The Department of Homeland Security (DHS) scrapped a highly lucrative cybersecurity contract originally awarded to Leidos following a legal challenge from rival bidder Nightwing, yet insists the pushback had nothing to do with it.
In February, the DHS awarded Leidos the seven-year Agile Cybersecurity Technical Solutions (ACTS) Indefinite Delivery Indefinite Quantity contract with a ceiling value of $2.4 billion. Originally advertised in December 2022, the work on offer was to support the Cybersecurity and Infrastructure Security Agency (CISA), an operational component of the DHS. The contract would have seen the awardee provide IT services and cyber capabilities for the now-beleaguered US cyber agency.
However, court documents [PDF] show that after a legal challenge from Nightwing, the DHS canceled the arrangement entirely on May 8.
The DHS said the reason was that “its IT and cybersecurity service needs have significantly changed in light of organizational changes and changes in priorities, unrelated to the protest, that have occurred since the ACTS solicitation was issued.”
In the DHS’s view, Nightwing’s protest is now moot. And while the government department confirmed there were no plans to offer the contract again at a later date, it is “conducting acquisition planning to determine the best means of fulfilling its future requirements.”
According to Nightwing’s complaint [PDF], the services supplied by the awardee would “be used to prepare the analysis, design, integration, development, test, implementation, deployment, and sustainment of cybersecurity solutions.”
That complaint listed the numerous reasons why Nightwing, an intelligence solutions company that spun out of defense contractor Raytheon (aka RTX) last year, objected to the contract being awarded to Leidos.
Among other arguments, Nightwing alleged the DHS directly harmed it by acting unreasonably throughout the award process, and had the DHS adhered to the relevant law and requirements set out by the contract’s Request for Proposals (RFP), Nightwing’s bid would have come out on top.
Nightwing’s other reasons for protesting the award included the following allegations:
The DHS evaluations of each bidder’s technical approach, past performance, and cost were “critically flawed,” and failed to follow the criteria set out by the RFP
The DHS’s best value decision was based on illusions
Leidos’s proposed cost was unrealistic
DHS failed to adhere to essential requirements of fairness
Leidos held an unfair competitive advantage over other bidders
Insider info alleged
That unfair advantage refers to Nightwing’s allegation that Leidos had access to nonpublic information via a former DHS IT specialist, who worked in the government between 2018 and 2022. Importantly, this man, whose identity is redacted in court documents, is claimed to have had access to data related to the Domino contract, which this ACTS contract effectively aimed to replace.
DHS previously awarded the Domino contract to Raytheon Technologies in 2017, before it sold off its cybersecurity operations to the company that became Nightwing.
Nightwing made a host of allegations about the unnamed individual in its legal complaint against the DHS.
Among other things, Nightwing said the man had special knowledge about Raytheon’s approach to staffing under the Domino contract, technical performance information, architectural roadmaps, and cost burn rate data.
The company alleged that the latter in particular could be used to manipulate the expected cost of services provided under the contract, and the information could be used to misrepresent the value of Leidos’s bid for the contract.
The complaint went on to allege that the man left the DHS and joined Leidos days later to work on its ACTS contract bid. Nightwing reported all of these allegations to the DHS in February 2024. In January 2025, the DHS denied parts of the company’s challenge and dismissed others.
The Register contacted the DHS, Nightwing, and Leidos for comment.
8.4 million reasons why Nightwing might have been overlooked
The legalities of the case won’t ever be heard in court. Following the cancellation of the contract, the case was dismissed [PDF] without prejudice.
Whether Nightwing’s case against Leidos had merit will likely never be determined.
ICE enlists Palantir to develop all-seeing ‘ImmigrationOS’ eye to speed up deportations
CISA: We didn’t fire red teams, we just unhired a bunch of them
This is the FBI, open up. China’s Volt Typhoon is on your network
US Dept of Housing screens sabotaged to show deepfake of Trump sucking Elon’s toes
However, the US government certainly had reason to suspect Nightwing might not have been the best recipient of the contract either.
Raytheon was embroiled in a lawsuit against the US government over alleged cybersecurity failings while working on 19 government contracts between 2015 and 2021. Raytheon was accused of failing to meet all the cybersecurity requirements of various regulations applicable to federal contracts.
On May 1, the Department of Justice announced an $8.4 million settlement in the case. The settlement order stated that the organization formerly known as Raytheon Cyber Solutions, now under control of Nightwing, failed to meet the requirements of federal acquisition regulation 52.204-21 and NIST special publication 800-171 [PDF]. These both cover the protection of unclassified data in contractors’ IT systems.
By allegedly failing in these two respects, the company would also have violated defense federal acquisition regulation 252.204-7012, which covers the security of DoD information and cyber incident reporting.
“Cyber threats have grown in size and reach in recent years, leaving no room for complacency among those in the public sector, private sector, or even among private citizens,” said Edward R. Martin Jr., US attorney for the District of Columbia, on the settlement announcement.
“Government contractors must comply with the cybersecurity rules that govern their performance and be candid about their compliance. This settlement reflects the government’s commitment to pursue contractors that fail to live up to those expectations.”
Agreeing to settle legal cases should not be misinterpreted as a determination of liability. So Raytheon may or may not have failed to meet the contract requirements.
Whatever the case, simply being in that position probably didn’t count in its favor when it came to bidding for the ACTS work.
Since taking over Raytheon’s cyber division, per public records, Nightwing has not won any US government contracts. Raytheon, meanwhile, has been awarded plenty, but for the work of its other divisions, namely in the aerospace arena. ®
