The Department of Justice Intends to Sue Contractors Who Don’t Report Cybersecurity Breaches
The Initiative Is Part of a Larger Biden Administration Effort to Encourage Contractors and Private Entities to Report Security Breaches to the Government.
Yesterday, the Department of Justice declared is ready to take legal action against government contractors and other companies who receive U.S. government subventions if they don’t disclose cyber breaches of their systems or fail to comply with required cybersecurity guidelines.
This action provides the Department of Justice with the necessary power to address cybersecurity threats to personal data and critical systems, caused by federal agencies’ collaborators.
According to Deputy Attorney General Lisa O. Monaco, this approach allows the Department of Justice to go after federal contractors who decide to hide a breach incident or fail to meet cybersecurity standards and guidelines.
Well, that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds when they fail to follow required cybersecurity standards.
The initiative, which will be led by the Civil Division’s Commercial Litigation Branch’s Fraud Section, is a direct consequence of the department’s continuing comprehensive cyber analysis, which was requested by Deputy Attorney General Monaco in May 2021.
The review’s purpose is to develop actionable recommendations to strengthen and broaden the Justice Department’s cyber-security efforts.
The False Claims Act will be used by the Civil Cyber-Fraud Initiative to prosecute cybersecurity-related fraud by government contractors and funding beneficiaries.
The Act includes a whistleblower provision that allows private organizations to identify and pursue deceitful behavior.
Whistleblowers are protected and end up receiving a substantial part of any recovered money.
The initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.
What Are the Benefits of the Department of Justice Initiative?
- Building broad resiliency against cybersecurity intrusions across the government, the public sector, and key industry partners.
- Holding contractors and grantees to their commitments to protect government information and infrastructure.
- Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly-used information technology products and services.
- Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not at a competitive disadvantage.
- Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligations.
- Improving overall cybersecurity practices that will benefit the government, private users, and the American public.