White House Unveils National Cybersecurity Strategy Implementation Plan
The White House announced its National Cybersecurity Strategy Implementation Plan that will guide the federal government’s efforts to encourage more actors to take responsibility for cybersecurity and to encourage long-term investments in cybersecurity. The Plan, which envisions a coordinated effort among numerous government agencies as well as collaboration with Congress, other governments, and the private sector, will be updated annually.
The Plan’s 65 initiatives include the Department of Justice’s Civil Cyber Fraud Initiative to use the False Claims Act “to improve vendor cybersecurity.” Under that initiative, DOJ will seek “to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cyber incidents and breaches.” DOJ previously announced this initiative in October 2021. Another one of the Plan’s initiatives seeks to strengthen and standardize cybersecurity requirements across Federal agencies, thereby leveraging federal procurement to improve accountability for cybersecurity.
Whistleblowers are Vital in Advancing National Cybersecurity Efforts
The Plan reflects and emphasizes the critical importance that cybersecurity requirements have to national security and public safety. The use of the False Claims Act to hold accountable individuals and entities that ignore their obligations to comply with such requirements is an important tool for the government to advance the goal of improving the Nation’s cybersecurity.
Whistleblowers will play an important role in the implementation of this effort. The False Claims Act empowers whistleblowers to file a “qui tam” lawsuit to report individuals and entities that are aware of, or are reckless in, their failure to comply with important regulatory or contractual cybersecurity obligations. After the suit is filed, the government investigates the allegations and decides whether to pursue the case. Successful whistleblowers are entitled to an award for their efforts of between 15% and 30% of the government’s recovery, depending on their contribution and whether the government joins the case. The law also protects against employment retaliation for efforts to stop violations of the False Claims Act. To date, several whistleblower actions based on cybersecurity issues have been successful, including one brought by Phillips and Cohen involving the alleged failure to comply with the security standards for products sold to the Government. These cases can also involve the alleged failure to protect sensitive electronic healthcare information.
If you are aware of cybersecurity fraud and would like to talk to experienced whistleblower lawyers about your matter, please contact us for a free, confidential review of your matter.