Last month the Department of Justice (DOJ) announced the arrival of the Civil Cyber-Fraud Initiative. The new initiative by the government agency will combat cybercrime and aims to help the government enforce better security processes by government contractors who, on many occasions, fail to follow government cybersecurity processes. The move from DOJ comes as a result of multiple hackings over the years that came from government contractors who did not meet the security standards they should’ve when handling government projects.
Even though government contractors are considered private businesses, their work has an actual impact on everyday people. Therefore, the DOJ hopes that the new initiative and the precautions that come with it will motivate contractors not only to meet but exceed cybersecurity standards when handling government work.
In a statement released by the DOJ’s Lisa Monaco, the Deputy Attorney General highlighted that there would be consequences for government contractors who chose not to disclose breaches and cyber security incidents. In many cases over the years, contractors and government-funded organizations have mistakenly believed that it is less risky to hide a violation rather than report it. DOJ wants to change this perception.
With the new civil enforcement tools included in the new initiative, DOJ will ensure both government and taxpayers are satisfied with the security standards used by government contractors, and such companies are held accountable when operating negligently.
One of the tools that the DOJ will use is called False Claims Act. This is DOJ’s primary tool to tackle false claims for federal funds and property. The tool would come with a whistleblower provision protecting the rights of private parties who become aware of and wish to report fraudulent conduct.
The new Civil Cyber-Fraud Initiative is terrible news for government-funded entities and individuals who knowingly store sensitive government information in insecure places, mispresent cyber security practices, and protocols, and willfully violate cyber security practices or fail to report incidents and breaches.
Government contractors who receive federal funds will have to reimburse the government and the taxpayers for the losses incurred when the involved fail to satisfy their obligations to operate with government data in a secure and approved manner.
The government appears to be taking a step forward into securing its data, and this move will hopefully prevent future data leaks and cyber security disasters from happening. However, only time will show whether the initiative will be a success.