March 31, 2022. The FBI’s cyber division has recently alerted lawmakers that Russian hackers are a “current” threat, with reports of Russian hackers “scanning” critical infrastructure systems. On Monday, March 21, President Biden cited “evolving intelligence” and warned of cyberattacks as “part of Russia’s playbook.” He exhorted companies to “harden” their cybersecurity defenses, as the “Federal Government can’t defend against this threat alone.”
The Cybersecurity & Infrastructure Security Agency (CISA) identified 16 critical infrastructure sectors: chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, materials, and waste; transportation systems, and waste and wastewater systems. Government contractors providing cybersecurity support to these sectors should take heed that they are certain their cybersecurity protocols are adequate before billing the government for their time and resources.
The False Claims Act is the government’s weapon against cybersecurity fraud. Cyber-fraud generally entails failure to follow cybersecurity standards as part of a government contract or grant and/or failure to report a cybersecurity breach timely. Contractors who attempt to seek reimbursement from the government when they are not following cybersecurity standards are submitting false claims, in violation of the False Claims Act. President Biden’s May 2021 Executive Order on Improving the Nation’s Cybersecurity required government agencies and contractors to bolster their cybersecurity strategies, share information regarding cyber threats, and report data breaches. The Department of Justice announced in October 2021 their new Civil Cyber-Fraud Initiative to keep contractors in-line with the cybersecurity standards in the May 2021 Executive Order. The fraudulent activity DOJ is rooting out includes contractors that:
- Knowingly provide deficient cybersecurity products or services
- Knowingly misrepresent their cybersecurity practices or protocols
- Knowingly violate obligations to monitor and report cybersecurity incidents and breaches
Uncle Sam needs whistleblowers to keep contractors honest and to protect the continued functioning of critical infrastructure sectors from malicious actors. Whistleblowers who report the fraudulent submission of false claims to the government can receive 15-25% of the false claims the government recovers.
If you would like to report cyber-fraud, you can contact attorneys at Tycko & Zavareei LLP. Eva Gunasekera and Renée Brooker are former officials of the United States Department of Justice and prosecuted whistleblower cases under the False Claims Act. Renée served as Assistant Director at the United States Department of Justice, the office that supervises False Claims Act cases in all 94 United States District Courts. Eva was the Senior Counsel for Health Care Fraud. Eva and Renée now represent whistleblowers. For a free consultation, you can contact Renée at [email protected] (tel.: 202-417-3664) or contact Eva Gunasekera at [email protected]. You can also go to Tycko & Zavareei LLP’s website for whistleblowers to learn more at https://www.fraudfighters.net/.