Georgia Tech and GTRC Under Federal Scrutiny for Cybersecurity Failures

Background of the Whistleblower Lawsuit

The Georgia Institute of Technology and its affiliate, the Georgia Tech Research Corporation (GTRC), are now subject to a federal whistleblower lawsuit filed by the Department of Justice (DOJ). The lawsuit claims that both institutions failed to meet cybersecurity requirements associated with contracts from the U.S. Department of Defense.

Key Allegations

• The breach of compliance with federal cybersecurity regulations dating back to 2019.
• The Astrolavos Lab allegedly neglected crucial cybersecurity measures, including not developing a required system security plan.
• Failure to properly implement antivirus or anti-malware tools on computers from May 2019 to December 2021.
• Georgia Tech and GTRC reportedly provided a fraudulent cybersecurity assessment score of 98.

The Importance of Cyber Compliance

U.S. Attorney Ryan K. Buchanan emphasized, “Cybersecurity compliance by government contractors is critical in safeguarding U.S. information and systems against threats posed by malicious actors.” This sentiment was echoed by Principal Deputy Assistant Attorney General Bryan Boynton, who stated that failure to follow required cybersecurity controls jeopardizes sensitive government information.

The Response from Georgia Tech

Georgia Tech issued a statement expressing disappointment over the DOJ’s allegations, stating that they misrepresent the institution's culture of innovation. The statement asserted that Georgia Tech is committed to strong cybersecurity and will vigorously dispute the claims in court.