A recent $9 million settlement in a whistleblower case is a reminder that cybersecurity is a requirement for all contractors and grantees delivering services to the federal government, not just those providing information technology.

A former employee of Aerojet Rocketdyne Inc. filed a qui tam lawsuit against the company, alleging that it misrepresented its compliance with cybersecurity requirements, violating the False Claims Act. Aerojet, based in California, provides propulsion and power systems for launch vehicles, missiles and satellites, and other space vehicles to the Department of Defense, NASA and other federal agencies.

On the second day of trial this summer, Aerojet reached a settlement with the whistleblower, Brian Markus. His share of the $9 million False Claims Act recovery was $2.61 million.

“The qui tam action brought by Mr. Markus is an example of how whistleblowers can contribute to civil enforcement of cybersecurity requirements through the False Claims Act,” said Phillip A. Talbert, U.S. Attorney for the Eastern District of California. 

In October 2021, the Department of Justice started a Civil Cyber-Fraud Initiative in which it uses the False Claims Act to enforce cybersecurity requirements for those who contract with the government or receive federal grant money. Security threats from Russia and elsewhere have put a spotlight on all parties with access to government information and how they are protecting it.

The initiative stemmed from President Biden’s May 2021 Executive Order directing government agencies to improve the nation’s cybersecurity. Biden later issued a statement calling on the private sector to strengthen its cyber defenses immediately, citing “evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”

Sara McLean, assistant director of the DOJ’s Commercial Litigation branch who is overseeing the Civil Cyber-Fraud Initiative, was interviewed earlier this year by Jeb White, president and CEO of the Taxpayers Against Fraud Education Fund, on the Fraud in America podcast. (Keller Grover attorney Kathleen R. Scanlan is an executive producer on the podcast). 

McLean said the Civil Cyber-Fraud Initiative is focused mainly on three areas: 

• A knowing failure of government contractors or grantees to abide by the cybersecurity requirements in their contracts or grants 
• Telling lies or misleading the government into entering some sort of financial relationship
• Failing to timely report breach incidents to the government

She also said the False Claims Act is the government’s primary tool for going after fraud involving public money. Part of the reason why the Act is so powerful, she said, is its whistleblower provision that rewards relators like Markus, the former Aerojet employee, with a percentage of the amount the government successfully recovers.

For those who want to report wrongdoing, engaging a whistleblower attorney who can guide them through the implications of litigation is crucial. Keller Grover is committed to helping whistleblowers navigate the process of reporting fraud to the government. 

With over 30 years of combined experience litigating fraud and employment cases and billions in recoveries for its clients, Keller Grover is uniquely positioned to represent whistleblowers. 

If you want to report cybersecurity fraud in your organization, we are here to help. For advice about how to handle suspected fraud, contact Keller Grover for a free and confidential consultation.