Consumer Electronics Daily was a Warren News publication.
Cooperating for DOJ Credit

Verizon to Pay $4.09M to Resolve Allegations it Breached GSA Internet Rules

September 8, 2023 by Paul Gluckman|Top News

Verizon agreed to pay a $4.09 million civil penalty, including $2.73 million in restitution, to resolve allegations under the False Claims Act that Verizon Business Network Services failed to completely satisfy certain cybersecurity controls in connection with the Managed Trusted Internet Protocol Service (MTIPS) it provided to federal agencies, said DOJ Tuesday.

The MTIPS is designed to give federal agencies “a secure means to physically and logically connect to the public internet or other external connections,” said the settlement agreement signed Sept. 1 by Verizon and Tuesday by DOJ.

The settlement resolves allegations that Verizon’s MTIPS solution didn’t completely satisfy three “critical” cybersecurity controls required under the General Services Administration’s Trusted Internet Connections (TIC) program for all GSA contracts drafted and signed between 2017 and 2021, said the agreement. The settlement is neither an admission of liability by Verizon, nor a concession by DOJ that its claims aren’t “well founded,” it said.

When government contractors “fail to follow required cybersecurity standards, they may jeopardize the security of sensitive government information and information systems,” said Deputy Assistant Attorney General Michael Granston in a statement. The U.S. “should get the cybersecurity controls that it contracts and pays for to safeguard against cyber threats that could compromise critical information and systems,” said Acting GSA Inspector General Robert Erickson.

Verizon cooperated with DOJ’s investigation of the MTIPS issues, and received credit under DOJ guidelines “for taking disclosure, cooperation, and remediation into account in False Claims Act cases,” said the agreement. The “several respects” in which Verizon cooperated with the government included “rolling disclosures of relevant information” it provided investigators, plus assisting in the “determination and recovery of the losses caused” by its breach of GSA rules, it said.

After identifying the issues that were in violation of TIC rules, Verizon “promptly took steps to develop and implement significant mechanisms to remediate” those issues, said the agreement. Among the things it did were implementing “compensatory security controls” for its MTIPS solution, and doing “a line-by-line review” of its MTIPS “security plan,” it said.

Verizon also made “substantial capital investments” in its MTIPS compliance platform to render an “automated compliance process” for the use of all federal agencies, said the agreement. Verizon also disciplined the employees it found to be culpable for the MTIPS mishaps, including firing a manager who had “supervisory authority over the area where the issues occurred,” it said.