US government to slap contractors with civil lawsuits for covering up violations



[ad_1]

US government to slap contractors with civil lawsuits for covering up violations

In a groundbreaking initiative announced by the Justice Department this week, federal contractors will be prosecuted if they fail to report a cyber attack or data breaches. The newly introduced “Civil Cyber-Fraud Initiative” will build on existing false claims law to prosecute contractors and grant recipients involved in what the DoJ calls “cybersecurity fraud”. Usually, the False Claims Act is used by the government to deal with civil lawsuits regarding false claims made in connection with federal funds and property related to government programs.

Cyber ​​entrepreneurs have chosen silence “too long”

“For too long, companies have chosen silence in the mistaken belief that it is less risky to hide a violation than to expose it and report it,” says Deputy Attorney General Lisa O. Monaco, pioneer of the initiative. “Well that is changing today. Today we are announcing that we will use our civil enforcement tools to sue companies, those who are government contractors who receive federal funds, when they fail to comply. cybersecurity standards required, because we know it puts us all at risk, it’s a tool we have to make sure taxpayers’ money is used appropriately and to protect the public revenue and public trust. “

The introduction of the Civilian Cyber ​​Fraud Initiative is the “direct result” of the Ministry’s ongoing comprehensive review of the cybersecurity landscape ordered by the Deputy Attorney General in May. The goal of these review activities is to develop actionable recommendations that enhance and extend the DoJ’s efforts to combat cyber threats.

The launch of the Initiative aims to curb new and emerging cybersecurity threats to sensitive and critical systems by bringing together subject matter experts from civil fraud, public procurement and cybersecurity agencies.

The development comes at a time when cyber attacks are rampant and advanced ransomware gangs repeatedly target critical infrastructure, such as the Colonial Pipeline and healthcare facilities.

The provisions of the law would protect whistleblowers

The Civil Cyber-Fraud Initiative will use the False Claims Act, aka “Lincoln Law,” which serves as a litigation tool for the government when it holds liability for those who defraud government programs.

“The law includes a unique whistleblower provision, which allows private parties to help the government identify and prosecute fraudulent behavior and participate in any recovery and protects whistleblowers who bring these violations and failures from retaliation,” explains the DoJ in a press release.

The initiative will hold entities, such as federal contractors or individuals, accountable when they put America’s cyber infrastructure at risk by knowingly “Provide deficient cybersecurity products or services, knowingly distort their cybersecurity practices or protocols, or knowingly violate obligations to monitor and report cybersecurity incidents and breaches.”

In summary, the Initiative is designed with the following objectives in mind:

  • Build broad resilience against cybersecurity intrusions across government, public sector and key industry partners.
  • Keep contractors and beneficiaries on their commitments to protect government information and infrastructure.
  • Support the efforts of government experts to identify, create, and release patches for vulnerabilities in commonly used information technology products and services in a timely manner.
  • Ensure that companies that play by the rules and invest to meet cybersecurity requirements are not at a competitive disadvantage.
  • Reimburse the government and taxpayers for losses incurred when businesses fail to meet their cybersecurity obligations.
  • Improve overall cybersecurity practices that will benefit the government, private users, and the U.S. public.

The timing of this announcement also coincides with the Deputy Attorney General’s creation of a “National Cryptocurrency Enforcement Team” designed to tackle complex investigations and criminal cases of crypto misuse. -cash. In particular, the team’s activities will focus on offenses committed by cryptocurrency exchanges and money laundering operations.

What emerges, however, is that the Civil Cyber-Fraud Initiative would prosecute those who were knowingly negligent in implementing a robust cybersecurity posture or have knowingly distorted their cybersecurity practices, leaving room for plausible deniability.

Equally interesting is the fact that just two days ago, Senator Elizabeth Warren and Representative Deborah Ross proposed a new bill called the “Ransom Disclosure Act”. The law would require ransomware victims to disclose details of any ransom amount paid within 48 hours of payment and to disclose “any known information about the ransom-demanding entity.”

[ad_2]

Source link