The FBI’s cyber division has recently alerted lawmakers that Russian hackers are a “current” threat, with reports of Russian hackers “scanning” critical infrastructure systems. On Monday, March 21, President Biden cited “evolving intelligence” and warned of cyberattacks as “part of Russia’s playbook.” He exhorted companies to “harden” their cybersecurity defenses, as the “Federal Government can’t defend against this threat alone.”
The Cybersecurity & Infrastructure Security Agency (CISA) identified 16 critical infrastructure sectors: chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, materials, and waste; transportation systems, and waste and wastewater systems. Government contractors providing cybersecurity support to these sectors should take heed that they are certain their cybersecurity protocols are adequate before billing the government for their time and resources.
The False Claims Act is the government’s weapon against cybersecurity fraud. Cyber-fraud generally entails failure to follow cybersecurity standards as part of a government contract or grant and/or failure to report a cybersecurity breach timely. Contractors who attempt to seek reimbursement from the government when they are not following cybersecurity standards are submitting false claims, in violation of the False Claims Act. President Biden’s May 2021 Executive Order on Improving the Nation’s Cybersecurity required government agencies and contractors to bolster their cybersecurity strategies, share information regarding cyber threats, and report data breaches. The Department of Justice announced in October 2021 their new Civil Cyber-Fraud Initiative to keep contractors in-line with the cybersecurity standards in the May 2021 Executive Order. The fraudulent activity DOJ is rooting out includes contractors that:
Knowingly provide deficient cybersecurity products or services
Knowingly misrepresent their cybersecurity practices or protocols
Knowingly violate obligations to monitor and report cybersecurity incidents and breaches
Uncle Sam needs whistleblowers to keep contractors honest and to protect the continued functioning of critical infrastructure sectors from malicious actors. Whistleblowers who report the fraudulent submission of false claims to the government can receive 15-25% of the false claims the government recovers.