• Latest
  • Trending
  • All
Recent False Claims Act cases a caution to gov’t contractors that skimp on security

Recent False Claims Act cases a caution to gov’t contractors that skimp on security

February 4, 2020
Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

April 23, 2024
Top 5 Spend Analysis Software ranked in 2024

Top 5 Spend Analysis Software ranked in 2024

March 1, 2024
How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

January 19, 2024
LATAM Cargo strengthens European cargo links

LATAM Cargo strengthens European cargo links

April 14, 2020
Ford making reusable hospital gowns from airbag materials as efforts against coronavirus expand

Ford making reusable hospital gowns from airbag materials as efforts against coronavirus expand

April 14, 2020
Don’t Sweat NBC’s Decision to Cut Back on Television Ad Inventory

Don’t Sweat NBC’s Decision to Cut Back on Television Ad Inventory

April 14, 2020
Software firms sharpen focus on AI, big data as IT spending drops

Software firms sharpen focus on AI, big data as IT spending drops

April 14, 2020
Navigating turbulent times in your supply chain (TL:DR version)

Navigating turbulent times in your supply chain (TL:DR version)

April 14, 2020
Last Mile Delivery by Drones Market is Booming Worldwide

Last Mile Delivery by Drones Market is Booming Worldwide

April 14, 2020
AIR CARGO MARKET SIZE, SHARE, DEMAND, TREND, LATEST INNOVATIONS & APPLICATION ANALYSIS AND INDUSTRY GROWTH FORECAST 2027 – Science In Me

AIR CARGO MARKET SIZE, SHARE, DEMAND, TREND, LATEST INNOVATIONS & APPLICATION ANALYSIS AND INDUSTRY GROWTH FORECAST 2027 – Science In Me

April 14, 2020
Wheat procurement in Patiala: 6,500 coupons issued to farmers – cities

Wheat procurement in Patiala: 6,500 coupons issued to farmers – cities

April 14, 2020
Pandemic, Plastics And The Continuing Quest For Sustainability

Pandemic, Plastics And The Continuing Quest For Sustainability

April 14, 2020
  • Supply Chain
  • Logistics
  • Warehousing
  • Procurement
  • Shipping
  • More
    • Strategic Sourcing
    • Spend Analysis
    • Inventory
    • Contact Us
No Result
View All Result
United States International Supply Chain Commission
United States International Supply Chain Commission
Home Procurement

Recent False Claims Act cases a caution to gov’t contractors that skimp on security

by usiscc
February 4, 2020
in Procurement
0
Recent False Claims Act cases a caution to gov’t contractors that skimp on security
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

The False Claims Act (FCA), otherwise known as the “Lincoln Law,” can cost companies that supply goods or services to the federal government millions of dollars if they fail to provide the digital security protections they promise, as two recent cases illustrate. In one of the cases, Cisco Systems was forced to pay millions of dollars to the federal and state governments.

First passed in 1863 during the Lincoln Administration, the FCA was aimed at fraudulent contractors who sold bad horses, provisions and munitions to the Union Army. One of the law’s provisions allows for citizen “relators” or whistleblowers to be paid a percentage of what can be recovered from those who are proved to have made false claims to the federal government in the sale of goods or services.

Between the Civil War and the mid-1980s, the FCA was little used until it was given a shot in the arm by Congress in 1986 to deal with rampant problems involving defense contractors. The FCA was revised again by Congress in 2009 and 2010. 

Two fundamental changes were made to the statute in 2009. The first is that the false claim must be “material,” however that’s defined. The second change provided greater protection for the whistleblowers, extending safeguards beyond company employees, who have served as the traditional relators, to go further and encompass contractors and agents.

Today, an estimated 72% of all FCA cases are brought by the relator-whistleblowers, with the federal government recovering an estimated $62.1 billion under FCA action between 1987 and 2019, according to Justice Department statistics.

The process for filing false claim actions is detailed and rigorous, with all complaints required to be filed in federal court and under seal. The federal court has to keep the lawsuit secret for at least 60 days, but in practice, these cases are kept under wraps far longer, often for years. It’s then up to the Justice Department to proceed with the action.

First security-related FCA cases came in 2019

Two recent cases brought under the False Claims Act highlight how cybersecurity compliance failures are now fertile territory under a law originally envisioned to punish purveyors of bad muskets. “I think we’ve been expecting to see false claims act activity in this space for a while, and then in 2019, it started to happen,” Michael Vernick partner at Hogan Lovells, a specialist on FCA cases, tells CSO.

One case, the United States v. Aerojet Rocketdyne Holdings, Inc., 381 F. Supp. 3d 1240 (E.D. Cal. 2019), should serve as a cautionary tale “for contractors that ‘self-certify’ that their own IT systems provide adequate security for sensitive federal information they store, process, or transmit in performance of a federal contract,” Vernick wrote in a recent alert issued by Hogan Lovells.

In the Aerojet case, a California District Court ruled that the company couldn’t dismiss a complaint by its former senior director of cybersecurity, compliance and controls about the company’s inability to safeguard unclassified controlled technical information from cybersecurity threats. The case hinged on whether Aerojet was making the grade under a Department of Defense rule requiring federal contractors to implement specific security controls.

