Department of Defense Issues Report Critical of Contractor Cybersecurity Compliance

defense department
(DoD photo illustration by U.S. Air Force Master Sgt. Angelita M. Lawrence)

The Inspector General (IG) for the U.S. Department of Defense (DOD) issued a report critical of recent efforts by contractors to protect Controlled Unclassified Information (CUI). The report, which followed the DOD IG’s efforts to support five separate investigations carried out by the U.S. Department of Justice (DOJ) in furtherance of the its Civil Cyber-Fraud Initiative, identified common contractor cybersecurity weaknesses. For its part, one of the primary objectives of the Civil Cyber-Fraud Initiative is to investigate contractors self-certifying to cybersecurity compliance and whether those self-certifications are accurate. The IG and DOJ uniformly found that they were not, and the IG warned in its report that such inaccuracies could lead to violations of the False Claims Act, which includes treble damages and penalties of up to $27,018 per false claim (or invoice).

