Cybersecurity Director Sues Former Employer Under False Claims Act

The former senior director of cybersecurity for a large aerospace company alleges that his ex-employer committed fraud under the False Claims Act because it failed to meet information security requirements. A California federal court has ruled that suit may go forward. As a government contractor, the aerospace company is required to be compliant with Dept. of Defense regulations in respect to safeguarding DoD information. It hired an outside contractor to assess compliance, and according to the contractor’s findings and recommendations, it was not in full compliance. The former cybersecurity director alleges that the company wanted him to certify that it was compliant. He filed a complaint with the company’s internal ethics office, and was fired. A month later, in 2014, he filed a lawsuit alleging wrongful termination, misrepresentation, and attempting to defraud the U.S. government under the False Claims Act by submitting and conspiring to submit false certifications. The company claimed it did tell the government about deficiencies in its cybersecurity, but in its recent ruling the court said it only disclosed some of its deficiencies and had no authority to waive compliance. The full article in Security Boulevard includes some takeaways for legal departments in respect to contracts.