Two technology contractors have agreed to pay the US government over $12 million in total to settle a civil court case alleging they allowed employees to work on a Defense Department contract without security clearance.
Services firms NetCracker Technology and CSC will pay $11.4m and $1.35m respectively, according to a Department of Justice release on Monday.
It reveals that the two were accused of contravening the False Claims Act by using staff who had not gone through required vetting procedures to work on a Defense Information Systems Agency (DISA) contract.
CSC was the prime contractor on the project to provide software to manage the Defense Department telecoms network between 2008 and 2013.
However, during that time, NetCracker is alleged to have knowingly used employees without security clearance, resulting in CSC “recklessly” submitting false claims for payment to DISA, the notice claimed.
A Washington Post report went further, claiming that some of the code written for the project was developed by Russian programmers and subsequently placed onto US government computer networks with no testing for backdoors or other possibly malicious elements.
“Companies that do business with the federal government have a responsibility to fully meet the terms of their contracts,” said Columbia US Attorney, Channing Phillips, in a statement.
“In addition to holding these two companies accountable for their contracting obligations, this settlement shows that the US Attorney’s Office will take appropriate measures necessary to ensure the integrity of government communications systems.”
The lawsuit itself was filed by whistleblower John Kingsley, a former NetCracker employee, under a special provision of the False Claims Act. He now receives over $2.3m for his efforts.
Security vetting for US government staff is seen as even more important in a post-Snowden world, with the fallout from just one rogue contractor having been hugely damaging for the Obama administration and the geopolitical reputation of the nation.
However, the massive data breach of the Office of Personnel Management (OPM)—thought to have been carried out by state-sponsored Chinese hackers—has shown that such requirements can also be an Achilles heel for the authorities.