MORSE Corp, a defense contractor based in Cambridge, Massachusetts, has recently agreed to settle allegations of violating federal cybersecurity standards by paying a hefty sum of $4.6 million. This resolution with the U.S. government comes as a result of MORSE’s failure to adhere to the National Institute of Standards and Technology (NIST) security requirements. The company, known for its contracts with the U.S. Army and Air Force, was found to have utilized a third-party provider to host emails without ensuring the provider’s compliance with federal cybersecurity protocols.
The Department of Justice emphasized that MORSE’s negligence in meeting cybersecurity standards led to significant vulnerabilities in its network, heightening the risk of unauthorized access to controlled defense information. Moreover, the company’s lack of a comprehensive plan for managing information systems was brought to light. Such a plan would have outlined crucial security measures, system boundaries, and relationships to other systems, thus the absence of which posed a considerable threat to national security and defense operations.
Furthermore, MORSE was discovered to have exaggerated its cybersecurity posture in a self-assessment conducted in 2021. The assessment awarded the company a score of 104, suggesting that it met the majority of security requirements. However, an external audit in 2022 uncovered a starkly lower score of -142, indicating severe shortcomings in cybersecurity measures. Additionally, the audit revealed that MORSE failed to adhere to 78% of NIST standards, underscoring the need for addressing these issues before reporting their score to regulators.
This settlement with MORSE reflects a broader trend of heightened enforcement of cybersecurity compliance among federal contractors. Similar instances of non-compliance have led to significant fines, like the $11 million imposed on a military healthcare contractor in February 2025 for comparable failures. Moreover, reputable institutions such as Penn State University and Georgia Institute of Technology have faced penalties for falling short of security standards. These actions underscore the increasing emphasis on enforcing cybersecurity requirements across sectors crucial to U.S. national security and federal operations.
In conclusion, MORSE Corp’s agreement to pay $4.6 million serves as a reminder of the critical importance of cybersecurity compliance, especially within the realm of defense contractors working with sensitive government information. Strengthening cybersecurity measures and ensuring strict adherence to established standards is paramount to safeguarding national security interests and maintaining the integrity of federal operations in an increasingly digital landscape.