Security vendor agrees settlement over claims

UPDATED Cybersecurity firm Fortinet Inc has agreed to pay a $545,000 settlement to the US government after claims it illegally sold Chinese-made equipment to the US military.

California-based Fortinet was found to be in breach of the US Trade Agreements Act (TAA) after falsely marking its products to be ‘made in the USA’, a statement from the US Department of Justice (DOJ) reads.

According to the settlement agreement, Fortinet acknowledges that between January 2009 and late 2016, an unnamed employee altered labels on its products to suggest they were compliant with the TAA.

A number of these products were then sold to the US government via a third party.

These products were, however, allegedly made in China. The Trade Agreements Act forbids the US government from buying technology made in certain countries, a list that includes China.

Fortinet will pay $400k in cash and will provide the US military with $145k worth of equipment at no cost in order to settle the allegations.

The employee responsible has been fired.

The DOJ confirmed that the settlement had been agreed and stressed the government’s commitment to robust cybersecurity practices.

“Contractors that supply the US government with Chinese-made technology will be pursued and held accountable when violating the Trade Agreement[s] Act,” said DCIS (Defense Criminal Investigative Service) Special Agent in Charge Bryan Denny.

“The DCIS and its law enforcement partners are committed to combatting procurement fraud and cyber risk within US Department of Defense programs.”

California-based Fortinet markets a variety of cybersecurity appliances and services including firewalls, antivirus, intrusion prevention, and endpoint security products.

A spokesman for Fortinet told The Daily Swig: “We hold ourselves to the highest ethical standards of trust and integrity. This was an isolated incident that involved events from more than two years ago in which a rogue former employee acted against our policies.

“When we were made aware of the incident, we took immediate action, including thoroughly investigating the matter, terminating the employee and implementing additional safeguards to prevent an issue like this from happening again.

“The nominal settlement amount of $545,000 reflects in part our cooperation to promptly and thoroughly address this matter.”

This article has been updated to include comment from Fortinet.