The technical leaks happened with Russia and Iran, while commercial dealings in aerospace components took place with China.
The U.S. Department of State has declared a $200 million settlement with aerospace and defense company RTX after its employees inadvertently divulged technical secrets and traded in aerospace components pertaining to nearly every major aircraft and missile system in its military with Russia, Iran and China. This includes the VC-25 (Air Force One), F-22 Raptor, F-35 Lightning II and the B-2 Spirit stealth, B-1B Lancer and the F/A-18, F-15 and F-16 fighters.
The technical leaks happened with the first two while the commercial dealings in aerospace components took place with the PRC (Peopleโs Republic of China).
RTX โvoluntarilyโ disclosed the instances to the government. The breaches, that took place between August 2017 and September 2023, constitute 750 violations of Arms Export Control Act and ITAR (International Traffic in Arms Regulations) which have been termed as โunauthorized exports of defense articles resulting from the failure to establish proper jurisdiction and classification; unauthorized exports of defense articles, including classified defense articles; unauthorized exports of defense articles by employees via hand-carry to proscribed destinations.โ
The stunning revelations come just a day after the U.S. Air Force announced a $1 billion contract to RTXโs Raytheon to upgrade the F-22 Raptor fleet with new sensors, avionics, electronics and software to extend its survivability and relevance. The need is acutely felt over possible military confrontation with peer rivals and technologically comparable Russian and Chinese militaries.
Voluntary disclosures
โRTX disclosed all of the alleged violations voluntarily. RTX also cooperated with the Departmentโs review of this matter and has implemented numerous improvements to its compliance program since the conduct at issue,โ the statement added. Reports quoted a response from RTX, which called the action โin line with the companyโs expectations,โ which it disclosed during its second quarter earnings report on Jul. 25, 2024.
The companyโs forthcoming disclosure has also possibly led to a relaxation in the settlement. As per the 36-month Consent Agreement, it would suspend $100 million of this amount provided the funds are used for โremedial measures to strengthen RTXโs compliance.โ
Additionally, for at least the next 24 months, RTX will employ an external Special Compliance Officer to oversee the implementation of the Consent Agreement. This will include at least one external audit of RTXโs ITAR and other compliance measures.
Breaches by employees
The violations largely occurred when the staffers were carrying their work laptops during their international travel, unmindful of the security of the contents therein.
For instance in May and June 2021, an RTX employee traveled to St. Petersburg, Russia, with an RTX-issued laptop loaded with ITAR-controlled technical data related to at least five military aircraft. During the trip, despite the employee notifying the companyโs cyber security team of several alerts on his laptop, they were โincorrectly dismissedโ as false positives. This may have been due to the teamโs transition to a new cybersecurity tool.
In another case, while in Iran, an RTX employee tried logging into his system, which entailed the use of the local internet provider and thereby inviting access to the data. This time however, RTXโs cyber cell promptly detected and froze the laptop. It subsequently emerged that its hard drive contained technical data on the B-2 Spirit and the F-22 Raptor.
Then between August 2017 and August 2022, Raytheon/RAY โexported without authorizationโ defense articles, โparts, components and technical dataโ of the Tomahawk LACM, RIM-162 ESSM (Evolved Sea Sparrow Missile), RIM-116 Rolling Airframe Missile, SM-2 and the Paveway-1 LGB (Laser Guided Bomb). This was made to Australia, Belgium, Canada, France, Germany, Greece, Israel, Japan, Mexico, the Netherlands, the Republic of Korea, Saudi Arabia, Singapore, Sweden, Turkey, the U.A.E. and U.K.
China
The Departmentโs โcharging letterโ notes RTX-owned Collins Aerospace (formerly Rockwell Collins), for the majority of violations, owing to โhistorical systemic failuresโ in its export control compliance. โWhile all of Respondentโs affiliates committed a substantial number of violations, pervasive ITAR compliance weaknesses at Rockwell Collins resulted in the most egregious violations such as unauthorized exports of technical data to the PRC to facilitate procurement of defense articles from Chinese entities.โ
These include โtwo casesโ of importing and โintegrating thousandsโ PRC-manufactured defense articles into โmultiple US and partner military platforms.โ RTX informed the Department that in 2021 and 2022, its facility at Cedar Rapids in Iowa engaged in โunauthorized export of technical dataโ of the E-3 Sentry AWACS and the KC-390 Millenium medium transport aircraft to Chinese FPE (Foreign Person Employees).
Again in January 2023, it exported technical data pertaining to an F-22 aluminum display housing component to two Chinese FPEs at the Collinsโ facility in Shanghai. The โroot causeโ was the โmisclassificationโ and โmisinterpretationโ of the defense articles. It identified โcircuit cardsโ and thousands of โPWBs (Printed Wiring Boards)โ that Rockwell Collins (before it became a part of RTX in 2018) and Collins purchased from โPRC entities.โ For the procurement, it had to export controlled technical data.
These were used in the VC-25 Presidential Transport Aircraft (Air Force One), A-10 Thunderbolt II, B-1B Lancer, B-52 Stratofortress, C-17 Globemaster III, C-130J Super Hercules, CH-53 Stallion helicopter, F-15 Eagle, F-16 Fighting Falcon, F/A-18 Hornet, KC-46 Pegasus, KC-130, KC-135 Stratotanker, MQ-4 Triton UAV, MQ-8 Fire Scout helicopter UAV, MQ-9 Reaper UCAV, MQ-25 Stingray and the P-8 Poseidon.
