US government to sue contractors who don’t report a breach

By BizClik Admin
The US Department of Justice has announced that under the new Civil Cyber-Fraud Initiative, government contractors will be held accountable in civil court.

The Justice Department (DoJ) is poised to sue government contractors and other companies who receive US government grants if they fail to report breaches of their computer systems or misrepresent their cybersecurity practices, the department's No. 2 official has said.

Deputy Attorney General Lisa O. Monaco explained that the initiative allows the DoJ to pursue government contractors who don’t comply with cybersecurity standards or keep silent about a breach.

”We will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards,” said Deputy Attorney General Lisa O. Monaco.

The initiative, led by the Commercial Litigation Branch’s Fraud Section, will make use of the False Claims Act (FCA), which renders anyone who intentionally files false claims to the government liable.

“The initiative will hold accountable entities or individuals that put US information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches,” explained the DoJ.

The initiative will also:

  • Build broader resilience against cybersecurity intrusions across the government, the public sector, and key industry partners
  • Ensure that companies follow the rules and invest in meeting cybersecurity requirements 
  • Reimburse the government and taxpayer for the losses incurred when companies fail to satisfy their cybersecurity obligation
  • Improve overall cybersecurity practices that will benefit the government, private users, and the American public

The action, unveiled at the Aspen Cyber Summit, is aimed at contractors who fail to report hacks or who knowingly provide deficient cybersecurity products. It's an outgrowth of an ongoing Justice Department cyber policy review, and is also part of a broader Biden administrative effort to incentivize contractors and private companies to share information with the government about breaches and to bolster their own cybersecurity defenses.

Officials have repeatedly spoken of the need for better private sector engagement as the government confronts a surge in ransomware attacks that in the last year have targeted critical infrastructure and major corporations.

The measure underscores the extent to which the government views cyberattacks as not just harmful to an individual company but also to the American public in general, especially given recent attacks against a major fuel pipeline and meat processor.

Share

Featured Articles

Gigamon Sound Alarm on Cloud Security as Unseen Attacks Soar

Gigamon's latest Hybrid Cloud Security Survey shows unseen cyber attacks have increased 20% year on year

Helping APAC Curb the Threat of Cyber Attacks

With cyberattacks continuing to rise across the Asia-Pacific (APAC) region, technology advancements are having to intensify to thwart threat actors

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

Operational Security

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Technology & AI

Google Securing WFH with Zscaler and Netskope Partnership

Network Security