US prosecutes entrepreneurs who fail to report cyber attacks
[Stay on top of transportation news: Get TTNews in your inbox.]
WASHINGTON – The Justice Department is set to prosecute government contractors and other businesses who receive US government grants if they fail to report breaches to their computer systems or misrepresent their cybersecurity practices, said the person in charge n ° 2 of the ministry on October 6.
Deputy Attorney General Lisa Monaco said the department was ready to take action under a law called the False Claims Act which allows the government to sue for embezzled federal funds. The Justice Department will protect whistleblowers who report these issues, she said.
“For too long, companies have chosen silence, mistakenly believing that it is less risky to hide a violation than to expose and report it. Well that is changing today, ”said Monaco.
The action, unveiled at the Aspen Cyber Summit, is aimed at entrepreneurs who either fail to report hacks or knowingly supply deficient cybersecurity products. This is an extension of an ongoing review of the Department of Justice’s cyber policy and is also part of a larger administrative effort by Biden to get entrepreneurs and private companies to share information with the government. on breaches and strengthen their own cybersecurity defenses.
Officials have repeatedly spoken of the need for better private sector engagement as the government faces an increase in ransomware attacks that last year targeted critical infrastructure and large corporations.
The measure underscores how the government views cyber attacks not only as harmful to an individual business, but also to the American public in general, especially given the recent attacks on a major fuel pipeline and a meat processor.
“When those who are entrusted with government dollars, who are responsible for working on sensitive government systems, fail to meet the required cybersecurity standards, we will continue that behavior and get very heavy fines,” Monaco said. .
For some, truck driving is a passion, and the best are the captains of American road crews. ABF driver Nate McCarty, former captain of the US Road Team, and Elisabeth Barna, COO and Executive Vice President of the American Trucking Associations join us. Listen to a sample above and get the full schedule by heading over to RoadSigns.TTNews.com.
Monaco also announced the creation of a new team in charge of the application of cryptocurrencies within the department, composed of experts in cybersecurity and money laundering, aimed at destabilizing the financial ecosystem at the origin of the ransomware attacks and the criminal hacking gangs behind them.
The action follows Treasury Department sanctions last month against a Russia-based virtual currency brokerage firm that officials say has helped at least eight ransomware gangs launder virtual currency.
Monaco’s appearance came hours after the publication of a CNBC opinion piece urging Congress to pass a law creating a national standard for reporting significant cyber incidents so that information about digital attacks can be be quickly disseminated throughout the federal government.
Most violations, she wrote, go unreported to law enforcement.
“The current gap in reporting hampers the government’s ability to fight not only the threat of ransomware, but also all cybercrime activity,” Monaco wrote. “This means we are going on our own, without key information from our private sector partners, and that must change, today.”
Separately, Homeland Security Secretary Alejandro Mayorkas said on October 6 that new regulations would be coming for railways and transit entities.
Mayorkas said the Transportation Security Administration will issue a safety directive this year that will require railways and transport entities to comply with new regulations similar to those issued in May for pipeline operators as a result of the hack. of Colonial Pipeline which disrupted gas supplies in several states.
What the secretary called “higher risk” railways and transport entities will be required to identify a cybersecurity contact, report incidents to the Cybersecurity and Infrastructure Security Agency and develop a contingency and recovery plan in the event of malicious cyber activity.
Those deemed “at low risk” will be subject to guidelines that “encourage” them to take these steps but do not require it, Mayorkas said in a speech at the Billington summit on cybersecurity.
He did not specify which railways or transit entities fell into either category.
Associated Press writer Ben Fox contributed to this report.
Want more news? Listen to today’s daily briefing below or go here for more information: