How A Civil War Law To Snare Mule Scammers Enhances Cyber Risk For Govt Contractors

The False Claims Act, passed in 1863 to nab unscrupulous merchants selling sawdust-laden gunpowder and lame mules to the Union army, is now being applied to ferret out cybersecurity flaws in companies with government contracts. The Civil Cyber-Fraud Initiative, announced by DOJ in October, enables an FCA whistleblower to initiate a civil lawsuit, allowing the government to “identify, pursue and deter cyber vulnerabilities and incidents that arise with government contracts and grants and that put sensitive information and critical government systems at risk,” said a DOJ official.

The launch of the new program, along with recent DOJ comments, suggest the government’s posture toward supply chain cybersecurity vulnerabilities has changed, introducing “new risks for federal contractors generally and information technology professionals in particular,” says a post in the publication Washington Technology. DOJ has specifically identified three areas that are ripe for enforcement: failure to comply with cybersecurity standards; knowing misrepresentations of security controls and practices; and failure to timely report suspected breaches.

The Washington Technology article concludes with a list of suggested risk mitigation measures, beginning with regular review and updating of cybersecurity procedures, and including a policy of transparency and prompt reporting of a breach, and the establishment of an in-house hotline to allow employees to report cybersecurity issues without retribution.