Security vendor Fortinet has agreed to pay the equivalent of $545,000 to settle allegations it illegally sold the U.S. military Chinese technology disguised as American-made equipment, the U.S. Department of Justice announced.
The Sunnyvale, California-based cybersecurity company agreed to pay the government $400,000 and provide the U.S. Marine Corps with equipment valued at $145,000 to resolve charges it violated the False Claims Act from January 2009 until the fall of 2016, according to a statement.
Fortinet acknowledged that an employee responsible for supply chain management altered labels on products to make them appear compliant with the Trade Agreements Act, a law prohibiting federal agencies from acquiring products in specific countries. The unnamed employee directed others at Fortinet to include the phrases “Designed in the United States and Canada” or “Assembled in the United States” before those products were sold to distributors and resellers who resold the technology to the government.
“Contractors that supply the U.S. Government with Chinese-made technology will be pursued and held accountable when violating the Trade Agreement Act,” Bryan D. Denny, the defense criminal investigative service special agent in charge, said in a statement.
Fortinet, in a statement to CRN, said the settlement was the result of an isolated incident involving a rogue employee who had been terminated.
Officials from the Air Force Office of Special Investigations, the Department of the Navy, Coast Guard Investigative Service, the Department of Homeland Security, the General Services Administration, and other agencies were involved in the investigation.
The settlement resolves allegations in a 2016 lawsuit filed by Yuxin “Jay” Fang, who said he formerly worked as a logistics specialist in Fortinet’s Vancouver office. Fang alleged that Fortinet manufactured its products in Taiwan and China, while certifying that those products were built in TAA-designated countries. In one case, the security vendor sold its products to Arrow Enterprise Computing Solutions, which re-sold them to the U.S. Air Force, according to Fang’s complaint.
The lawsuit also cites the sale of 32 units of Fortinet products to Fintec Computer at a price of $390,302.40. The bottom of the sales invoice listed those products as “TAA Compliant Inventory,” when in fact the Fortinet product, a network security device, was “exclusively produced in China,” according to the suit.
Fang alleged in the suit he was told by superiors to “rework” shipments of products, instructions he understood to mean relabeling products containing “Made in China” logos.
“This was done on both individual products and on the packages they arrived in,” the suit states. “The products would then be designated as TAA compliant and shipped to vendors for sale to the U.S. Government. [Fang] complained to his supervisors about the practice but was told to do it anyways.”
The settlement coincides with ongoing U.S. government scrutiny of technology supply chains. U.S. intelligence officials have consistently warned against the use of products built by the Chinese telecommunication vendor Huawei and Russian antivirus-maker Kaspersky, arguing such procurement would make Americans vulnerable to foreign espionage or disruption.