Cisco Systems has agreed to spend $8.6 million to settle a whistleblower’s claim that it sold video surveillance software with known vulnerabilities to U.S. federal and state governments.
The amount will be marking the first payout on a False Claims Act case brought over failure to meet cybersecurity standards, Reuters reported.
Cisco paid $8.6 million on Wednesday, eight years after the initial legal complaint, to resolve the case. Most of that payment will be going to the federal government and 15 state buyers and more than $1 million going to James Glenn, the whistleblower.
“We have resolved a 2011 dispute involving the architecture of a video security technology product,” said Cisco spokeswoman Robyn Blum. “There was no allegation or evidence that any unauthorized access to customers’ video occurred as a result of the architecture.”
Glenn attorney Anne Hayes Hartman and other experts believe Cisco’s payout is the first in a false claims cyber case.
Cisco’s Video Surveillance Manager was used by Los Angeles International Airport, the Washington D.C. police and the New York City public transit system, as well as many schools, said Hartman.
The complaint unsealed Wednesday also names as customers the U.S. Army, Navy, Air Force, and Marine Corps.
Glenn was working at a Cisco partner in Denmark called NetDesign, the complaint says, among other things working with Danish police. In 2008, he warned Cisco that a hacker who got into one camera that was part of the system could use flaws in the software to get administrative control of the entire network. The suit says a hacker could then potentially move beyond the video system.
“Due to the vulnerability in Cisco’s surveillance system, any user who has or can gain access to one video camera could potentially gain unauthorized access to the entire network of a federal agency,” the suit says.
When Cisco failed to act, Glenn spoke with an L.A. airport police detective on an FBI terrorism task force.
The largest enterprise networking company acknowledged the flaws in 2013 as it released an updated version of the software.