TLDR:
- The DOJ is suing Georgia Tech for allegedly failing to meet cybersecurity standards for DOD contracts.
- The lawsuit uses the False Claims Act and is based on a whistleblower suit brought by current and former cybersecurity team members.
The Justice Department has filed a lawsuit against the Georgia Institute of Technology and an affiliate company, accusing them of failing to meet cybersecurity standards required for securing Pentagon contracts. This lawsuit stems from a whistleblower suit brought by current and former members of Georgia Tech’s cybersecurity team. The suit utilizes the False Claims Act, a law dating back to the Civil War era, which DOJ has increasingly used for cyber cases since 2022.
The lawsuit alleges that the Astrolavos Lab at Georgia Tech failed to develop and implement a system security plan that meets Department of Defense cybersecurity regulations, including not installing anti-malware software on devices. The whistleblowers, Kyle Koza and Christopher Craig, claim that cybersecurity regulations were not enforced at the university, with a focus on financial gain over compliance.
Georgia Tech has responded by stating that the complaint misrepresented their culture of innovation and integrity, and they plan to vigorously dispute the allegations. U.S. Attorney Ryan K. Buchanan emphasized the importance of contractors abiding by cybersecurity requirements to safeguard U.S. information and systems against malicious actors.
In light of this lawsuit, it is clear that cybersecurity compliance by government contractors is a critical aspect of maintaining the security of U.S. information and systems. The DOJ’s use of the False Claims Act in this case highlights the government’s commitment to holding contractors accountable for cybersecurity requirements in their contracts and grants.