According to the new Civil Cyber-Fraud Initiative unveiled today by the US Department of Justice, Government contractors will be held liable in civil court if they don’t notify a breach or fail to satisfy minimum cybersecurity requirements.
The program provides the Department of Justice with the necessary leverage to combat digital threats to sensitive information and key systems posed by federal agency partners.
As per Deputy Attorney General Lisa O. Monaco, this effort empowers the Department of Justice to prosecute federal contractors who remain silent about a breach or fail to meet cybersecurity standards.
The initiative, led by the Commercial Litigation Branch’s Fraud Section, will use the False Claims Act (FCA), which renders anybody who intentionally files false claims to the government accountable.
The Act includes a whistleblower clause that permits private individuals to report and prosecute fraudulent activity. Whistleblowers are protected and receive a large portion of any recovered cash.
The benefits of this effort are intended to vary from strengthening general cybersecurity procedures to increasing the security of information systems in both the corporate and governmental sectors:
- Expanding the government, public sectors’, and significant industrial partners’ resistance to cybersecurity incursions
- Supporting government specialists in their efforts to discover, produce, and distribute fixes for vulnerabilities in widely used information technology products and services on time
- Holding contractors and grantees accountable for protecting government data and infrastructure
- Ensuring that businesses who obey the regulations and invest in cybersecurity are not at a competitive disadvantage
- Improving comprehensive cybersecurity procedures for the government, private users, and the general public in the United States
- Providing compensation to the government and taxpayers for damages suffered when businesses fail to meet their cybersecurity obligations
Anyone can be a target of ransomware. Recently, a U.S. government contractor reported a breach that has cost the company $500,000 to $1 million. The company called it a “learning experience” and shared it with other organizations to raise their awareness.
“It could happen to anyone,” Sandesh Sharda, president of Arlington, Virginia-based Miracle Systems, told CyberScoop. “We keep hearing about all these hacks all the time, whether it’s Baltimore, whether it’s Texas, whether it’s Capital One, commercial or government. This is not going to go away… How we prepare our industry for these kinds of hacks is [what’s] most important.”