Swiss Automation Inc., a precision machining company based in Illinois, has agreed to pay $421,234 to settle allegations that it violated the False Claims Act by failing to provide adequate cybersecurity for certain drawings of parts supplied to Department of Defense (DoD) prime contractors. The company manufactures alloy and metal parts for both commercial and government clients, including those working directly with the DoD.
According to the settlement, Swiss Automation was accused of causing the submission of false claims by not implementing required cybersecurity measures to protect sensitive information related to parts provided for defense contracts. The company allegedly understood that these security requirements applied not only to prime contractors but also extended to subcontractors and suppliers. Since 2017, DoD contracts have required compliance with security controls outlined in National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171), a standard which remains in effect under the recently finalized Cybersecurity Maturity Model Certification (CMMC) program.
Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division stated, “As cyber threats continue to evolve, suppliers to defense contractors must be vigilant and take the steps required to protect sensitive government information from bad actors. We will continue our efforts to hold defense contractors, subcontractors, and suppliers accountable when they fail to honor their DoD cybersecurity commitments.”
U.S. Attorney Andrew S. Boutros for the Northern District of Illinois added, “Cybercriminals are increasingly targeting government contractors to steal sensitive and valuable information in their possession. Defense contractors in particular must maintain robust safeguards against these threats through stringent compliance with federal cybersecurity regulations. The U.S. Attorney’s Office in Chicago will continue to work closely with our law enforcement and agency partners to ensure that government contractors protect sensitive information and critical infrastructure in compliance with federal laws and regulations.”
Special Agent-in-Charge Jason Sargenski from the Department of Defense Office of Inspector General’s Defense Criminal Investigative Service commented, “Protecting our nation’s security includes protecting its data. As cyber threats become more sophisticated, defense contractors, subcontractors, and suppliers must do their part to safeguard sensitive government information. We will hold contractors, subcontractors, and suppliers accountable when they fall short of their cybersecurity obligations to the Department of Defense.”
The settlement resolves a lawsuit filed under the whistleblower provisions of the False Claims Act. These provisions allow private individuals who report fraud against federal programs or contracts—known as whistleblowers—to sue on behalf of the government and receive a portion of any recovery obtained. In this case, Jaime Gomez, a former quality-control manager at Swiss Automation who brought forward the allegations as a whistleblower (or relator), will receive $65,291 as his share.
The case is titled United States ex rel. Gomez v. Swiss Automation Inc., No. 1:22-cv-4328 (N.D. Ill.). The resolution was achieved through cooperation among several agencies: the Justice Department’s Civil Division Commercial Litigation Branch Fraud Section; the U.S. Attorney’s Office for the Northern District of Illinois; DCIS; and Army Criminal Investigation Division.
Senior Trial Counsel Gregory Pearson from the Justice Department’s Civil Division and Assistant U.S. Attorney Kathryn Kelly represented the United States in this matter.
The United States clarified that these claims are allegations only; there has been no determination or admission of liability by Swiss Automation.
