Security News > 2022 > July > Defense contractor pays $9m to settle whistleblower's cybersecurity allegations

Federal district judge William Shubb last week approved [PDF] the out-of-court deal struck by the biz and Markus, who joined the defense contractor in 2014 as senior director of cybersecurity, compliance, and controls.

In his 2017 complaint, Markus alleged the company's computer systems failed to meet minimum cybersecurity standards that the federal government requires for contracts funded by NASA and the Department of Defense.

Almost immediately upon being hired, Markus found Aerojet was understaffed and underbudgeted to meet federal cybersecurity rules, according to his lawsuit's complaint [PDF].

Aerojet's computer systems didn't comply with federal regulations, and when asked about cybersecurity, the defense firm "Gave the government misleading information," the lawsuit alleged.

Aerojet hired outside consulting firm Emagined in 2014 to determine DFARS compliance, and according to the lawsuit that audit found the defense contractor was "Less than 25 percent compliant." The consultancy's report also found it would cost more than $34.5 million over a five-year period to bring Aerojet's computer systems' into compliance, the court documents allege.

The EY team also accessed legal documents along with rocket design blueprints and other unclassified technical information, and remotely compromised the security cameras so they could view and listen to Aerojet's security camera footage, according to the court papers.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/11/aerojet_cybersecurity_whistleblower/