In remarks on October 13, 2021, at the Cybersecurity and Infrastructure Security Agency (“CISA”) National Cybersecurity Summit, Acting Assistant Attorney General Brian Boynton fleshed out the Department of Justice’s (“DOJ”) thinking regarding the nature of the cybersecurity failures that are likely targets for potential False Claims Act (“FCA”)1 enforcement under the Civil Cyber-Fraud Initiative (“Initiative”). He was clear that DOJ expects whistleblowers to “play a significant role” in pursuing actions for “knowing” failures and misconduct by contractors and grantees.
DOJ expects this Initiative to focus on federal agencies as “victims” of knowing misrepresentations by contractors or grantees about their cybersecurity practices or failure to abide by requirements in their agreements, grants or licenses.
The remarks identified what are viewed as “at least three common cybersecurity failures” as candidates for FCA enforcement.