“Cybersecurity Whistleblowers Can Reap Major Benefits as IT Professionals”

"Cybersecurity Whistleblowers Can Reap Major Benefits as IT Professionals"

“Cybersecurity Whistleblowers Can Reap Major Benefits as IT Professionals”


### Whistleblowers: The Overlooked Champions of Government Accountability in the Digital Era

In a time when technology infiltrates all aspects of existence, the U.S. government has increasingly relied on whistleblowers to reveal fraud, misconduct, and cybersecurity lapses in its interactions with contractors. These individuals, often employees or executives with access to confidential information, are crucial in ensuring organizations are held accountable under the **False Claims Act (FCA)**—a law that has become foundational in fighting fraud associated with government contracts.

From academic institutions to tech corporations, whistleblowers have brought to light systemic problems that may have otherwise remained hidden, receiving both accolades and notable financial compensation for their contributions. This article explores the rising dependence on whistleblowers in the digital era, the dynamics of the False Claims Act, and the consequences for government contractors.

### The False Claims Act: A Time-Honored Tool for Contemporary Issues

The **False Claims Act (FCA)** originated during the Civil War, initially aimed at fighting corrupt vendors who provided inferior goods to the Union Army. Its application has broadened over the years, now serving as an essential instrument for tackling fraud across multiple sectors, including healthcare, defense, and, recently, information technology (IT).

The FCA’s distinct **”qui tam” provisions** empower private individuals to file lawsuits on behalf of the government if they discover evidence of fraud. Should the case succeed, whistleblowers may receive a share of the recovered amounts—usually between 15% and 30%. This financial incentive has turned out to be a significant motivator for insiders to step forward, especially in intricate fields like IT, where misconduct can be challenging to identify externally.

### Whistleblowers in Action: Notable Recent Cases

#### **Penn State University**
A recent instance features Matthew Decker, the prior Chief Information Officer for Penn State University’s Applied Research Laboratory. Decker uncovered that the university was not complying with cybersecurity obligations specified in its contracts with NASA and the Department of Defense (DoD). Notably, Penn State employed cloud services that did not adhere to DoD security protocols and misrepresented its IT security ratings to the government.

Decker initiated a whistleblower lawsuit under the FCA, culminating in a **$1.25 million settlement** in October 2023. In recognition of his efforts to unveil the fraud, Decker received **$250,000**—a notable reward for his bravery and dedication.

#### **Dell and Iron Bow Technologies**
In another instance, whistleblower Brent Lillard, an executive within the IT sector, revealed that Dell, Dell Federal Systems, and Iron Bow Technologies had provided non-competitive bids to the Army, leading to excessive charges. The firms reached a settlement of **$4.3 million**, with Lillard awarded **$345,000** for his contributions.

#### **Gen Digital (formerly Symantec)**
The most prominent example may be the case against Gen Digital, which was found liable for overcharging the government for IT services. Following the loss of a trial, the company paid a staggering **$55.1 million** in 2022. The whistleblower, Lori Morsell, who oversaw the contract for Gen Digital, is currently awaiting her share of the payout, expected to be considerable.

### The Increase of Cyber-Fraud Cases Under the FCA

The digital enhancement of government functions has introduced new obstacles, particularly regarding cybersecurity. Acknowledging this, the Department of Justice (DOJ) initiated the **Civil Cyber-Fraud Initiative** in 2021 to tackle cyber-related misconduct under the FCA. This initiative emphasizes three primary areas:

1. **Non-compliance with contractual cybersecurity standards**
2. **Misrepresentation of security measures and practices**
3. **Failure to promptly report suspected breaches**

This initiative has already resulted in significant settlements with leading organizations, including **Boeing** (which paid $8.1 million in 2023) and **Cisco**, which settled for $8.6 million due to security vulnerabilities in its video surveillance products.

### The Importance of Whistleblowers

Whistleblowers are in a unique position to detect and bring to light misconduct that would otherwise remain concealed. In the realms of IT and cybersecurity, where technical intricacies can mask fraudulent activities, their contribution becomes even more vital. The government often lacks sufficient resources or expertise to identify such issues independently, rendering whistleblowers essential partners in the battle against fraud.

Nonetheless, pursuing an FCA case presents challenges. Whistleblowers frequently endure retaliation, prolonged litigation, and emotional strain. For example, the lawsuit involving Cisco took **eight years** to resolve, highlighting the endurance and tenacity needed to navigate such cases.

### The Financial and Ethical Benefits of Whistleblowing

Though the financial gains can be considerable—ranging from hundreds of thousands to millions of dollars—many whistleblowers are driven by a sense of responsibility. They