{"id":192805,"date":"2026-03-04T15:49:00","date_gmt":"2026-03-04T20:49:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/04\/these-2-recent-cases-confirm-doj-is-escalating-cyber-enforcement\/"},"modified":"2026-03-04T15:55:09","modified_gmt":"2026-03-04T20:55:09","slug":"these-2-recent-cases-confirm-doj-is-escalating-cyber-enforcement","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/04\/these-2-recent-cases-confirm-doj-is-escalating-cyber-enforcement\/","title":{"rendered":"These 2 recent cases confirm DOJ is escalating cyber enforcement"},"content":{"rendered":"

These 2 recent cases confirm DOJ is escalating cyber enforcement<\/a><\/p>\n

https:\/\/federalnewsnetwork.com\/litigation\/2026\/03\/these-2-recent-cases-confirm-doj-is-escalating-cyber-enforcement\/<\/a><\/p>\n

Publish Date: 2026-03-04 15:49:00<\/a><\/p>\n

Source Domain: federalnewsnetwork.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. Terry Gerton As 2025 closed, the Department of Justice rolled out two major enforcement actions that involved allegedly deficient cybersecurity practices and DoD contractors. From your vantage point, what did these cases signal about DOJ priorities coming into 2026?
\nAndrew Liebler That\u2019s a great question, Terry, and 2025 was going to be a very interesting year generally for cyber enforcement, because it was the first year of cyber enforcement under the second Trump administration. And the big question on the mind of government investigations, attorneys in this space was, what is the Trump administration going to do with the Biden administration\u2019s civil cyber fraud initiative that was announced in October of 2021? The answer to that was a major increase in cyber enforcement, with nine announced settlements as part of the enforcement, capped off by the two settlements that you noted. And one of the big themes \u2014 not just from those last two enforcement actions of last year, but generally from the year \u2014 is that DoD contractors in particular were in the crosshairs of DOJ enforcement actions. And that primarily stems from their compliance with the DFARS 7012 clause in their contracts, which mandates NIST 800-171 cyber compliance. It\u2019s very complex. There\u2019s a lot of surface area for regulatory activity and enforcement, and that\u2019s what those contractors saw in those actions.]]><\/p>\n

Terry Gerton Well, Mr. Liebler, let\u2019s follow up with the first case, which was with Swiss Automation, and it was all around that DFARS 7012 clause. When federal contractors take a look at the details of this case, what should they be noting particularly?
\nAndrew Liebler I think they should be noting generally that DFARS 7012 is a very potent hook for enforcement in these cases. The Swiss Automation case was actually, in terms of the settlements that were announced last year, sort of a low-water mark of the settlements. That might be informed in part because the conduct at issue in that case took place over a more narrow timeline, comparatively speaking \u2014 when I say conduct, I mean sort of the noncompliance or alleged noncompliance \u2014 took place over a more narrow timeline, comparatively speaking, with some of the other settlements that have been announced that took place over years of noncompliance.
\nTerry Gerton And Mr. Taubin, I want to come to you to talk about that second case. It was a criminal indictment against a former senior manager at a cloud service contractor, alleging false claims tied to FedRAMP. So how significant is it for DOJ to pursue criminal fraud tied to cybersecurity representation?
\nLance Taubin This was a very, very significant indictment and had some ripples around our environment and the folks that work in our space. Because the criminal nature of this and also the knowing representations over years, concealing deficiencies to the Army during testing and demonstrations and the misleading representations, which is obviously the focus of an FCA claim and the cyber initiative. And I think the criminal nature of this is obviously incredibly serious and very different from the Swiss Automation case. But I think as you initially asked, what does this mean going forward? I think it\u2019s really important that with CMMC coming into effect and with a phased timeline over the next few years, there are more opportunities and more requirements to issue statements, official statements, annual attestations of sorts that could be viewed as material misrepresentations of their cybersecurity program and compliance. So there\u2019s generally, we think, potentially more opportunities for claims to be brought given the additional representations necessary that you need to make to the government.
\nAndrew Liebler A criminal indictment of an employee, a former employee I should say, of a government contractor obviously is a pretty significant and unique occurrence and especially, you now, compared to the five years of enforcement proceeding this. But it sort of underscores, and I think while it may be sort of an extreme case in and of itself, it does underscore the sensitivity around the representations that any contractor has to make to the government \u2014 in this case, it was the Army \u2014 when submitting a task order or any other representation to the government for a claim for payment. That can be a really sensitive position for government contractors to be in, because the representations that you\u2019re making are complex. Sometimes they can be ambiguous. Sometimes they could be subject to differing opinions between the contractor and the agency. And while it\u2019s sort of an extreme outcome for a criminal indictment to spring from that set of circumstances, it does point to probably the most fraught component of federal contracting and especially for any contractor who has a contract that has significant cyber compliance obligations baked into the agreement.
\nTerry Gerton I\u2019m speaking with Andrew Liebler and Lance Taubin, partners at Alston Bird. Mr. Taubin, let me come back to you. You mentioned the False Claims Act. These two cases are kind of different from what typically pops up as False Claims Act. How would you interpret the variability, especially related to cyber claims and relative to the False Claims Act?
\nLance Taubin I think it comes back to \u2014 they\u2019re different cases for sure, and the conduct was quite different \u2014 but I think they have a common theme of failure to comply or material misrepresentation of cybersecurity posture and compliance with your contractual obligations. And one was, potentially significantly in some people\u2019s opinions, more egregious than the other and higher contract value and more significant repercussions. But I think from an FCA case, it all comes down to, what are your cybersecurity obligations? As Andrew mentioned, it\u2019s not always black and white, what your obligations are. What attestations have you made to government? In what form? And does that have a material impact on the government and the agency? So I do think that there are some common themes despite the difference of severity of activity.]]><\/p>\n

