The US State Department concluded a $200 million settlement with defense contractor RTX over charges related to mishandling military secrets, including sensitive data about the advanced F-22 and F-35 fifth-generation fighter jets and the B-2 Spirit bomber.
These breaches occurred as RTX employees traveled to China, Russia, Iran, and other nations, raising concerns about the protection of classified information.
The settlement results from RTX’s voluntary disclosure of 750 violations of the Arms Export Control Act and International Traffic in Arms Regulations (ITAR), which occurred over six years, from August 2017 to September 2023.
According to the State Department’s statement, the violations involved unauthorized exports of defense articles due to improper jurisdiction and classification, unauthorized exports of classified defense articles, and the unauthorized transport of defense articles by employees to proscribed destinations.
“RTX disclosed all of the alleged violations voluntarily,” the State Department emphasized in its announcement, released on August 30. “RTX also cooperated with the Department’s review of this matter and has implemented numerous improvements to its compliance program since the conduct at issue.”
An RTX spokesperson noted, “The action is in line with the company’s expectations, which we disclosed during the company’s second-quarter earnings report on July 25, 2024.”
This statement suggests that RTX had anticipated the settlement and had already begun addressing the compliance issues that led to the violations.
As part of the settlement, the State Department has agreed to suspend $100 million of the $200 million fine, provided that RTX uses these funds for remedial compliance measures approved under the Consent Agreement. These measures aim to bolster RTX’s compliance program, ensure stricter adherence to export regulations, and safeguard military secrets.
Additionally, for at least the next 24 months, RTX will employ an external Special Compliance Officer to oversee the implementation of the Consent Agreement. This will include at least one external audit of RTX’s ITAR compliance program and the adoption of further compliance measures.
Details Of The Violations
Colby Badhwar, a journalist with the English-language version of the Russia-focused media outlet Insider, reported that most violations were committed by Rockwell Collins before its 2018 acquisition by Raytheon, now part of RTX.
‘Raptor Salad’ For Lunch! US F-22 Raptor Outgunned, Outmaneuvered By German Eurofighter Typhoon?
However, the violations spanned multiple RTX divisions, highlighting systemic compliance issues across the company. The proscribed destinations involved in these breaches included Iran, Lebanon, Russia, and China, underscoring the gravity of the violations.
Many of the violations seem to stem from RTX employees traveling internationally while carrying their work laptops.
These employees attempted to access their laptops during these trips, unaware that doing so could expose sensitive information.
According to the State Department, these laptops contained a range of “defense articles” tied to critical US military programs, such as the Aegis Ballistic Missile Defense System, the B-2 Spirit bomber, the F/A-18 E/F Super Hornet, the F-35 Lightning II, and the Boeing E-3 AWACS.
One key incident occurred in May and June 2021, when an RTX employee traveled to St. Petersburg, Russia, with an RTX-issued laptop loaded with ITAR-controlled technical data related to at least five military aircraft.
During the trip, the employee noticed several cybersecurity alerts and reported them to the cybersecurity team. However, these alerts were “incorrectly dismissed” as false positives, likely due to the team’s transition to a new cybersecurity tool.
This lapse in security protocols highlights the risks associated with inadequate cybersecurity measures, especially in regions with heightened surveillance.
In another case, an RTX employee traveled to Iran and attempted to log into his computer while in the country. RTX’s security team quickly detected and froze the laptop, but further investigation revealed that its hard drive contained highly sensitive technical data on the B-2 Spirit bomber and the F-22 Raptor fighter.
The presence of such critical information in a sanctioned nation like Iran represents a severe breach of US security protocols, as this kind of data is typically heavily restricted to prevent its exposure to potential adversaries.
Another troubling incident involved an employee who made multiple trips to Lebanon. An internal RTX investigation later found that this employee’s laptop contained technical data on advanced missile systems, including the Standard Missile-3, Standard Missile-6, and ESSM missiles.
In a 2023 disclosure, RTX revealed that in January 2023, it had improperly exported technical data related to an F-22 Raptor component without authorization. This data, which had been misclassified in March 2018, was sent to two Chinese employees at Collins’ Shanghai facility.
The US government reviewed the files involved and concluded that this unauthorized export of technical data had compromised national security and negatively impacted a Department of Defense program of record.
- Contact the author at ashishmichel(at)gmail.com
- Follow EurAsian Times on Google News