cashing the government’s checks.
The Department of Justice expanded its effort to combat cybersecurity fraud against the government with its new Civil Cyber-Fraud Initiative in 2021. It specifically declared its intent to use the False Claims Act to chase down cybersecurity fraud against the government, whether or not by contractors or grant recipients.
Under this initiative, the government is proactively looking to fix cybersecurity issues before they’re exploited by using the False Claims Act – and specifically qui tam whistleblowers – to identify and stop fraud.
According to Deputy Attorney General Lisa O. Monaco, the initiative seeks to “hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
What risk does cybersecurity fraud pose to the government?
The government relies heavily on private contractors for many tasks of great importance – everything from constructing buildings and developing weapons to researching and managing data.
What does the Civil Cyber-Fraud Initiative mean?
Speaking to the CISA’s fourth annual National Cybersecurity Summit, acting Assistant Attorney General Brian M. Boynton gave an excellent overview of what the agency intends to do. Here are the three key takeaways from his comments:
- Government cybersecurity standards may require contractors to protect government data, restrict non-citizen access to government data, or avoid using components from certain foreign countries in their security. Knowing failure to meet these standards essentially extracts payment from the government for something it contracted for but did not receive.
- Contractors may be liable under the False Claims Act if they knowingly misrepresent security controls and practices. That may cause the government to choose a contractor it otherwise wouldn’t. The government might also structure a contract differently if it knew the truth. These misrepresentations can also violate the False Claims Act.
- Another way companies run afoul of the False Claims Act is the knowing failure to report suspected breaches in a timely manner. Government contracts often require the timely reporting of cyber incidents that could threaten the security of government information and systems.
Where does cybersecurity fraud against the government happen?
Theoretically, any contract with the government could include cybersecurity clauses or requirements for the contractor to meet or follow. However, the Cybersecurity Infrastructure & Security Agency identifies 16 critical infrastructure sectors whose assets, systems, and networks are vital to the security and safety of America.
Here are the 16 critical sectors and the departments in charge of securing them:
| Critical Sector | Securing Agency |
|---|---|
| Chemical Sector | Department of Homeland Security |
| Commercial Facilities Sector | Department of Homeland Security |
| Communications Sector | Department of Homeland Security |
| Critical Manufacturing Sector | Department of Homeland Security |
| Dams Sector | Department of Homeland Security |
| Defense Industrial Base Sector | Department of Defense |
| Emergency Services Sector | Department of Homeland Security |
| Energy Sector | Department of Energy |
| Financial Services Sector | Department of the Treasury |
| Food and Agriculture Sector | Departments of Agriculture, Health & Human Services |
| Government Facilities Sector Administration | Department of Homeland Security and General Services |
| Healthcare and Public Health Sector | Department of Health and Human Services |
| Information Technology Sector | Department of Homeland Security |
| Nuclear Reactors, Materials, and Waste Sector | Department of Homeland Security |
| Transportation Systems Sector | Departments of Homeland Security and Transportation |
| Water and Wastewater Systems Sector | Environmental Protection Agency |
These sectors and agencies illustrate how vast the potential for fraud is and how important it is to call out. Imagine systems in these sectors being hacked, hijacked, damaged, taken offline, or destroyed due to an unreported, willful, or ignorant lapse of security by a contractor. The consequences could be devastating.
What’s an example of cybersecurity fraud against the government?
A Department of Defense (DoD) and NASA contractor, Aerojet, was involved in a case related to the Civil Cyber-Fraud Initiative. Aerojet develops and manufactures products for the aerospace and defense industry.
A whistleblower alleged that the company did not have adequate staff or equipment to secure data properly and failed to comply with the Federal Acquisition Regulations. The whistleblower also alleged that when security breaches occurred, the company provided misleading information about the breaches.
In April 2022, the company agreed to pay $9 million to settle the case.3
Aerojet’s auditors were able to compromise Aerojet’s windows network, retrieve all Aerojet user accounts and passwords, access attorney-client privileged legal documents, and remotely view and listen to Aerojet’s security camera footage, all in four hours. Further, the 2014 and 2015 audit results found Aerojet to be only 25% and 23.9% compliant, respectively, with these controls. – “The DOJ Goes Phishing: The Rise of False Claims Act Cybersecurity Litigation,” Law.com, March 14, 2022
Fight cybersecurity fraud against the government
If you see something, say something – and we’d recommend you say it to an attorney. As crucial as qui tam whistleblowers are, and as much as the government’s Civil Cyber-Fraud Initiative relies on them, you want to minimize your risk. That’s why you should call an attorney first.
We have decades of combined experience and dozens of successful whistleblower cases1,4 that enable us to offer perspective and ultimately guide our clients through the process of filing a qui tam case. Our You-First Policy offers peace of mind and the assurance that you’ve got someone fighting on your behalf.
Do not hesitate to contact us online or call us at 1-888-292-8852 – it is free, confidential, and without obligation. A Carolina Whistleblower Attorney can review your information and give you options. And if you choose to move forward, we will not collect a fee unless we collect on your behalf. Guaranteed.2
Contact the Carolina
Whistleblower Attorneys
If you’re wondering if it’s a good idea to speak with a whistleblower lawyer about what you know, let us set the record straight.
- Corporate ethics hotlines can be risky and may lead to termination. If you’ve already done this, call us immediately.
- Your coworkers could be aware of the fraud – or complicit in it – and you should not talk to them about it.
- The first claim to be filed under the False Claims Act can proceed – if you’re not first, you’re at a serious disadvantage and may get nothing (another reason not to speak to your coworkers about it).
- A confidential discussion costs you a few minutes, but could save you time, stress, and money.
"*" indicates required fields