The US authorities is not going to launch civil fits on contractors to cowl up violations


In a groundbreaking initiative announced by the Justice Department this week, federal contractors are being sued for failing to report a cyber attack or data breach. The newly introduced “Civil Cyber-Fraud Initiative” will use the existing False Claims Act to prosecute contractors and grant recipients involved in what the DOJ calls “cybersecurity fraud”. Typically, the False Claims Act is used by the government to handle civil claims for false claims of federal funds and property in connection with government programs.

Cyber ​​contractors opted for “too long silence”

“For too long, companies have chosen to remain silent because they mistakenly believed that it was less risky to hide a violation than to present and report it,” said Assistant Attorney General Lisa O. Monaco, who pioneered the initiative, which is changing yourself today. We announce today that we will use our civil enforcement tools to prosecute companies that are government contractors and receive federal funding for failing to meet required cybersecurity standards – because we know it puts us all at risk. This is one tool we must use to ensure that taxpayers’ dollars are used appropriately and that public finances and public trust are protected. “

The launch of the Civil Cyber-Fraud Initiative is the “direct result” of the department’s ongoing in-depth review of the cybersecurity landscape ordered by the Assistant Attorney General in May. The goal of these review activities is to develop actionable recommendations that will enhance and expand the DOJ’s efforts to combat cyber threats.

The initiative’s launch aims to contain new and emerging cybersecurity threats to sensitive and critical systems by bringing together subject matter experts from civil fraud, public procurement and cybersecurity agencies.

The development comes at a time when cyber attacks are rampant and advanced ransomware gangs are repeatedly targeting critical infrastructures such as the Colonial Pipeline and healthcare facilities.


Provisions of the law would protect whistleblowers

The Civil Cyber-Fraud Initiative will use the False Claims Act, also known as the Lincoln Law, which the government uses as a procedural tool to hold those responsible for defrauding government programs.

“The law contains a unique whistleblower provision that enables private parties to assist the government in identifying and prosecuting fraudulent conduct and to participate in any redress, and to protect whistleblowers from retaliation who bring these violations and neglect to retaliation”, said the DOJ in a press release.

The initiative will hold organizations such as federal entrepreneurs or individuals accountable if they compromise US cyber infrastructure by knowingly “providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly breaching cybersecurity monitoring and reporting obligations.” “. and violations. “

In summary, the initiative is designed with the following goals:

  • Build broad cybersecurity attack resilience across government, the public sector, and key industrial partners
  • Adhering contractors and fellows to their obligations to protect government information and infrastructure
  • Assisting government professionals in the timely identification, creation and release of patches for vulnerabilities in commonly used IT products and services
  • Ensure that companies that stick to the rules and invest in meeting cybersecurity requirements do not suffer a competitive disadvantage
  • Reimbursing government and taxpayers for losses incurred when businesses fail to meet their cybersecurity obligations
  • Improving general cybersecurity practices that benefit the government, home users, and the American public

The timing of this announcement also coincides with the creation of a National Cryptocurrency Enforcement Team by the Assistant Attorney General to tackle complex investigations and criminal cases of cryptocurrency abuse. The team’s activities will particularly focus on crimes committed through cryptocurrency exchanges and money laundering operations.

What is striking, however, is that the Civil Cyber-Fraud Initiative would pursue those who knowingly neglect to implement a solid cybersecurity stance or who knowingly misrepresented their cybersecurity practices – which leaves room for plausible disputes.

Equally interesting is the fact that Senator Elizabeth Warren and Rep. Deborah Ross proposed a new bill called the Ransom Disclosure Act just two days ago. The law would require ransomware victims to disclose details of each ransom amount paid and “any known information about the company demanding the ransom” within 48 hours of payment.