The Department of Justice expects whistleblowers to play a “significant role” in cases brought against federal contractors that fail to disclose cyber breaches, according to a senior official.
Assistant Attorney General for the Department of Justice’s civil division Brian Boynton on Wednesday said the department would work closely with insiders at federal contractors –including technology companies – whose concerns lead them to file qui tam lawsuits.
“As they have in many other aspects of False Claims Act enforcement, we expect whistleblowers to play a significant role in bringing to light knowing failures and misconduct in the cyber arena,” he said. “False Claims Act enforcement and whistleblower reporting will help spur compliance by contractors and grantees.”
Qui tam lawsuits can be brought against entities on behalf of the government by whistleblowers with evidence that fraud has been committed against federal programs. If the claim is successful, the whistleblower is entitled to keep a proportion of the final award.
The comments come after the Department of Justice (DOJ) earlier this month revealed the launch of its civil cyber fraud initiative, through which the department intends to use the existing False Claims Act to hold to account companies that fail to disclose cyber breaches.
Under the False Claims Act, entities can be hit with triple damages and be forced to pay additional penalties on a per-claim basis.
Speaking at a Cybersecurity and Infrastructure Security Agency webinar on Wednesday, Boynton said the enforcement push would focus on companies that knowingly fail to comply with cybersecurity standards, and companies that misrepresent the standards of their cybersecurity defenses to federal agencies.
The DOJ’s third area of focus under the new initiative will be federal contractors that fail to disclose breaches in a timely manner.
Speaking at the digital event, the senior official outlined some of the DOJ’s reasoning for the enforcement program, including its intention to level the playing field for contractors, and to ensure that those which invest in best-in-class cybersecurity measures are not disadvantaged.
Boynton added that the DOJ intends to use the enforcement initiative to claw back taxpayer money lost through federal programs as a result of private sector security failures. The department is partnering with Inspectors General across government on its enforcement push.