The threat of cyberattacks from Russia in retaliation for the United States’ economic sanctions against the country for its invasion of Ukraine has renewed a sense of urgency to improve the U.S.’s cybersecurity. 

On March 21, President Joe Biden issued a statement calling on the private sector to strengthen its cyber defenses immediately, citing “evolving intelligence that the Russian Government is exploring options for potential cyberattacks.” 

Biden noted that most of the country’s critical infrastructure is owned and operated by the private sector and argued that critical infrastructure owners and operators must accelerate their efforts to “lock their digital doors.” 

President Biden’s remarks also underscored the importance of the U.S. Department of Justice’s new Civil Cyber-Fraud Initiative, in which the DOJ is using the False Claims Act to enforce its cybersecurity requirements for those who contract with the government or receive federal grant money. 

Recently, Jeb White, president and CEO of the Taxpayers Against Fraud Education Fund, interviewed Sara McLean, assistant director of the DOJ’s Commercial Litigation branch on the Fraud in America podcast. (Keller Grover attorney Kathleen R. Scanlan is an executive producer on the podcast). McLean is overseeing the DOJ’s initiative.  

McLean said the initiative originated from President Biden’s May 2021 Executive Order directing government agencies to use their resources to improve the nation’s cybersecurity. 

The executive order itself followed a series of high-profile breaches, including the May 2021 ransomware attack of the Colonial Pipeline which shut down the country’s largest fuel pipeline, creating gas shortages.

McLean said the DOJ’s Civil Fraud Section recognized that it has a powerful tool in the False Claims Act, and the initiative was launched in October 2021. 

When asked why the False Claims Act is the avenue the DOJ is using to address cybersecurity issues, McLean said the law is the government’s primary tool for going after fraud involving public money. 

“The False Claims Act has been tremendously successful in getting money back to the government,” she said, adding that it’s also successful in influencing the behavior of those who do business with the government. She said the law encourages compliance and ensures a level playing field for businesses. 

Part of the reason why the Act is so powerful, she said, is its whistleblower provision. The Act incentivizes whistleblowers, also known as relators, to report a fraud on the government by rewarding them with a percentage of the amount the government successfully recovers as a result of the whistleblower’s False Claims Act case.  

McLean said the Civil Cyber-Fraud Initiative is focused mainly on three areas: 

• A knowing failure of government contractors or grantees to abide by the cybersecurity requirements in their contracts or grants 
• Telling lies or misleading the government into entering some sort of financial relationship
• Failing to timely report breach incidents to the government

Importantly, McLean said that contractors or grantees do not necessarily need to be delivering IT services to be held liable under the False Claims Act — contractors and grantees who provide other services are still required to meet their cybersecurity commitments to the government. 

McLean said in cases that are especially technical, the government benefits from insiders who have a sophisticated understanding of technology. 

That’s not to say that all cases will be highly technical or hard to understand — plenty could involve instances where contractors simply lack basic security measures or good password controls or are posting individuals’ personal information on publicly available websites. 

For those who want to report wrongdoing, engaging a whistleblower attorney who can guide them through the implications of litigation is crucial. Keller Grover is committed to helping whistleblowers navigate the process of reporting fraud to the government. 

With over 30 years of combined experience litigating fraud and employment cases and billions in recoveries for its clients, Keller Grover is uniquely positioned to represent whistleblowers. 

If you want to report cybersecurity fraud in your organization, we are here to help. For advice about how to handle suspected fraud, contact Keller Grover for a free and confidential consultation.