cisco systems

Cisco Agrees to Pay Over $8 Million For Selling Video Surveillance System with Technical Flaws

Experts believe Cisco’s payout to a whistleblower could set a precedent for future lawsuits against vendors who sell products with security vulnerabilities.

Cisco Systems, one of the largest software and technology equipment sellers in the world, will pay $8.6 million to settle lawsuits claiming the company sold video surveillance technology to government agencies despite knowing the software was flawed.

Fifteen states and the District of Columbia, alongside the Justice Department, sued the company for damages under the False Claims Act, which imposes liability to companies who defraud governmental programs. The agencies that will receive payments from Cisco include Homeland Security, the Secret Service, the Federal Emergency Management Agency and several branches of the military, The New York Times reported.

“We are pleased to have resolved a 2011 dispute involving the architecture of a video security technology product,” Cisco spokeswoman Robyn Blum said in a statement. “There was no allegation or evidence that any unauthorized access to customers’ video occurred as a result of the architecture.”

One of the biggest beneficiaries of the settlement is a single individual: James Glenn, a former subcontractor for Cisco in Denmark. Glenn will receive over $1 million for his role as a whistleblower in the case.

He first warned the company in 2008 that a hacker who successfully gained access to one video camera in a system could eventually gain administrative control of the entire network due to software flaws, Reuters reported. Glenn was laid off five months after the disclosure, but noticed in 2010 that the problem had not been fixed: he could still hack into the system. Shortly afterward, he went to the FBI, which opened an investigation, according to Reuters.

Cisco continued to sell the Video Surveillance Manager software through July 2013, when it disclosed the security flaw and released a patch fixing the issue. In its complaint, the Justice Department said the software was “of no value” and did not meet “its primary purpose: enhancing the security of the agencies that purchase it,” according to the Times.

The flaw was based on faulty access controls, which made the products non-compliant with the federal government’s National Institute of Standards in Technology, which determine the security standards that tech companies must use to do business with the government. The compliance issues set the stage for the lawsuit against Cisco, CNBC reported.

Glenn’s lawyer and other industry experts believe the settlement is the first time a whistleblower has gotten a payout in a false claims cyber case. And those experts think that there could be a flurry of similar whistleblower lawsuits filed under the law, seeking to follow in Glenn’s footsteps.

“[The settlement] clearly “clearly provides an opportunity for entrepreneurial plaintiffs or potential plaintiffs to go around looking for more examples like this,” Gregory Klass, a Georgetown University law professor, told Reuters.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3