Raytheon Company (Raytheon), RTX Corporation, and Nightwing Group LLC, and Nightwing Intelligence Solutions LLC (collectively, Nightwing), have agreed to pay $8.4 million to resolve allegations that Raytheon violated the False Claims Act by failing to comply with cybersecurity requirements in contracts or subcontracts involving the Department of Defense (DoD). Raytheon is a subsidiary of Arlington, Virginia-based defense contractor RTX Corporation (formerly known as Raytheon Technologies Corporation). In March 2024, RTX Corporation sold its Cybersecurity, Intelligence, and Services business, which since became part of Dulles, Virginia-based Nightwing. The settlement resolves conduct that allegedly occurred between 2015 and 2021, prior to Nightwing’s acquisition of the business.
The settlement was announced by U.S. Attorney Edward R. Martin Jr., Acting Assistant Attorney General Yaakov Roth, head of the Justice Department’s Civil Division, Special Agent in Charge Kenneth DeChellis of the Department of Defense Criminal Investigative Service Cyber Field Office, Special Agent in Charge William W. Richards of the Air Force Office of Special Investigations (AFOSI), Special Agent in Charge Keith K. Kelly of the Department of the Army Criminal Investigation Division’s Fraud Field Office, and Special Agent in Charge Greg Gross, NCIS Economic Crimes Field Office.
“Cyber threats have grown in size and reach in recent years, leaving no room for complacency among those in the public sector, private sector, or even among private citizens,” said U.S. Attorney Edward R. Martin Jr. for the District of Columbia. “Government contractors must comply with the cybersecurity rules that govern their performance and be candid about their compliance. This settlement reflects the Government’s commitment to pursue contractors that fail to live up to those expectations.”
“As cyber threats continue to evolve, it is critical that defense contractors take the required steps to protect sensitive government information from bad actors,” said Acting Assistant Attorney General Yaakov Roth of the Justice Department’s Civil Division. “We will continue our efforts to hold contractors accountable when they fail to honor their DoD cybersecurity commitments.”
The settlement resolves allegations that Raytheon and its then-subsidiary Raytheon Cyber Solutions, Inc. (RCSI), failed to implement required cybersecurity controls on an internal development system that was used to perform unclassified work on certain DoD contracts. The United States alleged that Raytheon and RCSI failed to develop and implement a system security plan for the system, as required by DoD cybersecurity regulations, and failed to ensure that the system complied with other cybersecurity requirements contained in the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and Federal Acquisition Regulation (FAR) 52.204-21. FAR 52.204-21 requires federal contractors to apply basic safeguarding requirements to information systems that process or store federal contract information. DFARS 252.204-7012 requires contractors to provide adequate security for information systems that process or store covered defense information. The settlement resolved allegations that Raytheon used its noncompliant internal system to develop, use, or store covered defense information and federal contract information during its performance on 29 DoD contracts and subcontracts.
“The Defense Criminal Investigative Service (DCIS), the law enforcement arm of the DoD Office of Inspector General, is steadfastly committed to upholding the integrity of all business systems used to process and store defense information,” said Special Agent in Charge DeChellis of the DCIS Cyber Field Office. “DCIS, along with our investigative partners, will continue to protect our service members and military technological edge by ensuring defense contractors strictly adhere to their cyber security contractual obligations.”
“Failure to implement cybersecurity requirements can have devastating consequences, leaving sensitive DoD data vulnerable to cyber threats and malicious actors,” said Special Agent in Charge William Richards of the Air Force Office of Special Investigations Procurement Fraud Office, Andrew AFB, Md. “AFOSI, alongside our investigative partners and the Department of Justice, will continue to combat fraud affecting the Department of the Air Force and hold those accountable that fail to properly safeguard sensitive defense information.”
“This settlement further demonstrates the resolve of the Department of the Army Criminal Investigation Division and our law enforcement partners to protect and defend the assets of the United States Army,” said Special Agent in Charge Keith K. Kelly of the Department of the Army Criminal Investigation Division’s Fraud Field Office.”
“Strict compliance with contractual cybersecurity requirements is of dire importance to adequately safeguard sensitive information from sophisticated adversaries, assure the safety of our warfighters, and maintain our military’s competitive edge,” said Special Agent in Charge Greg Gross, NCIS Economic Crimes Field Office. “NCIS and our federal partners remain committed to investigating entities that do not responsibly protect critical information entrusted to them.”
The settlement resolves a lawsuit filed under the whistleblower provisions of the False Claims Act, which permit private parties to sue on behalf of the government when they believe that a defendant has submitted false claims for government funds and receive a share of any recovery. The settlement in this case provides for the whistleblower, Branson Kenneth Fowler, Sr., a former Director of Engineering with Raytheon, to receive a $1,512,000 share of the settlement amount. The qui tam case is captioned U.S. ex rel. Doe v. Raytheon Co. et al., No. 21-cv-2343 (D.D.C.).
The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section, and the United States Attorney’s Office for the District of Columbia, with assistance from the Air Force Materiel Command, AFOSI, DCIS, NCIS, and Army Criminal Investigation Division.
The matter was investigated by Assistant U.S. Attorney Darrell Valdez of the District of Columbia and Senior Trial Counsel Kimberly Friday of the Justice Department’s Civil Division.
The claims resolved by the settlement are allegations only and there has been no determination of liability.