cisco systems

Cisco Agrees to Pay Over $8 Million For Selling Video Surveillance System with Technical Flaws

Experts believe Cisco’s payout to a whistleblower could set a precedent for future lawsuits against vendors who sell products with security vulnerabilities.

Cisco Systems, one of the largest software and technology equipment sellers in the world, will pay $8.6 million to settle lawsuits claiming the company sold video surveillance technology to government agencies despite knowing the software was flawed.

Fifteen states and the District of Columbia, alongside the Justice Department, sued the company for damages under the False Claims Act, which imposes liability to companies who defraud governmental programs. The agencies that will receive payments from Cisco include Homeland Security, the Secret Service, the Federal Emergency Management Agency and several branches of the military, The New York Times reported.

“We are pleased to have resolved a 2011 dispute involving the architecture of a video security technology product,” Cisco spokeswoman Robyn Blum said in a statement. “There was no allegation or evidence that any unauthorized access to customers’ video occurred as a result of the architecture.”

One of the biggest beneficiaries of the settlement is a single individual: James Glenn, a former subcontractor for Cisco in Denmark. Glenn will receive over $1 million for his role as a whistleblower in the case.

He first warned the company in 2008 that a hacker who successfully gained access to one video camera in a system could eventually gain administrative control of the entire network due to software flaws, Reuters reported. Glenn was laid off five months after the disclosure, but noticed in 2010 that the problem had not been fixed: he could still hack into the system. Shortly afterward, he went to the FBI, which opened an investigation, according to Reuters.

Cisco continued to sell the Video Surveillance Manager software through July 2013, when it disclosed the security flaw and released a patch fixing the issue. In its complaint, the Justice Department said the software was “of no value” and did not meet “its primary purpose: enhancing the security of the agencies that purchase it,” according to the Times.

The flaw was based on faulty access controls, which made the products non-compliant with the federal government’s National Institute of Standards in Technology, which determine the security standards that tech companies must use to do business with the government. The compliance issues set the stage for the lawsuit against Cisco, CNBC reported.

Glenn’s lawyer and other industry experts believe the settlement is the first time a whistleblower has gotten a payout in a false claims cyber case. And those experts think that there could be a flurry of similar whistleblower lawsuits filed under the law, seeking to follow in Glenn’s footsteps.

“[The settlement] clearly “clearly provides an opportunity for entrepreneurial plaintiffs or potential plaintiffs to go around looking for more examples like this,” Gregory Klass, a Georgetown University law professor, told Reuters.

  • The Z-Wave Alliance Focuses on the Residential Market The Z-Wave Alliance Focuses on the Residential Market

    Mitchell Klein serves as the executive director of the Z-Wave Alliance, an industry organization that drives numerous initiatives to expand and accelerate the global adoption of smart home and smart cities applications. In this Podcast, we talk about the 2022 State of the Ecosystem, and the fact that technology has brought about almost unimaginable residential security resources. The Alliance also provides education resources as well as looking at expanding technology.

Digital Edition

  • Security Today Magazine - May June 2022

    May / June 2022


    • The Ying and Yang of Security
    • Installing Smart Systems
    • Leveraging Surveillance
    • Using Mobile Data
    • RIP Covid-19

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety