The Department of Defense released new cyber reporting rules this week after a rash of cyber hacking attacks on U.S. companies and government agencies. The Defense Department wants to know immediately when the computer systems of one of its contractors is attacked or hacked. Given the seriousness of hacking problems, the new rules may mean new opportunities for whistleblower claims under the federal False Claims Act.
Earlier this year the federal Office of Personnel Management was hacked. That cyber attack may have exposed the records of 21 million past and present federal workers. Also this year the IRS was hacked. That attack exposed financial records of thousands of taxpayers. While big hacking attacks against major federal agencies make headlines, federal defense contractors face daily hacking attacks. We believe that many companies fail to report these attacks, whether or not they are successful.
Much of our defense spending goes to private corporations. We buy missiles, advanced radar systems, combat aircraft and secret NSA spy software from private vendors. If their systems are attacked, America’s national security can be jeopardized. This includes the safety and security of our armed forces.
In an unusual move, the Defense Department promulgated emergency rules that take effect immediately. These rules effect both defense contractors and their subcontractors. Under the new rules, these companies must immediately report cyber hacking incidents that might or did result in adverse effects on their information systems and any defense information stored on those systems.
In announcing the new rules, the Defense Department said,
“Recent high profile breaches of federal information show the need to ensure that information security protections are clearly, effectively and consistently addressed in contracts. Failure to implement this rule may cause harm to the government through the ￼￼compromise of covered defense information or other government data, or the loss of operationally critical support capabilities, which could directly impact national security.”
Other federal agencies, including the Office of Management and Budget, are actively coming up with new reporting rules for hacking attacks against government contractors.
We worry that many vendors will not immediately report any cyber security problems, especially successful attacks. That directly affects our national security and could be a violation of the federal False Claims Act, a Civil War era whistleblower law that provides large cash awards to those who report fraud against the U.S. government.
Under the False Claims Act, a whistleblower can receive up to 30% of whatever the government collects from a wrongdoer. With many defense department contracts measured in the millions or tens of millions of dollars, the potential awards are huge.
Whistleblower awards typically aren’t paid for simple breach of contract claims, for example a software system that contains bugs. If the vendor commits fraud or lies to the government, however, there could be viable False Claims violation. Failing to report a hacking attack could lead to a large whistleblower award.
We worry that contractors will ignore the new cyber reporting rules. This type of deliberate conduct endangers not only our national security but also the men and women in our armed forces.
If you have knowledge of government contract or procurement fraud or know of unreported hacking and cyber attacks against government contractors, give us a call. Our whistleblower clients have received over $100 million in awards. Last year the federal government paid out $635 million in whistleblower claims.
To qualify for an award, one must have inside “original source” information about fraud or wrongdoing involving a federal program or contract. IT professionals, contract administrators and managers are ideally poised to know of unreported attacks.
Worried about getting fired for “dong the right thing”? Whistleblower retaliation is a real problem in some industries. Powerful anti-retaliation laws exist to protect private workers who report wrongdoing. We can help you if you are fired or demoted for reporting fraud.
For more information, contact attorney Brian Mahany at or by telephone at (414) 704-6731 (direct). We our sensitive to confidentiality concerns. Information shared with us is kept confidential and is protected by the attorney – client privilege.
MahanyLaw – America’s Whistleblower Lawyers