RTX fined $200 million for sharing secret military aircraft data with Russia, China | News

US arms giant RTX has agreed to a $200 million fine from Washington regulators over the unauthorized release of confidential information from nearly two dozen military aircraft.

Some of this information reached the main geopolitical adversaries of the United States, including Russia, China and Iran.

The U.S. State Department announced the settlement on Aug. 30, finding that the aerospace conglomerate committed 750 violations of the U.S. International Traffic in Arms Regulations (ITAR) between 2017 and 2023. The regulations restrict the export of sensitive military technology, including both physical materials and information.

In addition to the $200 million fine, RTX must comply with a three-year agreement with the government that requires the company to conduct at least one external audit of its ITAR compliance program and implement corrective measures.

The State Department said it agreed to suspend the $100 million fine on the condition that the funds be used to implement required corrective measures and “strengthen the RTX compliance program.”

RTX voluntarily reported the violations to regulators, who found that the ITAR violations included the unauthorized export of classified defense articles and the failure to determine the proper jurisdiction and classification of sensitive materials.

“The majority of violations resulting from jurisdictional and classification errors, in particular, reflect a clear pattern of historical systemic compliance errors across multiple operational branches (RTX),” the State Department says. “In some cases, these operational branches were unable to fully correct these errors.”

RTX is the parent company of munitions and radar maker Raytheon, engine maker Pratt & Whitney and aircraft systems supplier Collins Aerospace.

The specific nature of the security breaches varies from case to case. While some cases have involved unauthorized disclosures to friendly nations such as Australia, Germany, and Norway, other examples have resulted in sensitive information falling into the hands of adversaries such as Russia, China, and Iran.

The article describes several specific incidents. settlement letter released by authorities in Washington.

In one case, controlled technical data was incorrectly sent to Chinese suppliers by RTX’s aerospace systems subsidiary, Collins Aerospace. The data was used to source printed circuit boards from unauthorized subcontractors in China.

These components were then transferred to the Pentagon and other U.S. defense contractors for use in nearly two dozen military aircraft, including the Boeing VC-25 Presidential Transport Aircraft, the Boeing B-1B heavy bomber, the Lockheed Martin U-2 reconnaissance aircraft, the Boeing B-52 strategic bomber, the Lockheed Martin F-16 fighter, the Boeing F-15 fighter, the Fairchild Republic A-10 attack aircraft and the Boeing F/A-18 fighter.

Many helicopters, transport planes, air tankers and unmanned aerial vehicles were also damaged.

Another improper disclosure at Collins involved a Chinese national who obtained technical data on a Boeing E-3 early warning and control aircraft and an Embraer KC-390 medium transport aircraft.

In a separate incident from 2021, an RTX employee used a company laptop containing sensitive technical data on a private trip to Russia. Internal cybersecurity measures flagged the issue, but the location alert was ignored as a false positive.

The laptop contained technical data for Lockheed Martin F-22 and F-35 stealth fighters, as well as a U-2. The employee had traveled to Russia four times before, bringing the laptop on at least one of those earlier trips, according to the State Department.

Another incident in 2019 involved an employee who traveled to Iran with a company laptop containing technical data on a Northrop Grumman B-2 stealth bomber and an F-22 fighter jet. In that case, cybersecurity protocols remotely froze access to the laptop’s hard drive.

The indictment says most of the violations occurred at Collins Aerospace when the division was an independent company called Rockwell Collins.

The chain of events is complicated by RTX’s convoluted corporate history of mergers and acquisitions. Rockwell Collins was acquired by defense contractor United Technologies Corporation (UTC) in 2018. UTC and Raytheon then merged in 2020, and the result was named Raytheon Technologies Corporation.

In 2023, the conglomerate changed its name to the current RTX. At the time of publication, FlightGlobal was awaiting comment from RTX.

A similar letter of complaint was sent by the State Department to aircraft manufacturer Boeing earlier this year, outlining 199 ITAR violations in programs including Boeing’s E-7 early warning and control aircraft, the CH-47F Chinook helicopter and the AH-64 attack helicopter. Some of the violations occurred at Boeing facilities in India and Australia.

A related court order from February indicates Boeing will be fined $51 million for the violations, $24 million of which will be suspended and used to cover compliance costs associated with fixing the vulnerabilities.