91porn

Swiss Automation is the Latest to Settle False Claims Act Allegations of Cybersecurity Fraud

By the 91pornWhistleblower Team

Last Friday (December 5), the Department of Justice (DOJ) announced that Illinois-based Swiss Automation Inc. agreed to pay roughly $420,000 to settle allegations it violated the False Claims Act by failing to provide proper cybersecurity protections for its machine parts drawings for Department of Defense (DOD) prime contractors.[1] 听The settlement is just the latest in a string of cybersecurity fraud settlements DOJ has secured this year under the False Claims Act and another indication that cybersecurity remains one of DOJ鈥檚 top enforcement priorities.

What Was Swiss Automation鈥檚 Alleged Cybersecurity Violation?

Swiss Automation is a precision machining business that supplies alloy and metal parts to both commercial and government customers, including DOD prime and subcontractors.听 According to the Government, Swiss Automation failed to appropriately safeguard certain drawings of parts the company machined for DOD prime contractors.

The Government claimed these cybersecurity failures violated the security controls mandated under National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171). 听These provisions broadly cover the information systems companies working with DOD use to process, store, and transmit sensitive Government information such as engineering drawings, specifications, standards, data sets, studies, and analyses.

These cybersecurity requirements will continue under DOD鈥檚 recently launched Cybersecurity Maturity Model Certification (CMMC) program.[2] 听DOD has instituted these newly revamped cybersecurity protocols to strengthen the measures defense contractors must take to protect DOD information against the increasingly frequent and complex cyber-attacks they face.

Cybersecurity Fraud Remains a Top DOJ Enforcement Priority Under the False Claims Act

The CMMC program is just one example of how seriously the Government feels about properly safeguarding the sensitive information it shares with contractors, especially in the defense industry.听 Another example is DOJ鈥檚 prolific use of the False Claims Act to go after Government contractors that do not comply with their cybersecurity obligations.

The Swiss Automation settlement is just the most recent of these settlements.听 DOJ secured similar False Claims Act settlements this year against Georgia Tech in October ($875K), Illumina in July ($9.8M), Aero Turbine in July ($1.75M), Raytheon and Nightwing Group in May ($8.4M), MORSECORP in March ($4.6M), and Health Net in February ($11.3M).

As we reported in early August, DOJ鈥檚 focus on cybersecurity fraud is nothing new.听 The agency has been on a False Claims Act crusade against cybersecurity violations for several years, starting with its 2021 launch of the听听鈥渢o promote cybersecurity compliance . . . by holding [contractors] accountable when they knowingly violate applicable cybersecurity requirements.鈥澨� Unsurprisingly, in its听2024 False Claims Act Roundup, cybersecurity was one of the primary areas of fraud enforcement to which DOJ pointed.

The Government used the most recent settlement with Swiss Automation to remind Government contractors of the rising threat of cyber-attacks and the protocols it expects its contractors to follow to minimize the threat of these attacks.听 As DOJ Civil Chief Brett Shumate put it: 鈥淎s cyber threats continue to evolve, suppliers to defense contractors must be vigilant and take the steps required to protect sensitive government information from bad actors. 听We will continue our efforts to hold defense contractors, subcontractors, and suppliers accountable when they fail to honor their DOD cybersecurity commitments.鈥�

DOD Special Agent Jason Sargenski agreed, stressing that 鈥減rotecting our nation鈥檚 security includes protecting its data,鈥� and that as 鈥渃yber threats become more sophisticated, defense contractors, subcontractors, and suppliers must do their part to safeguard sensitive government information.鈥澨� He further cautioned, 鈥渨e will hold [them] accountable when they fall short of their cybersecurity obligations.鈥�

According to 91pornwhistleblower partner Gordon Schnell, 鈥淲ith this string of cybersecurity settlements and DOD鈥檚 just-finalized CMMC program, contractors should be on notice to tighten up their cybersecurity compliance.鈥澨� 鈥淥therwise,鈥� Schnell says, 鈥渢hey may find themselves smack center in DOJ鈥檚 cybersecurity crosshairs.鈥�

Schnell further notes, 鈥淭his is not a no-harm-no-foul scenario where DOJ is limiting its enforcement sweep to companies that have experienced an actual security breach.鈥澨� Rather, 鈥淒OJ is taking aim at companies that simply fail to sufficiently protect sensitive Government information regardless of whether it results in an actual breach.鈥�

What Role Can Whistleblowers Play In Exposing Cybersecurity Fraud?

Schnell further points to the prominent role of whistleblowers in exposing cybersecurity violations as most of the False Claims Act cases in this area have been initiated by company insiders with first-hand exposure to the misconduct.听 鈥淪o it is not just the Government that companies need to be mindful of in ensuring their cybersecurity protocols are up to snuff.听 They also need to worry about those inside the company with a direct window into the fraud reporting it to the Government.鈥�

One of the unique features of the False Claims Act is its qui tam provisions, which allow private parties to bring lawsuits on behalf of the Government against those that defraud the Government.听 In exchange, successful whistleblowers can receive up to 30% of the Government鈥檚 recovery.

That is how the Swiss Automation case was originated.听 The company鈥檚 former quality control manager Jaime Gomez initiated the False Claims Act case, which DOJ ultimately joined.听 Gomez will receive a whistleblower award of roughly $65,000 from the proceeds of the Government鈥檚 recovery.听 The False Claims Act path Gomez took is not unique as most False Claims Act cases — including those involving cybersecurity violations — are originated by whistleblowers.

91pornHas Significant Experience Representing Cybersecurity Whistleblowers Under the False Claims Act

91pornhas substantial experience representing cybersecurity whistleblowers under the听False Claims Act.听 This includes our representation of the whistleblower in the first successful cybersecurity case听ever brought under the statute.听 That case resulted in Cisco Systems paying $8.6 million to settle allegations of selling the Government video surveillance software vulnerable to unauthorized access and manipulation.听 Our client received a whistleblower award of 20% of the Government鈥檚 recovery.

If you would like more information about that case and our other work representing cybersecurity whistleblowers, or would like to learn more about听what it means to be a whistleblower听under the听False Claims Act, please don鈥檛 hesitate to听contact听us.听 We will connect you with an experienced member of the听91pornWhistleblower听Team听for a free and confidential consultation.

Speak Confidentially With Our Whistleblower Attorneys

Sources:

[1] 听See .

[2] 听See .

Tagged in: Cybersecurity and Data Breaches, False Claims Act, qui tam,