Unlock stock picks and a broker-level newsfeed that powers Wall Street.
Recent DoJ settlements suggest Biden cyber-fraud initiative still active
U.S. Attorney General Pam Bondi speaks during a news conference at the Department of Justice on February 12, 2025 in Washington, DC. ·Cybersecurity Dive·Anna Moneymaker via Getty Images
The Trump administration has moved quickly to abandon its predecessor’s corporate-accountability efforts, but at least one initiative focused on cybersecurity so far appears to be sticking around.
The Justice Department announced on Thursday that it had reached an $8.4 million settlement with defense contractor Raytheon, its parent company RTX and the intelligence services vendor Nightwing, over allegations that the companies “failed to implement required cybersecurity controls on an internal development system that was used to perform unclassified work on certain [military] contracts.”
The case — stemming from failures that allegedly occurred between 2015 and 2021, before Nightwing acquired the cybersecurity business in question from RTX — likely emerged out of the Biden administration’s Civil Cyber-Fraud Initiative, which sought to use the False Claims Act to hold contractors accountable for misleading the government about their cybersecurity precautions.
The Raytheon case isn’t the first CCFI-like investigation to be settled since Trump took office. In late March, federal prosecutors convinced a Massachusetts defense contractor to pay $4.6 million for allegedly defrauding the U.S. Army and Air Force about its compliance with cyber requirements. And in February, DOJ settled with a Missouri-based healthcare company for $11.3 million over allegations that it failed to protect the sensitive data of service members and their families.
The DOJ did not respond to a request for comment about whether the CCFI remained active. Under Trump, the department has eliminated many Biden initiatives that Deputy Attorney General Todd Blanche described as “regulation by prosecution,” including a task force pursuing cryptocurrency-related crimes. So far, Trump officials have not publicly discussed the CCFI, even as prosecutors have now settled three cases that bear the hallmarks of the program.
In announcing the Raytheon settlement, federal officials did stress the urgent need to hold contractors accountable for cybersecurity performance, although they did so without mentioning the CCFI by name.
“Government contractors must comply with the cybersecurity rules that govern their performance and be candid about their compliance,” said Edward Martin, the U.S. attorney for the District of Columbia, adding that the settlement “reflects the government’s commitment to pursue contractors that fail to live up to those expectations.”
Yaakov Roth, the acting head of the DOJ’s Civil Division, vowed to “continue our efforts to hold contractors accountable” for failing to protect military data.
Military investigators involved in the case likewise touted the importance of cyber requirements in federal contracts — a Naval Criminal Investigative Service official said “strict compliance” was “of dire importance,” while an Air Force Office of Special Investigations official said compliance failures could have “devastating consequences.”
CCFI still alive and well?
If the CCFI remains active, it would represent a break from Trump’s pattern of abandoning corporate compliance and regulatory programs that the Biden administration created or expanded, from climate-disclosure rules to artificial intelligence safety testing requirements. The new administration has also targeted longstanding compliance mechanisms, including freezing all Foreign Corrupt Practices Act investigations and enforcement actions.
But cyber fraud could prove to be the exception to this trend, especially if prosecutors focus on cases in which contractors defraud the military. All three cyber-fraud cases settled since Trump’s inauguration involved defense contracts, whereas most cases settled during the Biden administration involved civilian contracts. Deterring cyber fraud in military procurement might align well enough with Trump’s stated interest in military readiness to preserve those investigations amid a broader rollback of compliance efforts.
There are other reasons to think that FCA cases, including those related to cyber fraud, might persist during the Trump administration. During her Senate confirmation hearing, Attorney General Pam Bondi promised to provide adequate resources for FCA enforcement and to defend the law against constitutional challenges.
“Given that prosecuting fraud, waste and abuse enjoys strong bipartisan support both from Congress and the American taxpayers,” wrote the authors of an article on the website Corporate Compliance Insights, “one should expect that the FCA will remain a critical tool for the DOJ in the coming year.”
Tirzah Lollar, a partner and co-chair of the False Claims Act practice at Arnold & Porter, said there was “no reason to think that DOJ will lose interest in the initiative.”
“In addition to the general adage that FCA enforcement is not impacted by a change in administration,” Lollar told Cybersecurity Dive via email, “the Trump Administration has shown heightened interest in protecting national security, which is at the heart of cybersecurity cases.”
Correction: A previous version of this article misstated the number of cyber-fraud cases that the Trump administration has settled. It has settled three such cases.