The former employee claims that Aerojet “fraudulently entered into contracts with the federal government despite knowing that they did not meet the minimum standards required to be awarded a government contract.” He further claims he was fired from his job when he refused to certify that the company was compliant with the contracted cybersecurity requirements.

The Aerojet case, although still in its early days, is interesting because it’s a “complaint that’s filed for a contract that does not involve selling products or services to the government,” Vernick said. Instead, it focuses on the contractor’s own systems and their ability to safeguard controlled unclassified information (CUI). “It’s not the classic situation of ‘we sell something to the government, and it doesn’t meet the requirements.’”

The other recent case involving FCA claims and cybersecurity does involve the security of products directly sold to the federal government. In this case, the United States ex rel. Glenn v. Cisco Systems, Inc., No. 1:11-cv-00400- RJA (W.D.N.Y. July 31, 2019) became unsealed in 2019 and involved a relator or whistleblower James Glenn, a former employee of Cisco’s Danish distributor NetDesign.

Glenn alleged that Cisco’s Video Surveillance Manager (VSM) product did not comply with government cybersecurity requirements. Glenn claimed he identified security vulnerabilities in Cisco’s VSM that could allow an attacker to exploit the system and even gain “administrator” rights, flaws he alleged could also potentially compromise the security of other systems connected to the VSM, placing the entire information management system at risk.

Glenn claimed he informed relevant management that the vulnerabilities violated a host of federal requirements, including the Federal Information Security Management Act of 2002 (FISMA) and procurement regulations related to Federal Information Processing Standards (FIPS). FIPS, in turn, incorporated several standards spelled out in the National Institute of Standards and Technology (NIST) publications, particularly access control, authentication management, and transmission integrity specifications, among others, contained in NIST’s widely used SP 800-53.

According to a press release, Cisco agreed to pay $8.6 million to resolve the allegations brought by Glenn, with $2.6 million paid to the federal government and $6 million to state government purchasers. This resolution highlights the real monetary risks to companies that don’t materially meet implied or explicit promises of providing adequate security.

More security FCA cases likely

“In False Claims Act cases, if the government wins, they get trebled damages plus penalties, which are a big deal,” Vernick says. Vernick, like other lawyers who have examined these cases, believes that other big-ticket FCA cases involving cybersecurity failures are in the pipeline. “If we were betting, there are probably other cases that are in progress, but a lot of them are probably still under seal” because these cases can remain under seal for years while they’re being investigated.

Moving forward, companies can take steps to avoid FCA lawsuits. First, “I think that the best thing for companies to do is to recognize what they’re agreeing to in a contract,” Vernick says. “It’s not uncommon for companies, particularly companies that are new to the government market, to not realize what they’re agreeing to.”

Step two is for companies to make sure they comply with all the relevant federal requirements and to monitor their systems for that compliance continually. Companies should also call in outside expertise to the extent they believe it’s necessary, Vernick says. Finally, companies should pay attention to concerns raised by employees or any other party about the weaknesses in their security protocols.

“Whether it’s in the cyberspace or any other space, I think it’s important to make sure that someone who raises a concern is heard,” Vernick says. “If their concerns are something that needs to be addressed,” you should address them, he advises. “What’s important is to allow people to bring forward concerns that they have and take them seriously and respond to them appropriately.”

Copyright © 2020 IDG Communications, Inc.

Share196Tweet123
usiscc

usiscc

  • Trending
  • Comments
  • Latest
Escape From Tarkov – How to Rotate Items

Escape From Tarkov – How to Rotate Items

February 5, 2020
Supply chain examination: Planning for vulnerabilities you can’t control

Supply chain examination: Planning for vulnerabilities you can’t control

December 7, 2019
Procurement Project Manager job with Camden London Borough Council

Procurement Project Manager job with Camden London Borough Council

February 17, 2020
Art Battle Wichita Falls III at The Warehouse, 1401 Lamar.

Art Battle Wichita Falls III at The Warehouse, 1401 Lamar.

0
Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2016–2024 – ZMR News Reports

Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2016–2024 – ZMR News Reports

0
PHOTOS: Ottawa firefighters respond to warehouse fire

PHOTOS: Ottawa firefighters respond to warehouse fire

0
Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

Last Mile Delivery Market Worth Observing Growth | UPS, FedEx, SF Express

April 23, 2024
Top 5 Spend Analysis Software ranked in 2024

Top 5 Spend Analysis Software ranked in 2024

March 1, 2024
How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

How Tesla And BMW Are Leading A Supply Chain Renaissance With Blockchain

January 19, 2024
  • Privacy Policy
  • Terms of Use
  • Disclaimer
  • DMCA
  • Contact Us

Copyright © 2024 United States International Supply Chain Commission (usiscc.org)

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT
No Result
View All Result
  • Supply Chain
  • Logistics
  • Warehousing
  • Procurement
  • Shipping
  • More
    • Strategic Sourcing
    • Spend Analysis
    • Inventory
    • Contact Us

Copyright © 2024 United States International Supply Chain Commission (usiscc.org)