Title: RTX Settles $200 Million with US State Department Over Mishandling of Military Secrets

In a significant development, defense contractor RTX has reached a $200 million settlement with the US State Department over charges relating to the mishandling of sensitive military secrets. The breaches occurred as RTX employees traveled to various countries, including China, Russia, Iran, and others, causing concerns about the protection of classified information.

The settlement arises from RTX's voluntary disclosure of 750 violations of the Arms Export Control Act and International Traffic in Arms Regulations (ITAR) spanning from August 2017 to September 2023. The violations involved unauthorized exports of defense articles, improper jurisdiction and classification, unauthorized exports of classified defense articles, and the unauthorized transport of defense articles by employees to restricted destinations.

Emphasizing that RTX had disclosed all alleged violations voluntarily, the State Department stated that the company had cooperated with their review of the matter and implemented numerous improvements to its compliance program since the incidents at hand. It is worth noting that RTX had already anticipated the settlement and had started addressing compliance issues prior to the announcement.

As part of the settlement, the State Department has agreed to suspend $100 million of the $200 million fine on the condition that RTX utilizes these funds for approved remedial compliance measures. The aim of these measures is to strengthen RTX's compliance program, enhance adherence to export regulations, and safeguard military secrets. Moreover, for at least the next two years, RTX will appoint an external Special Compliance Officer to monitor the implementation of the Consent Agreement. This will involve conducting at least one external audit of RTX's ITAR compliance program and adopting additional compliance measures.

Colby Badhwar, a journalist with the English-language version of the Russia-focused media outlet Insider, reported that most of the violations were committed by Rockwell Collins, prior to its acquisition by Raytheon (now part of RTX) in 2018. However, the violations spanned multiple RTX divisions, indicating systemic compliance issues across the company. The prohibited destinations involved in these breaches included Iran, Lebanon, Russia, and China, further underscoring the gravity of the violations.

Many of the violations appear to have stemmed from RTX employees traveling internationally with their work laptops. These employees inadvertently accessed their laptops during their trips, unaware that doing so could expose sensitive information. The State Department reported that these laptops contained a range of "defense articles" related to critical US military programs, including the Aegis Ballistic Missile Defense System, the F-35 Lightning II, and the Boeing E-3 AWACS, among others.

One noteworthy incident occurred when an RTX employee traveled to St. Petersburg, Russia, with a company-issued laptop loaded with ITAR-controlled technical data concerning military aircraft. Despite noticing cybersecurity alerts during the trip and reporting them, the alerts were mistakenly disregarded as false positives, highlighting the risks associated with insufficient cybersecurity measures.

Another case involved an RTX employee's attempt to log into his computer while in Iran, resulting in the laptop being swiftly detected and frozen by the security team. Subsequent investigations revealed that the hard drive contained highly sensitive technical data pertaining to the B-2 Spirit bomber and the F-22 Raptor fighter, a severe breach of US security protocols considering Iran's sanction status.

In yet another troubling incident, an employee made multiple trips to Lebanon, and a subsequent internal investigation found that their laptop contained technical data on advanced missile systems, including the Standard Missile-3, Standard Missile-6, and ESSM missiles.

Moreover, RTX disclosed in 2023 that it had improperly exported technical data on an F-22 Raptor component to employees at Collins' Shanghai facility without authorization. The misclassified data, sent to two Chinese employees, was later found to have compromised national security and negatively impacted a Department of Defense program.

The settlement between RTX and the US State Department serves as a reminder of the critical importance of safeguarding military secrets and adhering to export regulations. As RTX undertakes remedial compliance measures and strengthens its compliance program, it seeks to rebuild trust and prevent future breaches, ensuring the protection of classified information and national security interests.