Cisco settles Qui Tam Action but Denies the Gaping Security Breach Mattered

Cisco Systems, Inc. has settled a qui tam action brought under the federal False Claims Act, 31 U.S.C. § 3729 for $8.6 million, with James Glenn, a former employee. As a qui tam action, Glenn is entitled to receive 20% of the recovery he furthered on behalf of the government.

Glenn found the original insecurity in the Cisco video surveillance system in 2008, when he reported it to his employer, a Cisco reseller in Denmark. Instead of being recognized with a bug bounty, he was instead fired.

The Associated Press reports that the software was “used at major U.S. international airports and multiple federal agencies with sensitive missions.” Glenn filed the lawsuit in 2011, but it took Cisco another two years to take steps to resolve the software failure.

In a statement published on July 31st, Cisco’s Mark Chandler writes “in short, what seemed reasonable at one point no longer meets the needs of our stakeholders today.” It is inconceivable that the nature of this software failure was anything other than a structural failure to secure the software used in critical infrastructure facilities.

Cisco’s statement that “the total sales at issue were well under one one-hundredth of one percent of Cisco’s total sales, and our total payment was $8.6 million” strongly suggests the need for a much higher disgorgement regime when companies show such callous disregard of public safety.

While the action serves as a long-awaited repayment to Mr. Glenn for his ongoing efforts, it also highlights the failure to manage greed and arrogance.

As Chandler concludes, “it matters to us to recognize that times and expectations have changed.” They have, but not for the better.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.