National Security Division Announces Agreement with Netcracker for Enhanced Security Protocols in Software Development

Netcracker Technology Corp. (NTC), a global software company serving the telecommunications industry, has agreed to  implement enhanced security protocols for software development, implementation, and its other services to clients, many of whom are part of the United States’s critical communications infrastructure, announced Dana Boente, Acting Assistant Attorney General of the Justice Department’s National Security Division and U.S. Attorney for the Eastern District of Virginia.  NTC is headquartered in Waltham, Massachusetts, and is a wholly owned subsidiary of NEC Corp.

The enhanced security protocols are designed to increase information security by regulating remote access to U.S. company networks and transfers of sensitive data.  The protocols are being implemented as part of a Non-Prosecution Agreement, which resolves a criminal investigation described in a statement of facts, both of which are accessible here and here.

"We are pleased Netcracker has agreed to invest in enhanced security protocols that will reduce the risk of unauthorized access to its clients’ sensitive data,” said Acting Assistant Attorney General Boente.   “As threats to our critical infrastructure increase, especially from abroad, these protocols serve as a model for the kind of security that U.S. critical infrastructure should expect from the firms they use to develop, install, and maintain technology in their networks.”

Netcracker, like most major software companies, develops software in many countries.  Netcracker worked as a subcontractor on two federal government contracts with the Defense Information Systems Agency (DISA), a combat support agency of the U.S. Department of Defense, and performed some product-support work from locations outside the United States, including Russia.  The government determined in its investigation that various factors had resulted in an unacceptable degradation of the level of security DISA had intended to achieve.  Netcracker denied wrongdoing and worked with the government to develop enhanced security protocols.

Under the agreement, Netcracker will make the enhanced security plan available to other members of the industry.

This case was investigated by the General Services Administration, Office of Inspector General; the FBI’s Washington Field Office; and the Department of Defense, Office of the Inspector General.  Senior Trial Attorney Heather Schmidt and former Trial Attorney Wade Weems of the Counterintelligence and Export Control Section of the Department of Justice’s National Security Division handled this case with Assistant U.S. Attorneys Whitney Russell and Jay Prabhu of the U.S. Attorney’s Office of the Eastern District of Virginia.