DOJ says it will protect whistleblowers who disclose contractor cybersecurity failures
The Department of Justice will use all available resources to ensure whistleblowers that come forward to report cybersecurity failures at federal contractors are protected, according to Deputy Attorney General Lisa Monaco.
Monaco gave the commitment Wednesday along with further details about the department’s program to pursue federal contractors that commit major cybersecurity failures or misrepresent their cybersecurity capabilities.
“Our new civil cyber-fraud initiative will use the False Claims Act to both enforce civil fines on government contractors and grant recipients as well as protect whistleblowers who bring information forward,” she said. “[T]o those who witness irresponsibility that exposes the government to cyber breaches, our message is this: if you see something, say something. We will use all of the legal authorities in our reach to make sure you are protected and compensated.”
Monaco emphasized that with the new initiative, the department is focused on using the False Claims Act as a tool to ensure taxpayer dollars are being used appropriately and to guard public finances and public trust.
Earlier this month, the DOJ announced the enforcement push, under which it intends to use the False Claims Act to pursue contractors working with federal government agencies — as well as recipients of federal grants — that fail to report incidents in which their systems are compromised.
The FCA was first enacted in 1863 in response to defense contractor fraud during the American Civil War. It was amended in 1986 to increase incentives for whistleblowers to come forward with allegations of fraud.
Under the FCA any person who submits false records to the government can be forced to pay triple the damages caused to the government from fraudulent contract submissions. The offending entity can also be hit with a civil penalty of up to $10,000.
While the renewed focus on improving cybersecurity standards across government has received broad support from the technology industry, some federal contractors have warned that clearer guidance is needed from government agencies over the parameters of contracts.
“I have clients working with the Department of Defense, who during an audit will be told that information stored in a certain data center is controlled defense information – and there is no way to know this in advance,” a defense contracting source told FedScoop.
The source added: “With this new enforcement push, contractors are worried they are either going to be over-reporting or under-reporting.”