The technical leaks happened with Russia and Iran, while commercial dealings in aerospace components took place with China.
The U.S. Department of State has declared a $200 million settlement with aerospace and defense company RTX after its employees inadvertently divulged technical secrets and traded in aerospace components pertaining to nearly every major aircraft and missile system in its military with Russia, Iran and China. This includes the VC-25 (Air Force One), F-22 Raptor, F-35 Lightning II and the B-2 Spirit stealth, B-1B Lancer and the F/A-18, F-15 and F-16 fighters.
The technical leaks happened with the first two while the commercial dealings in aerospace components took place with the PRC (People’s Republic of China).
RTX “voluntarily” disclosed the instances to the government. The breaches, that took place between August 2017 and September 2023, constitute 750 violations of Arms Export Control Act and ITAR (International Traffic in Arms Regulations) which have been termed as “unauthorized exports of defense articles resulting from the failure to establish proper jurisdiction and classification; unauthorized exports of defense articles, including classified defense articles; unauthorized exports of defense articles by employees via hand-carry to proscribed destinations.”
The stunning revelations come just a day after the U.S. Air Force announced a $1 billion contract to RTX’s Raytheon to upgrade the F-22 Raptor fleet with new sensors, avionics, electronics and software to extend its survivability and relevance. The need is acutely felt over possible military confrontation with peer rivals and technologically comparable Russian and Chinese militaries.
Voluntary disclosures
“RTX disclosed all of the alleged violations voluntarily. RTX also cooperated with the Department’s review of this matter and has implemented numerous improvements to its compliance program since the conduct at issue,” the statement added. Reports quoted a response from RTX, which called the action “in line with the company’s expectations,” which it disclosed during its second quarter earnings report on Jul. 25, 2024.
The company’s forthcoming disclosure has also possibly led to a relaxation in the settlement. As per the 36-month Consent Agreement, it would suspend $100 million of this amount provided the funds are used for “remedial measures to strengthen RTX’s compliance.”
Additionally, for at least the next 24 months, RTX will employ an external Special Compliance Officer to oversee the implementation of the Consent Agreement. This will include at least one external audit of RTX’s ITAR and other compliance measures.
Breaches by employees
The violations largely occurred when the staffers were carrying their work laptops during their international travel, unmindful of the security of the contents therein.
For instance in May and June 2021, an RTX employee traveled to St. Petersburg, Russia, with an RTX-issued laptop loaded with ITAR-controlled technical data related to at least five military aircraft. During the trip, despite the employee notifying the company’s cyber security team of several alerts on his laptop, they were “incorrectly dismissed” as false positives. This may have been due to the team’s transition to a new cybersecurity tool.
In another case, while in Iran, an RTX employee tried logging into his system, which entailed the use of the local internet provider and thereby inviting access to the data. This time however, RTX’s cyber cell promptly detected and froze the laptop. It subsequently emerged that its hard drive contained technical data on the B-2 Spirit and the F-22 Raptor.
Then between August 2017 and August 2022, Raytheon/RAY “exported without authorization” defense articles, “parts, components and technical data” of the Tomahawk LACM, RIM-162 ESSM (Evolved Sea Sparrow Missile), RIM-116 Rolling Airframe Missile, SM-2 and the Paveway-1 LGB (Laser Guided Bomb). This was made to Australia, Belgium, Canada, France, Germany, Greece, Israel, Japan, Mexico, the Netherlands, the Republic of Korea, Saudi Arabia, Singapore, Sweden, Turkey, the U.A.E. and U.K.
China
The Department’s ‘charging letter’ notes RTX-owned Collins Aerospace (formerly Rockwell Collins), for the majority of violations, owing to “historical systemic failures” in its export control compliance. “While all of Respondent’s affiliates committed a substantial number of violations, pervasive ITAR compliance weaknesses at Rockwell Collins resulted in the most egregious violations such as unauthorized exports of technical data to the PRC to facilitate procurement of defense articles from Chinese entities.”
These include “two cases” of importing and “integrating thousands” PRC-manufactured defense articles into “multiple US and partner military platforms.” RTX informed the Department that in 2021 and 2022, its facility at Cedar Rapids in Iowa engaged in “unauthorized export of technical data” of the E-3 Sentry AWACS and the KC-390 Millenium medium transport aircraft to Chinese FPE (Foreign Person Employees).
Again in January 2023, it exported technical data pertaining to an F-22 aluminum display housing component to two Chinese FPEs at the Collins’ facility in Shanghai. The “root cause” was the “misclassification” and “misinterpretation” of the defense articles. It identified “circuit cards” and thousands of “PWBs (Printed Wiring Boards)” that Rockwell Collins (before it became a part of RTX in 2018) and Collins purchased from “PRC entities.” For the procurement, it had to export controlled technical data.
These were used in the VC-25 Presidential Transport Aircraft (Air Force One), A-10 Thunderbolt II, B-1B Lancer, B-52 Stratofortress, C-17 Globemaster III, C-130J Super Hercules, CH-53 Stallion helicopter, F-15 Eagle, F-16 Fighting Falcon, F/A-18 Hornet, KC-46 Pegasus, KC-130, KC-135 Stratotanker, MQ-4 Triton UAV, MQ-8 Fire Scout helicopter UAV, MQ-9 Reaper UCAV, MQ-25 Stingray and the P-8 Poseidon.