Welcome to Defense TechCast, a new monthly webcast brought to you by ClearanceJobs and hosted by Leslie Weinstein, a cyber expert with the US Army. This month Weinstein chats with Robert Metzger, attorney with the award-winning law firm Rogers Joseph O’Donnell.
What is the False Claims Act?
The False Claims Act, also known as the “Lincoln Law” allows the government to levy a lien on those who overpay the government or make false claims about their income. It is the government’s biggest anti-fraud tool and recently made headlines due to a landmark case, Markus vs. The case may be important, but the number is one of many cases involving the False Claims Act and the government’s role in ensuring that thousands of business entities are doing business fairly.
“I think in 2021 it’s $5.6 billion dollars recovered by DOJ or whistleblowers working on behalf of the government,” Metzger said. “Five billion of that, or about 89%, went against the healthcare industry. The Justice Department will use the tools available to it to improve corporate governance and performance… and recover damages from companies that fail to meet their online obligations.
While the laws are there, the ability to enforce them is something else. Enter the Cybersecurity Maturity Model Certification (CMMC). The CMMC program outlines cybersecurity standards for contractors in the Defense Industrial Base (DIB). While the goal is to protect information, it also creates standards that make it easier to determine whether a cyber breach has occurred and warrants prosecution.
“We don’t hear a lot of controversy if the law was properly enforced,” Metzger said. “CMMC is supposed to bring in an assessment process where we will train third party assessors who will look, certify and certify – or not certify – the achievements of maintenance contractors. But that authority is not there yet.
Companies may be hesitant to enter into compliance with the CMMC, waiting for clearer guidance. “Cyber is not a clear-cut place for what is or is not appropriate or sufficient,” says Metzger. But that’s no reason to avoid maintaining cybersecurity capabilities, and it’s important to ensure compliance with policies and frameworks.
“The cost of defending a false claim action … is high, and the exposure is very high, moving to a large extent,” Metzger said.
Current policies, including DFAR 7012 and NIST 800.171 define what constitutes ‘reasonable’ security and provide procedures for cyber incidents and what to report to the federal government. government.
What can a prosecutor expect?
“Of course, whistleblowers are protected,” Metzger said. “I see whistleblowers as a very important public service because there is wrongdoing in the defense industry and among government contractors and it’s important for whistleblowers to bring those issues before the public, so the public wants to be compensated for them. goods and services are protected.”
But the messenger is not free. Although whistleblowers have formal protections, there is a process for employers to change or modify their work. “It’s a tough road for a reporter,” Metzger said. It is important to be specific, and where possible add issues to specific contracts rather than company policies.
What Should Maintenance Contractors Do?
As CMMC continues to increase its focus on the contractor’s role in cybersecurity, Metzger advises maintenance contractors to be cyber-focused.
“I am very interested in the DOJ’s cyber fraud program,” Metzger said. The process is important, and keeping good records of the assessment of the suspicion and the steps taken by the company.