On May 1, the U.S. Department of Justice (DOJ) announced that Raytheon Company (Raytheon), RTX Corporation, and Nightwing Group LLC, and Nightwing Intelligence Solutions LLC (collectively, Nightwing), have agreed to pay $8.4 million to resolve whistleblower allegations that Raytheon violated the False Claims Act by failing to comply with cybersecurity requirements in contracts or subcontracts with the Department of Defense (DoD).
The case stems from a qui tam lawsuit filed by Branson Kenneth Fowler, Sr., a former Director of Engineering with Raytheon, who is set to receive $1,512,000 of the settlement.
In 2024, Nightwing acquired Raytheon’s Cybersecurity, Intelligence, and Services business. The alleged misconduct covered in the settlement occurred while that business was still under Raytheon.
According to the DOJ, “Raytheon and its then-subsidiary Raytheon Cyber Solutions, Inc. (RCSI), failed to implement required cybersecurity controls on an internal development system that was used to perform unclassified work on certain DoD contracts.”
“Raytheon and RCSI failed to develop and implement a system security plan for the system, as required by DoD cybersecurity regulations, and failed to ensure that the system complied with other cybersecurity requirements contained in the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and Federal Acquisition Regulation (FAR) 52.204-21,” the government further alleges.
“Cyber threats have grown in size and reach in recent years, leaving no room for complacency among those in the public sector, private sector, or even among private citizens,” said U.S. Attorney Edward R. Martin Jr. for the District of Columbia. “Government contractors must comply with the cybersecurity rules that govern their performance and be candid about their compliance. This settlement reflects the Government’s commitment to pursue contractors that fail to live up to those expectations.”
“As cyber threats continue to evolve, it is critical that defense contractors take the required steps to protect sensitive government information from bad actors,” said Acting Assistant Attorney General Yaakov Roth of the Justice Department’s Civil Division. “We will continue our efforts to hold contractors accountable when they fail to honor their DoD cybersecurity commitments.”
This settlement reflects the DOJ’s increased focus on cybersecurity violations of FCA over the last years. In 2021, they announced the Civil Cyber Fraud Initiative “to combat new and emerging cyber threats to the security” of sensitive American systems. The Initiative utilizes the FCA and its qui tam provision to address cybersecurity fraud by government contractors.
The False Claims Act’s qui tam provisions enable private citizens and private parties to file lawsuits on behalf of the government if they know of an individual or company defrauding the government. Qui tam whistleblowers are eligible to receive between 15 and 30% of the government’s recovery.
During FY 2024, settlements and judgments under the False Claims Act exceeded $2.9 billion and over $2.4 billion of the recoveries stemmed from qui tam whistleblower lawsuits. Furthermore, according to the government, a record 979 qui tam lawsuits were filed in FY 2024.
However, in September 2024, a district judge in Florida ruled that the False Claims Act’s qui tam provisions were unconstitutional. The U.S. federal government is urging the U.S. Court of Appeals for the Eleventh Circuit to reverse that decision, stating in a brief that “other than the district court here, every court to have addressed the constitutionality of the False Claims Act’s qui tam provisions has upheld them.”
National Whistleblower Center has issued an Action Alert allowing whistleblower supporters to write the members of Congress urging them to protect and strengthen and protect the False Claims Act.
The claims asserted in this case are allegations only, and there has been no determination of liability.
Join NWC in Taking Action:
Strengthen the False Claims Act and Protect it From Attack
Further Reading: