The recent disclosure that Cisco settled with US federal, state and local government agencies and the contractor who had originally alerted the company to a flaw in video surveillance technology could be a harbinger of things to come.

Settlement over hackable technology

Eight years after the filing of a lawsuit against Cisco on behalf of US public sector customers, and more than a decade after a Cisco contractor initially called attention to a serious security flaw in one of the vendor’s video surveillance solutions, the IT equipment maker reached an US$8.6 million settlement with the aggrieved parties and admitted culpability.

In a blog posted in late July, Cisco General Counsel Mark Chandler wrote that software developed by Broadware – a company acquired by Cisco – used an open architecture that could be vulnerable to a breach.

The settlement amount equates to a partial refund to the US federal government and 16 states that bought products between 2008 and 2013. And the $8.6m settlement included a $1.6m payment to the person who first identified the vulnerability, although ultimately, no breach ever occurred.

The vulnerability in the video surveillance solution was originally reported to Cisco in 2008 by James Glenn who worked for Cisco partner NetDesign in Denmark. Cisco did not respond to his reports of a flaw that could allow hackers to take over surveillance cameras and associated systems.

Two years later, Glenn noticed the video surveillance systems in use at Los Angeles International Airport and he reached out to security officials to alert them to the issue. The lawsuit was filed in the Western District of New York under the False Claims Act.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

While Cisco did issue a best practices guide advising clients to adjust their access controls to eliminate the vulnerability, the company didn’t issue a software update to fix the flaw until 2012. In his blog post, Cisco’s Chandler said that Cisco addressed the issue with the publication of the best practices guide but that more stringent standards to which security-conscious clients are holding IT providers to account require Cisco and its partners to step up their game. He pointed to the settlement as proof Cisco wants to stay ahead of the expectation curve.

This suit by itself certainly doesn’t indicate a major trend in False Claims Act suits. But in the context of a market where security and privacy issues are a top priority, clients demand better, and more immediate, action from their technology suppliers.