Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don’t report a breach or fail to meet required cybersecurity standards.
The initiative gives the DoJ the necessary leverage to fight digital threats to sensitive information and critical systems stemming from collaborators of federal agencies.
Deputy Attorney General Lisa O. Monaco said that the initiative allows the DoJ to pursue government contractors that keep silent about a breach incident or don’t comply with cybersecurity standards.
Led by the Civil Division’s Commercial Litigation Branch, Fraud Section, the initiative will use the False Claims Act (FCA), which makes liable anyone who knowingly submits false claims to the government.
A whistleblower provision in the Act allows private parties to identify and pursue fraudulent conduct. Whistleblowers benefit from protection and receive a significant part of any recovered funds.
The Civil Cyber-Fraud Initiative aims to strengthen defenses and minimize the risk of intrusion on government networks due to poor cybersecurity practices from external partners.
Benefits expected from this initiative range from increasing the security of information systems in both the private and public sector to improving overall cybersecurity practices:
- Building broad resiliency against cybersecurity intrusions across the government, the public sector, and key industry partners
- Holding contractors and grantees to their commitments to protect government information and infrastructure
- Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly-used information technology products and services
- Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not at a competitive disadvantage
- Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligation
- Improving overall cybersecurity practices that will benefit the government, private users, and the American public