Charlie Sciuto
The MORSECORP settlement shows that cybersecurity lapses are now legal and financial liabilities — not just technical ones.
When the Justice Department announced a $4.6 million False Claims Act (FCA) settlement with defense contractor MORSECORP, Inc. (MORSE) this spring, it sent a clear message to the defense industrial base: Cybersecurity noncompliance will be pursued.
According to Jack Walbran, a longtime defense industry contract expert and of counsel with international law firm BCLP, the MORSE case is almost a roadmap of what not to do. He summarized the case by stating that the company admitted to taking on contracts that had cybersecurity requirements but did not comply for years. It self-scored inaccurately to obtain contracts and then did not correct those scores after learning that it had scored much lower.
The MORSE settlement, which stemmed from a whistleblower lawsuit and was announced by the U.S. Attorney for the District of Massachusetts in March, demonstrates how failing to follow long-standing cybersecurity requirements can lead to costly legal exposure and potentially lasting reputational damage. For DIB contractors, the case serves as a wakeup call. Compliance isn’t just a box to check. It’s a legal, financial and operational imperative. More
