U.S. tech firm settles probe of Russian work on defense project

By Dustin Volz WASHINGTON (Reuters) - Netcracker Technology Corp will not face criminal charges for allowing Russian nationals without security clearance to work on a U.S. defense project after it agreed to adopt enhanced cyber security measures, authorities said on Monday. As part of a deal, the Massachusetts-based telecommunications firm voluntarily agreed to enact a new security plan that includes limiting remote foreign access to U.S. client networks and moving servers to the United States, the Justice Department said. The settlement is the latest attempt by the U.S. government to bolster the cyber security of federal networks due to rising alarm about how foreign governments may be seeking to pry into them. U.S. officials have been especially concerned about Russian security services following the Kremlin's alleged meddling in the 2016 presidential election. "The new security structure will limit the information that will be sent to, stored in, or accessed from overseas locations, and provides protocols for removing or obscuring sensitive data," the Justice Department said in a letter outlining the agreement with Netcracker. It added that it hoped the security plan, which NetCracker will make available to others in the industry, would become a model for other companies operating within critical infrastructure applications. Netcracker employed Russian nationals living in Russia who lacked security clearance to work on a project for the Defense Information Systems Agency (DISA), which manages classified and unclassified global telecommunications infrastructure for the Pentagon, according to a statement of facts contained within the letter. Netcracker believed such work was acceptable under the terms of the contract because those individuals were not provided with classified or sensitive customer-specific information, according to the letter. The letter also said that DISA was aware of the company's use of Russian programmers when the contract was negotiated in 2007. In a statement, Netcracker said the agreement validated that the company had committed no wrongdoing and performed all obligations under its contract and that it was voluntarily investing millions to create a new cyber security framework. "We are proud to work with the U.S. government to enhance Netcracker’s capabilities and technology, and we hope these security protocols will serve as a model for the kind of security expected in the industry," Chief Executive Andrew Feinberg said. NetCracker agreed in 2015 to pay $11.4 million to resolve civil allegations that it allowed Russian nationals without security clearances to work on the defense contract following a whistleblower complaint. (Reporting by Dustin Volz; Editing by Tom Brown)