The US government, through the Department of Justice [4], has filed a lawsuit against Georgia Tech and its affiliate GTRC for alleged cybersecurity violations related to a Department of Defense (DoD) contract [5].
Description
The lawsuit [1] [2] [3] [4] [5] [6], which includes a whistleblower suit filed by members of Georgia Tech’s Cybersecurity team [5], Christopher Craig and Kyle Koza [5] [7], alleges that the Astrolavos Lab at Georgia Tech did not implement required cybersecurity controls, failed to install antivirus software [3] [6], and submitted a false cybersecurity assessment score to the DoD [2] [3] [6]. Whistleblowers Kyle Koza and Christopher Craig claim there was no enforcement of cybersecurity regulations at Georgia Tech [2], prioritizing financial gain over compliance [2]. The Justice Department’s intervention in the lawsuit is part of a broader effort to hold organizations accountable for failing to provide adequate cybersecurity protections [6]. The lawsuit [1] [2] [3] [4] [5] [6], originally filed by whistleblowers under the False Claims Act [1], accuses the institutions of submitting false cybersecurity assessment scores to the Department of Defense [1]. Among the allegations are claims that the university lacked proper IT systems and failed to implement required security measures [1]. The Justice Department is suing Georgia Tech and an affiliate company for failing to meet cybersecurity standards required for Pentagon contracts [2]. This is the first lawsuit under the DoJ’s Civil Cyber-Fraud Initiative [5], which aims to address cybersecurity violations by contractors [4]. The case is being handled by the Justice Department’s Civil Division and the Northern District of Georgia [3]. Georgia Tech has denied the allegations and plans to dispute them in court [1]. Principal Deputy Assistant Attorney General Brian M [5]. Boynton emphasized the importance of implementing cybersecurity controls to protect sensitive government information [5]. The claims are allegations only [3], and no liability has been determined [3]. The lawsuit [1] [2] [3] [4] [5] [6], under the False Claims Act and federal common law [4], was brought by current and former members of Georgia Tech’s cybersecurity team [4], claiming a pattern of noncompliance dating back to 2019 [4]. Allegations include failure to meet security standards [4], such as lacking a system security plan and essential antivirus protection [4]. The lawsuit marks the launch of the Department of Justice’s Civil Cyber-Fraud Initiative [4], aiming to address cybersecurity violations by contractors [4]. US Attorney Ryan K [7]. Buchanan emphasized the importance of cybersecurity compliance by government contractors in safeguarding US information and systems against threats posed by malicious actors [7].
Conclusion
The lawsuit against Georgia Tech and its affiliate GTRC highlights the importance of cybersecurity compliance in government contracts. It underscores the need for organizations to prioritize cybersecurity measures to protect sensitive information and systems from potential threats. Moving forward, it is crucial for contractors to adhere to cybersecurity standards to prevent similar violations and safeguard national security interests.
References
[1] https://www.nextgov.com/acquisition/2024/08/doj-suit-claims-georgia-tech-knowingly-failed-meet-cyber-standards-dod-contracts/399047/
[2] https://cyberscoop.com/georgia-tech-lawsuit-dod-contracts-cybersecurity/
[3] https://www.justice.gov/opa/pr/united-states-files-suit-against-georgia-institute-technology-and-georgia-tech-research
[4] https://publiclawlibrary.org/whistleblower-lawsuit-accuses-georgia-tech-of-cybersecurity-failures-in-defense-contracts/
[5] https://www.infosecurity-magazine.com/news/georgia-tech-sued-cybersecurity/
[6] https://www.bankinfosecurity.com/doj-lawsuit-accuses-georgia-tech-cybersecurity-failures-a-26128
[7] https://www.yahoo.com/news/doj-files-federal-complaint-accusing-024248480.html
