[TheRecord] DOJ to go after government contractors who don’t disclose breaches

The US Department of Justice has announced today plans to pursue government contractors who hide or fail to notify the government about cyber-security breaches.

Named the Civil Cyber-Fraud Initiative, the new team will operate inside the Justice Department’s fraud investigation and litigation branch, Deputy Attorney General Lisa O. Monaco said today at the Aspen Cyber Summit.

Monaco said the Civil Cyber-Fraud Initiative would use the False Claims Act to pursue government contractors, recipients of government grants, and anyone who takes funds from the US government but then fails to adequately secure its networks or hides security breaches.

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” Monaco said.

“Well that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards,” she added.

Monaco said the initiative is meant to improve cybersecurity across the entire US government by ensuring that external contractors aren’t weak links in the US federal network.

The creation of the Civil Cyber-Fraud Initiative comes after the US government has dealt with the aftermath of several hacks that targeted external entities but indirectly allowed threat actors to access government data or impact. This includes the attacks on IT company SolarWinds and attacks targeting Microsoft Exchange software, broadly used across the US government IT network.

In addition, Monaco also announced today the creation of a second initiative inside the Justice Department. Named the National Cryptocurrency Enforcement Team, this team will be tasked with pursuing criminals who abuse cryptocurrency for crimes and money laundering.

The post DOJ to go after government contractors who don’t disclose breaches appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] DarkSide explained: the ransomware group responsible for Colonial Pipeline cyberattack

All posts, ZDNet

The group’s existence is tied to a murky web of shorted stocks, criminality, and failed attempts to appear as Robin Hood. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ESET] WhatsApp announces end‑to‑end encrypted backups

All posts, ESET feed

The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks. The post WhatsApp announces end‑to‑end encrypted backups appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[ZDNet] Microsoft adds second CVE for PrintNightmare remote code execution

All posts, ZDNet

While PrintNightmare has been known as CVE-2021-1675 this week, Microsoft has now thrown CVE-2021-34527 into the mix. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.