US Gov Sues Georgia Institute of Technology for Cybersecurity Violations

The United States has filed a lawsuit against the Georgia Institute of Technology and the Georgia Tech Research Corporation, alleging violations of cybersecurity requirements related to Department of Defense (DoD) contracts. The complaint, which intervenes in a whistleblower suit initiated by former members of Georgia Tech's cybersecurity team, claims that the defendants failed to enforce federal cybersecurity regulations and fostered a culture of non-compliance. The lawsuit details that from 2019 to 2021, Georgia Tech's Astrolavos Lab neglected to implement necessary cybersecurity controls, including failing to develop a required system security plan and not installing antivirus software. Additionally, it is alleged that Georgia Tech submitted a false cybersecurity assessment score to the DoD, which misrepresented their compliance status. The lawsuit is part of the Department of Justice's Civil Cyber-Fraud Initiative, aimed at holding accountable those who compromise U.S. information security. The whistleblower suit was filed under the False Claims Act, allowing private parties to sue on behalf of the government for false claims. The case is currently being handled by the Justice Department's Civil Division and the U.S. Attorney's Office for the Northern District of Georgia.

- The U.S. has filed a lawsuit against Georgia Tech for cybersecurity violations related to DoD contracts.

- The lawsuit claims Georgia Tech failed to enforce cybersecurity regulations and submitted false compliance assessments.

- The case is part of the Civil Cyber-Fraud Initiative aimed at addressing cybersecurity deficiencies.

- The whistleblower suit was initiated by former cybersecurity team members under the False Claims Act.

- The allegations include neglecting to implement required cybersecurity controls from 2019 to 2021.