How a Pentagon contractor wasted $4.5 million on cyber defense

MORSE Corp, a U.S. military contractor, is facing a 4.5 million $ fine for fraudulent cybersecurity reports and negligence in protecting classified government data.

MORSE Corp, a firm that serves the U.S. Army and Air Force, pledged to comply with the cybersecurity requirements outlined in NIST SP 800-171. But between 2018 and 2023, it systematically failed to meet these standards: it used an unreliable third-party email service, it knowingly misrepresented the results of security audits — in 2021, it submitted a score of 104 out of 110, although an independent audit showed a score of -142 — and it also did not have even a basic cybersecurity plan for its information systems. Despite these numerous violations, the company continued to receive significant government contracts, including a $241 million deal with the Pentagon’s Center for Artificial Intelligence.

• MORSE specializes in creating algorithms for autonomous combat systems.
• Despite the lack of basic protection, it received millions in contracts from the Pentagon.
• The Department of Defense and investigative agencies considered its reports to be fraud (False Claims Act).
• The whistleblower who reported the fraud will receive $851,000 as part of the compensation.

Cyberattacks are not just a problem for hackers. When multimillion-dollar contracts are performed by companies that have not provided themselves with basic protection, this poses a threat to national security. This example demonstrates that the state has stopped being lenient even to “its own” and is ready to punish for failure to comply with cybersecurity requirements.