The US authorities are toughening their tone in the face of cybercrime. Now, companies under contract with the government risk very heavy fines if they do not report flaws in their computer systems.
The challenges of cybersecurity
Cybersecurity is a topic that is gaining in importance even within governments. Cyber attacks have indeed increased sharply since the start of the pandemic, and more particularly ransomware. The attack on Colonial Pipeline, which shut down one of America’s most important oil pipelines, is a prime example of the dangers they can pose.
1.5 billion Facebook users affected by giant scraping?
The SolarWinds cyberattack, which affected a large number of companies but also American government agencies, also highlighted the country’s cybersecurity failures. This sector is now of very great importance with very great geopolitical and economic challenges. For this reason, the Biden administration has decided to make it one of his priorities: after the announcement of several directives last May to strengthen his country’s cyber infrastructure, the president also organized a summit with the private sector on this.
More recently, senior U.S. cyber defense officials called on Congress to crack down on companies failing to report cyber attacks.
Companies obliged to report all cyber incidents
As reported by Wall Street Journal, the Department of Justice will go in this direction. It will indeed use the powers conferred on it by the False Claims Act to sanction companies that do not report the cyber incidents they suffer. This civil war law targets companies or organizations that defraud the government. For example, it states that it is a violation to submit a request for funds that contains false information, such as a contractor sending an invoice for work he did not perform.
In the case of cybersecurity, sanctions will affect companies that do not meet the required standards. “ For too long, companies have chosen silence, mistakenly thinking that it is less risky to hide a violation than to report it. Well that is changing today. When those who are entrusted with public funds, who are responsible for working on sensitive government systems, fail to meet the required cybersecurity standards, we will tackle that behavior and impose hefty fines. “, Declared the Attorney General Lisa Monaco.
The Justice Department says companies receiving federal funds and knowingly misrepresenting their defenses, providing faulty cybersecurity equipment, or failing to report incidents are all affected by the new initiative.
Too old a text?
According to Lisa MacLean, director of cybersecurity education at the Flatiron School, an educational organization in New York, this measure may not be the right solution because of the age of the text, that it will be difficult. to adapt to the challenges of current cybersecurity: ” A balance must be struck between the need to encourage companies to avoid these problems and the need not to completely ruin their reputation or their livelihoods. », She assures.
While this announcement is further proof of the US government’s fight against cyber threats, it will likely have to go much further to ensure its security. To give an idea of the challenges of online security, it should be noted that investments in startups specializing in cybersecurity more than doubled during the first half of 2021.