The Sentinel-Record

US poised to sue contractor­s who don’t report breaches


WASHINGTON — The Justice Department is poised to sue government contractor­s and other companies who receive U.S. government grants if they fail to report breaches of their computer systems or misreprese­nt their cybersecur­ity practices, the department’s No. 2 official said Wednesday.

Deputy Attorney General Lisa Monaco said the department is prepared to take action under a statute called the False Claims Act that permits the government to file lawsuits over misused federal funds. The Justice Department will also protect whistleblo­wers who come forward to report those issues, she said.

“For too long, companies have chosen silence under the mistaken belief that it’s less risky to hide a breach than to bring it forward and to report it. Well, that changes today,” Monaco said.

The action, unveiled at the Aspen Cyber Summit, is aimed at contractor­s who fail to report hacks or who knowingly provide deficient cybersecur­ity products. It’s an outgrowth of an ongoing

Justice Department cyber policy review, and is also part of a broader Biden administra­tive effort to incentiviz­e contractor­s and private companies to share informatio­n with the government about breaches and to bolster their own cybersecur­ity defenses.

Officials have repeatedly spoken of the need for better private sector engagement as the government confronts a surge in ransomware attacks that in the last year have targeted critical infrastruc­ture and major corporatio­ns.

The measure underscore­s the extent to which the government views cyberattac­ks as not just harmful to an individual company but also to the American public in general, especially given recent attacks against a major fuel pipeline and meat processor.

“Where those who are entrusted with government dollars, who are entrusted to work on sensitive government systems, fail to follow required cybersecur­ity standards, we’re going to go after that behavior and extract very hefty fines,” Monaco said.

Monaco also announced the creation of a new cryptocurr­ency enforcemen­t team within the department — drawing from experts in cybersecur­ity and money laundering — aimed at destabiliz­ing the financial ecosystem that drives ransomware attacks and the criminal hacking gangs behind them.

The action follows Treasury Department sanctions last month against a Russia-based virtual currency brokerage that officials say helped at least eight ransomware gangs launder virtual currency.

Newspapers in English

Newspapers from United States