US poised to go after contractors who don't report breaches

The Justice Department is poised to sue government contractors and other companies who receive U.S. government grants if they if they fail to report breaches of their cyber systems

WASHINGTON -- The Justice Department is poised to sue government contractors and other companies who receive U.S. government grants if they fail to report breaches of their cyber systems, the department's No. 2 official said Wednesday.

Deputy Attorney General Lisa Monaco said the department is prepared to take legal action under a statute called the False Claims Act against contractors who misuse federal dollars by failing to disclose hacks or by having deficient cybersecurity standards. The Justice Department will also protect whistleblowers who come forward to report those issues.

“For too long, companies have chosen silence under the mistaken belief that it’s less risky to hide a breach than to bring it forward and to report it. Well, that changes today,” Monaco said.

The action, unveiled at the Aspen Cyber Summit, is part of a broader Biden administrative effort to incentivize contractors and private companies to share information with the government about breaches and to bolster their own cybersecurity defenses. Officials have repeatedly spoken of the need for better private sector engagement as the government confronts ransomware attacks that in the last year have targeted critical infrastructure and major corporations, including a major fuel pipeline.