The Department of Justice announced that Verizon Business services has agreed to a $4.1 million settlement to resolve False Claims Act allegations of failure to fully satisfy cybersecurity controls on government contracts. It arose over lapses in three cybersecurity controls required in internet connection and other external network contracts that the unit of the Verizon Communications conglomerate entered into with the General Services Administration (GSA). Here is the settlement agreement, which is well wroth reading: https://www.justice.gov/media/1313011/dl?inline Verizon did not admit liability. The U.S. alleged that claims arose from Verizon’s failure to completely satisfy technical security solutions and cybersecurity controls in connection with an information technology service provided to federal agencies. In connection with the settlement, the United States acknowledged that Verizon took a number of significant steps entitling it to credit for cooperating with the government.
“When government contractors fail to follow required cybersecurity standards, they may jeopardize the security of sensitive government information and information systems,” said Deputy Assistant Attorney General Michael Granston of the Civil Division’s Commercial Litigation Branch. “We will continue to pursue knowing cybersecurity related violations under the Department’s Civil Cyber-Fraud Initiative and to provide credit in settlements to government contractors that disclose misconduct, cooperate with pending investigations and take remedial measures, all of which are critically important to protecting the nation against cyber threats.”
This settlement relates to Verizon’s Managed Trusted Internet Protocol Service (MTIPS), which is designed to provide federal agencies with secure connections to the public internet and other external networks. The settlement resolves allegations that Verizon’s MTIPS solution did not completely satisfy three required cybersecurity controls for Trusted Internet Connections with respect to General Services Administration (GSA) contracts from 2017 to 2021. After learning of the issues, Verizon provided the government with a written self-disclosure, initiated an independent investigation and compliance review of the issues and provided the government with multiple detailed supplemental written disclosures. Verizon cooperated with the government’s investigation of the issues and took prompt and substantial remedial measures.
“The United States should get the cybersecurity controls that it contracts and pays for to safeguard against cyber threats that could compromise critical information and systems,” said Acting Inspector General Robert C. Erickson of the GSA. “I appreciate the efforts of the investigative team that worked on this case.”
On Oct. 6, 2021, the Deputy Attorney General announced the department’s Civil Cyber-Fraud Initiative to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. Information on how to report cyber fraud can be found here.
The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section and the GSA’s Office of Inspector General. The matter was handled by Fraud Section Senior Trial Counsel Christopher Terranova.
Verizon said that it “proactively identified and disclosed” the cybersecurity problems to the GSA in 2020 and that no security or data breach happened.
The Justice Department also noted Verizon’s cooperation with the government’s investigation of the issue and the business’ prompt and substantial remedial actions.
Investigations on cybersecurity-related violations will continue, according to Michael Granston, the DOJ’s deputy assistant attorney general in the Civil Division’s Commercial Litigation Branch. He added that settlement credit will be granted to government contractors that “disclose misconduct, cooperate with pending investigations and take remedial measures.”
No determination of liability was included in the settlement, Channel News Asia reported.
JEFFREY NEWMAN IS A WHISTLEBLOWER LAWYER WHO HANDLES SEC WHISTLEBLOWER CASES INCLUDING THOSE INVOLVING CYBERATTACKS ON PUBLICLY TRADED COMPANIES AND ALSO HEALTHCARE FRAUD CASES UNDER THE FALSE CLAIMS ACT (FCA)(QUI TAM). HE CAN BE REACHED AT JEFF@JEFFNEWMANLAW.COM OR 617-823-3217
