Former Cloud Platform Manager Charged for Concealing Noncompliance to Secure Army Sponsorship, Raising Federal Security Risks
Published
Key Takeaways
- Security misrepresentation: Former contractor manager falsely claimed cloud controls met federal standards
- Audit interference: False security and compliance information was submitted to trick auditors
- Federal exposure: U.S. Army systems relied on platform later deemed noncompliant
The DOJ announced charges against a former government contractor manager for cybersecurity fraud. The indictment says that the cloud-based platforms security controls were misrepresented to show they met FedRAMP and Department of Defense standards.
It is also alleged that the required access controls, logging, and monitoring capabilities were missing despite compliance assurance.
Alleged Misrepresentation of FedRAMP and DoD Cloud Security Controls
The District of Columbia charged a senior manager who worked at a Virginia-based government contractor. Danielle Hillmer, 53, is accused of government fraud, wire fraud, obstructing federal audits, and misleading federal agencies of cloud-based platform security.
Hillmer is accused of concealing the company’s noncompliance with security controls under the Federal Risk and Authorization Management Program (FedRAMP) and the Department of Defense’s Risk Management Framework.Â
The former senior manager has been charged for misleading auditors during the mandatory security assessments. She allegedly defrauded the United States from approximately March 2020 to November 2021. The court filing says that Hillmer unknowingly hindered third-party assessors during the time frame.Â
She also urged others to do the same during demonstrations and made false claims to secure Army sponsorship. This would allow the cloud platform to operate on Defense Department networks with government approval.
The presently unnamed company that provided a cloud-based platform to federal agencies was used by the U.S. Army among others.Â
She submitted false documentation for securing federal authorizations. Since the contractor was not named, affected government customers remain unidentified.
The indictment says that they received repeated warnings of system issues. “Specifically, the indictment alleges that Hillmer falsely represented that security controls were implemented at the FedRAMP High baseline and at Department of Defense Impact Levels 4 and 5, despite repeated warnings that the system lacked required access controls, logging, monitoring, and other security capabilities.
Authorities did not disclose any confirmed data breach or operational compromise tied to the platform. The case highlights cybersecurity compliance threats owing to orchestrated attestations.
If proven guilty, Hillmer faces upto 20yrs in prison for wire fraud and 10 years for government fraud.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular