The US Department of Justice has announced that under the new Civil Cyber-Fraud Initiative, government contractors will be held accountable in civil court if they don’t report a breach.

Deputy Attorney General Lisa O. Monaco explained that the initiative allows the DoJ to pursue government contractors who don’t comply with cybersecurity standards or keep silent about a breach.

”We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards,” said Deputy Attorney General Lisa O. Monaco.

The initiative, led by the Commercial Litigation Branch’s Fraud Section, will make use of the False Claims Act (FCA), which renders anyone who intentionally files false claims to the government liable.

“The initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches,” explained the U.S. Department of Justice.

The initiative will also:

  • Build broader resilience against cybersecurity intrusions across the government, the public sector, and key industry partners
  • Ensure that companies follow the rules and invest in meeting cybersecurity requirements 
  • Reimburse the government and taxpayer for the losses incurred when companies fail to satisfy their cybersecurity obligation
  • Improve overall cybersecurity practices that will benefit the government, private users, and the American public