back to article Defense contractor pays $9m to settle whistleblower's cybersecurity allegations

Aerojet Rocketdyne, which makes propulsion and power systems for launch vehicles, missiles and satellites for NASA and the US military, has agreed to pay $9 million to settle charges it misrepresented its products' compliance with cybersecurity requirements in federal government contracts. The El Segundo, California-based …

  1. Eclectic Man Silver badge

    Security

    This really is depressing reading. I've had my arguments, sorry, discussions, with management concerning compliance with security regulations. You know the sort of thing - the government says we must do this, we are telling the government we are doing it, so we really ought to be doing it or someone is going to have a problem when they find out. Sounds like the management simply was not interested in compliance, just wanted NASA's and the DoD's money. After all, usually Security is the IT Security minion's responsibility isn't it, and spending money on security does so reduce teh profitability of the company and slow down the system with those naughty internet firewalls.

    This is why I retired. Will horses would not drag me back.

    1. Anonymous Coward
      Anonymous Coward

      Re: Security

      No wonder China builds better Aerojet Rocketdyne products than Aerojet Rocketdyne does.

      All your Aerojet Rocketdyne are belong to us.

  2. Anonymous Coward
    Anonymous Coward

    Interesting

    Are there similar rewards for whistleblowers in the EU or the UK?

    Asking for a friend :D

  3. Anonymous Coward
    Anonymous Coward

    So apart from this…

    > "Within four hours the EY team was able to utilize vulnerabilities in defendants' computer systems to fully compromise the windows network and retrieve all defendants' user accounts and passwords," the lawsuit alleged. "Information accessed included the CEO and CFO's inbox and network files that included board strategy documents and merger and acquisition files and technical documents. Employee personal information was accessed including social security numbers and salary."

    …was their security OK?

  4. Anonymous Coward
    Facepalm

    The truly unfortunate thing

    This will have zero effect on Aerojet Rocketdyne or its contracts.

    There will certainly be no attempt to void any contracts or even to claw back any money for the fraud.

  5. Anonymous Coward
    Anonymous Coward

    So $34.5M to fix it, or $9M to pay the fine.

    Did they also have to fix it, or just pay another $9M in ten years time.

  6. Claptrap314 Silver badge

    Hmmm....

    Let's see. We can net $142M this year. Now, there is this _tiny_ security fix we need for our system. It costs $34.5M. And, if we don't, the worst we can expect is a $9M fine. Maybe.

    What is our fiduciary responsibility?

    --

    Seriously, I'm more upset with the government here than anyone. NO WAY was the unclassified network 100% p0wned, but the classified secure. That company should be fined out of existence, and that CEO behind bars for a decade or so, and not at Club Fed.

    Unless the government _wants_ more of this for some unfathomable reason.

    1. Eclectic Man Silver badge

      Re: Hmmm....

      "the worst we can expect is a $9M fine"

      Or to end up like Nortel:

      https://www.bloomberg.com/news/features/2020-07-01/did-china-steal-canada-s-edge-in-5g-from-nortel

      "The documents began arriving in China at 8:48 a.m. on a Saturday in April 2004. There were close to 800 of them: PowerPoint presentations from customer meetings, an analysis of a recent sales loss, design details for an American communications network. Others were technical, including source code that represented some of the most sensitive information owned by Nortel Networks Corp., then one of the world’s largest companies.

      At its height in 2000, the telecom equipment manufacturer employed 90,000 people and had a market value of C$367 billion (about $250 billion at the time), accounting for more than 35% of Canada’s benchmark stock market index, the TSE 300. Nortel’s sprawling Ottawa research campus sat at the center of a promising tech ecosystem, surrounded by dozens of startups packed with its former employees."

      The worst thing that can happen to your insecure company is elimination by a competitor.

  7. Potemkine! Silver badge

    This story is absolutely unbelievable. Why aren't the CEO, COO and CIO in a brig?

  8. ricardian

    Dr Chris Day (a medical doctor in the UK) was a whistle-blower

    https://davidhencke.com/2022/07/12/david-cocke-the-trust-official-who-destroyed-potentially-relevant-emails-instructs-top-lawyer-and-pulls-out-of-cross-examination-in-chris-day-tribunal/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like