The Justice Department is ratcheting up its enforcement capabilities to hold companies that receive federal funds and fall victim to a cyberattack accountable.

Companies that fail to safeguard sensitive information and critical systems through less than robust services or by lie about the mitigations they have in place will be targets under a new project, the Civil Cyber-Fraud Initiative.

The initiative will also take organizations to task that fail to properly report cybersecurity incidents and breaches.

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” said Deputy Attorney General Monaco. “Well that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

Deputy Attorney General Lisa O. Monaco announced the initiative earlier this month, pointing out that the department would be using the False Claims Act, a law that imposes liability on companies who defraud government programs, to go after government contractors and grant recipients that haven’t adopted and maintained cybersecurity best practices.

While the DOJ doesn’t explicitly say what those may be, recommendations recently issued by the Cybersecurity and Infrastructure Security Agency (CISA) for avoiding ransomware attacks are probably a good example of what the department is hoping organizations follow.

Organizations, if they haven't already, may also want to familiarize themselves with letters and advisories issued by the US Department of Treasury's on sanction risks for facilitating ransomware payments and Deputy National Security Advisor Anne Neuberger's to corporate executives on their responsibility to protect against cyber threats.

The initiative is a “direct result” of the DOJ's 120-day comprehensive review into its cybersecurity strategy, ordered by Monaco this past May. It was around that time, following the hacks of Colonial Pipeline and the meat packaging company JBS, that Monaco stressed the importance of having protocols in place to prevent and respond to ransomware attacks. The review was also intended to scope out issues involving the popularity of artificial intelligence and supply chain attacks like the SolarWinds incident from last year.

According to Monaco, the initiative will be led by the Civil Division’s Commercial Litigation Branch, Fraud Section. The Commercial Litigation Branch brings claims on behalf of the U.S. and defends claims against the U.S.; it also has sections in charge of overseeing intellectual property, foreign litigation, and financial litigation

The initiative should help organizations honest when it comes to protecting government information and infrastructure, maintaining modern cybersecurity practices, and ensuring a cadence is met as far as identifying, creating, and publicizing patches.