ATLANTA – The Justice Department is suing Georgia Tech and the Georgia Tech Research Corp. for failing to follow cybersecurity requirements governing federal contracts.
The federal lawsuit follows a whistleblower suit current and former members of the university’s cybersecurity team brought against the school and its research corporation.
The complaint alleges that at least since 2019, Georgia Tech has had no enforcement mechanisms in place for contracts with the Defense Department. Instead, the university routinely gave in to the demands of “star researchers” who were treated like “star quarterbacks” because they were bringing in large government contracts.
Specifically, the lawsuit claims the Astrolavos Lab at Georgia Tech failed to develop and implement a required system security plan setting out cybersecurity requirements. Even when Astrolavos did implement a plan, it fell short of including all covered laptops, desktops, and servers.
Additionally, the lab failed to install, update, or operate anti-virus or anti-malware tools on desktops, laptops, servers, and networks. Georgia Tech and its research corporation then submitted a fraudulent cybersecurity assessment score to the feds, the suit alleges.
“Cybersecurity compliance by government contractors is critical in safeguarding U.S. information and systems against threats by malicious actors,” said Ryan Buchanan, U.S. attorney for the Northern District of Georgia. “For this reason, we expect contractors to abide by cybersecurity requirements in their contracts and grants, regardless of the size or type of the organization or the number of contracts involved.”
Georgia Tech disputed the allegations in a statement, arguing the lawsuit is “entirely off base” and vowing to defend the university’s position in court.
“This case has nothing to do with confidential information or protected government secrets,” the university stated. “The government told Georgia Tech that it was conducting research that did not require cybersecurity restrictions, and the government itself publicized Georgia Tech’s groundbreaking research findings. In fact, in this case, there was no breach of information, and no data leaked.”