In yet another example of the government’s crackdown on the defense industry’s failure to comply with applicable cybersecurity regulations, the Department of Justice (DOJ) announced a $421,234 settlement with Swiss Automation, Inc., an Illinois precision machining company. The company supplies alloys and metals to government prime and subcontractors, including those within the defense industrial base.
The settlement of the allegations — which were brought initially under the whistleblower provisions of the False Claims Act (FCA) — resolves claims that Swiss Automation, Inc. failed to implement required cyber safeguards with respect to the drawings of certain parts that the company machined and supplied to Department of Defense (DoD) contractors. These cybersecurity requirements, which implement NIST 800-171 security controls, have applied to DoD contracts and subcontracts since 2017.
As noted previously, the now-finalized Cybersecurity Maturity Model Certification (CMMC) program will work to ensure that the defense industrial base complies with applicable cybersecurity requirements. The settlement with Swiss Automation again highlights that should DoD contractors and subcontractors fail to do so, the DOJ may not be far behind. Indeed, in a statement announcing the settlement, DOJ affirmed that it “will continue our efforts to hold defense contractors, subcontractors and suppliers accountable when they fail to honor their DoD cybersecurity commitments.”