Terry Gerton If you were a contractor right now who might see yourself in one of these cases or one of the others that DOJ brought in 2025, what actions should you be taking right now to reduce your risk of getting caught up in this net?
\nLance Taubin This is going to sound so simple but know what your obligations are. And it\u2019s not simple. It really isn\u2019t. Government contracts are not very clear sometimes. Really important to know your obligations, and the government will be transparent with you and have that open conversation. Engage the right stakeholders to build your compliance program. That should not just be information security or IT individuals. That needs to involve a cross-functional group: legal, financial, other IT and infosec, product, developers, etc. There could be various different individuals, but there\u2019s got to be a team. Cybersecurity compliance is not a one team; it can\u2019t be narrow just for information security teams or IT professionals. And I would say before you have to make an attestation or submit cybersecurity artifacts to prove your compliance, do a test run. Understand where you come out. Where are your strengths, where are your weaknesses, where are there gaps? There\u2019s no perfect cybersecurity program. There\u2019s going to be gray areas from a compliance perspective, particularly with a complex cyber framework \u2014 DFARS 7012, NIST 800-171 \u2014 it\u2019s complex and it\u2019s not black and white. But understand and go into this with eyes wide open.
\nTerry Gerton And Mr. Liebler, where do you think these trends point to in 2026? Are we going to be seeing more of these kinds of criminal investigations or generally heightened security or focus on cybersecurity attestations?
\nAndrew Liebler I think so. I think that there are a lot of trends that you can pull from this. One is the enforcement apparatus between the DOJ and the agencies has gotten more sophisticated. These investigations require a lot of resources, they require cooperation between the agencies, they require subject matter expertise. And that\u2019s being built through these investigations. When we see these settlements and announced cases, that\u2019s the tip of the iceberg. There are many, many more investigations that are underway and companies in all areas of the market that are engaged in these discussions with the regulators at the moment. So there\u2019s a lot happening here. I think one other interesting trend, though, from last year that certainly could continue in the future is just the rise of cyber whistleblowers. Many of the cases that were settled last year began as sealed, what are called qui tam cases, so False Claims Act cases brought by private whistleblowers. Oftentimes those are former IT employees, product managers, quality control employees. And a common refrain in their allegations is, \u201cI identified cyber deficiencies in my company, I tried to raise concerns internally, and I was ignored or rebuffed by the rest of the company.\u201d And so I think when you\u2019re considering, if you are a contractor, among the things that you can do to try and sort of insulate yourself from becoming the subject of enforcement is to make sure that your internal reporting structures are behaving as they should. Do employees with oversight have a reliable means of raising concerns about cyber compliance and preparedness, and what happens when they raise those concerns? I think the last thing is, can they do that confidentially if they need to, if they have a real material concern? So that the company can deal with it internally before it turns into a qui tam case and eventually a government investigation.
\nTerry Gerton That\u2019s really smart advice. And Mr. Taubin, let me give you the last word.
\nLance Taubin One more item I would add, which I think is a really interesting and unique trend at the DOJ: Unlike other state and federal regulators where we typically see enforcement actions on the cyber side following a significant data breach, the trend here is not focused on organizations that incurred a data breach or cybersecurity attack. It\u2019s really focused on misrepresentations and material noncompliance with cybersecurity obligations. A data breach doesn\u2019t necessarily have to happen. And that\u2019s a unique trend and something that I think is important to understand going forward.Copyright
\n \u00a9\u00a02026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

These 2 recent cases confirm DOJ is escalating cyber enforcement https:\/\/federalnewsnetwork.com\/litigation\/2026\/03\/these-2-recent-cases-confirm-doj-is-escalating-cyber-enforcement\/ Publish Date: 2026-03-04 15:49:00…<\/p>\n","protected":false},"author":1,"featured_media":192806,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2025\/10\/GettyImages-2198621098-e1761175896525.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24],"class_list":["post-192805","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/192805"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=192805"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/192805\/revisions"}],"predecessor-version":[{"id":192807,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/192805\/revisions\/192807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/192806"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=192805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=192805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=192805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}