Cisco whistleblower gets first False Claims payout over cybersecurity

SAN FRANCISCO (Reuters): Cisco Systems Inc. has agreed to settle a whistleblower’s claim that it improperly sold video surveillance software with known vulnerabilities to US federal and state governments, marking the first payout on a False Claims Act case brought over failure to meet cybersecurity standards.

The settlement and underlying claim were unsealed last week, eight years after the initial legal complaint. Cisco paid $8.6 million to resolve the case, with most of that going to the federal government and 15 state buyers and more than $1 million going to the whistleblower, James Glenn.

“We are pleased to have resolved a 2011 dispute involving the architecture of a video security technology product,” said Cisco spokeswoman Robyn Blum. “There was no allegation or evidence that any unauthorised access to customers’ video occurred as a result of the architecture.”

Glenn attorney Anne Hayes Hartman and other experts believe Cisco’s payout is the first in a False Claims cyber case.

Hundreds of False Claim suits are filed yearly, in part because of built-in rewards for those who point out improper conduct by Government contractors. Under the law, a whistleblower must provide non-public information in order to win an award.

With many contracts including pledges that products meet cyber security standards set by the Government, experts have long warned that the claims could expand into that area and punish vendors for the vulnerabilities that are present in many systems.