The United States has intervened in a whistleblower lawsuit against the Georgia Institute of Technology and its research affiliate, Georgia Tech Research Corporation (GTRC), for allegedly failing to meet cybersecurity standards required by the Department of Defense (DoD). The lawsuit was initiated by former members of Georgia Tech’s Cybersecurity team and claims that the Astrolavos Lab neglected to develop a proper system security plan and failed to implement necessary cybersecurity measures until early 2020. Even after these issues were acknowledged, the lab purportedly did not install essential antivirus tools, violating both federal requirements and the institution’s own policies.
Additionally, the lawsuit alleges that Georgia Tech and GTRC submitted a false cybersecurity assessment score to the DoD in December 2020, falsely claiming a compliance score of 98. This score was based on a non-existent IT system and did not reflect any actual cybersecurity measures in place. The accurate assessment of compliance is crucial for contractors, as it influences the awarding of DoD contracts and the safeguarding of sensitive defense information.
U.S. Attorney Ryan K. Buchanan emphasized the importance of cybersecurity compliance, stating that it is essential for protecting U.S. information and systems from malicious threats. The whistleblower suit allows private individuals to bring attention to fraudulent activities, and in this case, the former cybersecurity members stand to gain a share of any recovery. This initiative aligns with the Justice Department’s Civil Cyber-Fraud Initiative, aimed at holding entities accountable for inadequate cybersecurity practices.
The implications of this case extend beyond Georgia Tech, highlighting a significant concern regarding the cybersecurity measures implemented by government contractors. With national security at stake, the actions of Georgia Tech and GTRC could have severe consequences, particularly for the safety of U.S. service members. The case demonstrates a growing commitment to enforce stringent cybersecurity standards among government contractors to protect sensitive information and ensure national security.
Reference:
