In a significant initiative announced by the Justice Department this week, federal contractors will be prosecuted if they fail to report cyberattacks or data breaches. The newly launched “Civil Cyber-Fraud Initiative” will leverage the existing false claim act To pursue contractors and grant recipients involved in what the DOJ calls “cybersecurity fraud.” Typically, the False Claims Act is used to deal with civil lawsuits over false claims made by the government regarding federal funds and property tied to government programs.
Cyber contractors choose to silence “for too long”
“For too long, companies have chosen to silence under the mistaken belief that it is less risky to cover up a breach than to bring it forward and report it,” said deputy attorney general Lisa O Monaco, who led the initiative. are, say. “Well, that’s changing today. We’re announcing today that we’ll be using our civil enforcement tools to advance companies that are government contractors that receive federal funding when they meet the required cybersecurity standards.” fail to comply—because we know it puts us all at risk. It’s a tool we have to make sure taxpayer dollars are used fairly and protect public financial and public trust Go.”
The launch of the civil cyber-fraud initiative is a “direct result” of the department’s ongoing in-depth review of the cybersecurity landscape, ordered by the deputy attorney general in May. The goal behind these review activities is to develop actionable recommendations that enhance and expand the DoJ’s efforts to combat cyber threats.
The launch of the initiative aims to prevent new and emerging cyber security threats to sensitive and critical systems by bringing together subject matter experts from civil fraud, government procurement and cyber security agencies.
The development comes at a time when cyberattacks are rampant, and advanced ransomware gangs repeatedly target critical infrastructure, such as colonial pipelines and health care facilities.
The provisions of the Act will protect the whistleblower
The Civil Cyber-Fraud Initiative will use the False Claims Act, aka “Lincoln Law,” to act as a litigation tool for the government while placing liability on those who defraud government programs.
“The Act includes a unique whistleblower provision that allows private parties to assist the government in identifying and pursuing fraudulent conduct and share in any recovery and whistleblowers who bring these breaches and failures to retaliation. protects,” the DOJ states in a Press release.
This initiative will hold entities such as federal contractors or individuals accountable when they put US cyber infrastructure at risk intentionally “Providing less cyber security products or services, knowingly misrepresenting its cyber security practices or protocols, or knowingly violating obligations to monitor and report cyber security incidents and breaches.”
In short, the initiative has been designed keeping in mind the following objectives:
- Building greater resilience against cyber security intrusions across government, public sector and key industry partners.
- Holding contractors and grantees up to their commitments to protect government information and infrastructure.
- Support the efforts of government experts to timely identify, create and disseminate patches for vulnerabilities in commonly used information technology products and services.
- Ensuring that companies that comply with regulations and invest in meeting cyber security requirements are not at a competitive disadvantage.
- To reimburse the government and taxpayers for losses incurred when companies fail to meet their cyber security obligations.
- Improving overall cyber security practices that will benefit the government, private users, and the American public.
The timing of this announcement shall also be made by the Deputy Attorney General.National Cryptocurrency Enforcement Team“Designed to deal with complex investigations and criminal cases of cryptocurrency abuse. Specifically, the team’s activities will focus on crimes committed by cryptocurrency exchanges and money-laundering operations.
What sets it apart, however, is that the civil cyber-fraud initiative will pursue those who were intentionally Negligence in the implementation of a strong cyber security posture or intentionally misrepresenting its cyber security practices – leaving room for laudable denial.
Equally interesting is the fact that just two days ago, Senator Elizabeth Warren and Representative Deborah Ross proposed a new bill called “ransom disclosure actThe act would require ransomware victims to disclose details of any ransom money paid and “any known information about the entity seeking the ransom” within 48 hours of payment.