A defense contractor located in Stockton and a private equity firm have been hit with a significant fine for not disclosing cybersecurity violations.
The Department of Justice announced that Aero Turbine Inc. and Gallant Capital Partners LLC have agreed to pay $1.75 million to resolve their liability under the False Claims Act for knowingly failing to comply with cybersecurity requirements in an Aero Turbine contract with the Air Force.
The big picture: The payment resolves the liability of the two companies for knowingly submitting or causing others to submit false or fraudulent claims for payment on an Air Force contract, which were allegedly false or fraudulent because they had not complied with the contract’s cybersecurity requirements.
Driving the news: Aero Turbine allegedly failed to implement certain cybersecurity controls in National Institute of Standards and Technology Special Publication 800-171 from January 2018 to February 2020.
- The lack of those cybersecurity controls could lead to significant exploitation of the system or exfiltration of sensitive defense information.
- Further, from June 2019 to July 2019, the two companies allegedly failed to control the flow of, and limit unauthorized access to, sensitive defense information by providing a software company based in Egypt with files containing such information.
- The companies cooperated with the government’s investigation and took prompt remedial action.
What they’re saying: “Government contractors must follow required cybersecurity standards to protect sensitive defense information,” said Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division. “When defense contractors fail to comply with cybersecurity requirements, they can mitigate the consequences by making timely self-disclosures, cooperating with investigations, and taking prompt remedial measures.”
- “Every defense contractor must provide adequate security to safeguard covered defense information,” added Acting U.S. Attorney Kimberly A. Sanchez. “We commend Aero Turbine and Gallant for disclosing the issue and promptly cooperating to address it. We encourage others to follow their example of self-reporting to resolve violations.”
