How to Report Cybersecurity Issues at a Federal Contractor
Are you a whistleblower who knows about cybersecurity failures at a government contractor?
- Is your employer certifying that its work is secure — even though it's not?
- Have you raised concerns, only to be ignored or punished?
- Are federal programs, or even human lives, in danger because of your company's false claims and cover-ups?
If you want to put things right — and maybe get a reward for doing so — the law is on your side.
Ensuring the security of government systems is a top priority for the U.S. Department of Justice (DOJ), which is looking for whistleblowers to help its enforcement efforts. Anyone who reveals cybersecurity flaws that are being hidden from federal contracting officers, or from the government generally, is protected from retaliation — and could earn a cash payment. Under the federal False Claims Act (FCA), for instance, the U.S. government may reward a tipster with up to 30 percent of any money that is recovered from a contractor that hasn't kept its cybersecurity promises.
Since 2021 the DOJ has been ramping up its efforts in this area. Its "Civil Cyber-Fraud Initiative" is aimed at federal contractors that fail to meet required security standards, and prosecutors have asked whistleblowers to report contractors that are "knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches" to the government.
If you work for an employer that is lying to the feds about its cybersecurity efforts, our lawyers can help you to report this wrongdoing to the DOJ, to defend yourself against backlash, and — if your tip results in a recovery for taxpayers — to claim a reward. Importantly, your action could help to protect the United States.