Takeaway: The DOJ’s Cyber Fraud Initiative and qui tam actions under the False Claims Act represent signification enforcement mechanisms for cybersecurity contractor compliance.
On the eve of 2022, the United States began imposing new, punitive cybersecurity measures aimed at making the internet a safer platform for businesses to share and use data. As a direct result, cybersecurity contractors working in the defense industrial base are being targeted by the Department of Justice, resulting in a rapid increase of settlements under the False Claims Act.
Just a few weeks ago, the Department of Defense issued a memorandum reminding contracting officers about their remedies against contractors that fail to implement NIST 800-171 cybersecurity controls. NIST 800-171 is a self-administered cybersecurity requirement for all DoD contractors. The DoD memorandum urges contracting officers to use available remedies, withholding progress payments, foregoing remaining contract options, and potentially terminating the contract in part or in whole.[1]
The following cases serve as cautionary tales to cybersecurity contractors:
If a cybersecurity contractor knowingly fails to comply with material cybersecurity requirements, the contractor could be exposed to liability via qui tam actions under the False Claims Act.[2]
The recent Aerojet Rocketdyne settlement is foretelling.[3] Aerojet’s Senior Director for Cybersecurity filed the Aerojet action in April as a whistleblower under the False...
Government agents were confronted by protesters outside the Philippine Senate when they tried to arrest former president Rodrigo Duterte's chief drug war enforcer, but visuals shared online do not ...