cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

US DOJ orders rocket engine manufacturer to pay $9m in cyber security compliance misrepresentation case

The US Department of Justice (DOJ) has ordered Aerojet Rocketdyne to pay $9 million to settle allegations of cyber security compliance “misrepresentation in federal government contracts”.

user iconReporter
Tue, 12 Jul 2022
US DOJ orders rocket engine manufacturer to pay $9m in cyber security compliance misrepresentation case
expand image

Under the whistleblower provisions of the US False Claims Act, the rocket engine manufacturer has agreed to pay a sum of $9 million to "resolve allegations of cyber security violations".

Former Aerojet employee Brian Markus filed the 2015 lawsuit, and the US District Court in California approved the settlement in July this year, seven years after the case had been initiated.

According to the DOJ, Markus and Aerojet reached the settlement in April, which has resulted in Markus receiving US$2.61 million as his share.

The Pentagon, NASA and other federal agencies, have relied on Aerojet Rocketdyne for the provision of propulsion and power systems for launch vehicles, missiles, satellites and other space vehicles.

A court filing from Markus stated that Aerojet Rocketdyne falsely represented that "it complied with cyber security regulations", between July 2013 and September 2015. During that time, the company received over $2.6 billion in government funds by "fraudulently procuring" Defense Department and National Aeronautics and Space Administration (NASA) contracts that were "essential components of America's national defense and aerospace programs".

According to Reuters, Aerojet Rocketdyne hired Markus as a senior cyber security official following a 2013 cyber attack. Markus stated that "he did not have the budget or staff" the company had promised. Additionally, Markus also claimed Aerojet Rocketdyne "concealed that the company was not compliant with cyber security requirements" in 2015.

In April this year, Aerojet Rocketdyne stated that the company had "made many detailed disclosures to the relevant government agencies regarding the state of its compliance with these cyber security standards in 2014, 2015, and beyond," according to a court filing, in its defence.

The same April court filing stated that Aerojet Rocketdyne "did not admit any wrongdoing as part of the settlement".

"Whistleblowers with inside information and technical expertise can provide crucial assistance in identifying knowing cyber security failures and misconduct," principal deputy assistant Attorney General Brian Boynton added.

Aerojet did not respond to requests for comment according to Reuters.

[Related: Google warns of new Chrome hack attacks aimed at Windows and Android]

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.