Article
Cyber Security

US government to sue contractors who don’t report a breach

By BizClik Admin
October 08, 2021
undefined mins
Share
The US Department of Justice has announced that under the new Civil Cyber-Fraud Initiative, government contractors will be held accountable in civil court.

The Justice Department (DoJ) is poised to sue government contractors and other companies who receive US government grants if they fail to report breaches of their computer systems or misrepresent their cybersecurity practices, the department's No. 2 official has said.

Deputy Attorney General Lisa O. Monaco explained that the initiative allows the DoJ to pursue government contractors who don’t comply with cybersecurity standards or keep silent about a breach.

”We will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards,” said Deputy Attorney General Lisa O. Monaco.

The initiative, led by the Commercial Litigation Branch’s Fraud Section, will make use of the False Claims Act (FCA), which renders anyone who intentionally files false claims to the government liable.

“The initiative will hold accountable entities or individuals that put US information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches,” explained the DoJ.

The initiative will also:

  • Build broader resilience against cybersecurity intrusions across the government, the public sector, and key industry partners
  • Ensure that companies follow the rules and invest in meeting cybersecurity requirements 
  • Reimburse the government and taxpayer for the losses incurred when companies fail to satisfy their cybersecurity obligation
  • Improve overall cybersecurity practices that will benefit the government, private users, and the American public

The action, unveiled at the Aspen Cyber Summit, is aimed at contractors who fail to report hacks or who knowingly provide deficient cybersecurity products. It's an outgrowth of an ongoing Justice Department cyber policy review, and is also part of a broader Biden administrative effort to incentivize contractors and private companies to share information with the government about breaches and to bolster their own cybersecurity defenses.

Officials have repeatedly spoken of the need for better private sector engagement as the government confronts a surge in ransomware attacks that in the last year have targeted critical infrastructure and major corporations.

The measure underscores the extent to which the government views cyberattacks as not just harmful to an individual company but also to the American public in general, especially given recent attacks against a major fuel pipeline and meat processor.

CybersecuritycyberattackRansomwareCyberbreach
Share
Latest

Digital Magazine

Read Now
Read the latest Digital Magazine today!

Featured Articles

Cisco Talos: Tracking Ransomware’s 35 Year Evolution

Martin Lee, Technical Lead for Security Research, Cisco Talos highlights how the ransomware landscape has shifted across the last 35 years

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

Cyber Security

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI