The U.S. government has reached a $8.4 million settlement with Raytheon, RTX Corporation, and Nightwing Group over allegations that the companies failed to meet cybersecurity requirements in Department of Defense (DoD) contracts. The lawsuit, filed under the False Claims Act, accused Raytheon and its former subsidiary Raytheon Cyber Solutions, Inc. (RCSI) of non-compliance with federal cybersecurity regulations across 29 contracts and subcontracts.
Allegations and Compliance Failures
Between 2015 and 2021, Raytheon allegedly failed to implement necessary cybersecurity controls on a system used for DoD contract work. The company also did not establish a security plan for its internal development system, violating Defense Federal Acquisition Regulation Supplement (DFARS) and Federal Acquisition Regulation (FAR) requirements.
Under DFARS and FAR, defense contractors must safeguard federal contract data and ensure adequate security measures are in place. The Department of Justice (DoJ) stated that Raytheon submitted false claims for unclassified work performed on the non-compliant system before replacing it with a compliant one in 2020.
Settlement and Whistleblower Case
Raytheon did not admit fault but agreed to pay $8.4 million, with $4.2 million allocated for restitution and the remainder covering interest. The settlement also resolves a whistleblower lawsuit filed by Branson Kenneth Fowler, a former Raytheon director, who will receive $1.5 million from the settlement.
Broader Legal Context
This settlement follows Raytheon’s $950 million agreement in October 2024 to resolve DoJ investigations into defective pricing, violations of the Foreign Corrupt Practices Act (FCPA), the Arms Export Control Act (AECA), and the International Traffic in Arms Regulations (ITAR).
For further details, you can read the full coverage here.
