A suit filed against Georgia Tech by the United States Government alleges that the university’s affiliate, Georgia Tech Research Corporation (GTRC) knowingly failed to meet its cybersecurity requirements for the Department of Defense (DoD). The suit was initiated by a whistleblower complaint from members of Georgia Tech’s Cybersecurity team.
The lawsuit alleges that the Georgia Institute of Technology’s Astrolavos Lab failed to institute a System Security Plan as is stipulated in DoD cybersecurity regulations until 2020. When a System Security Plan was finally initiated, it failed to include in its scope all information assets. Additionally, the lab, in violation of its own cyber policies, refused to install antivirus software on laptops, desktops, and servers at the behest of demands put forth by the professor who headed the lab. Additionally, the lawsuit alleges that false cybersecurity assessment scores were submitted to the DoD by Georgia Tech and the GTRC.
The suit was filed under the False Claims Act which was created as a mechanism for private parties to file suits in behalf of the federal government and to receive a share of any recoveries. The Civil Cyber-Fraud Initiative was designed to identify contractors that fail to protect confidential information or protected government secrets.
Importance of Safeguarding U.S. Information
In comments regarding the issue, U.S. Attorney Ryan K. Buchanan for the Northern District of Georgia stated that the government expects contractors to meet cybersecurity requirements in their contracts and grants regardless of the size of the organization or the number of contracts involved. The case is being taken by the Justice Department’s Civil Division by Senior Trial Counsel Jake M. Shields and U.S. Attorney Adam Nugent and Melanie Hendry.
Academia Facing Challenges in Security
Universities have been facing a growing number of issues with cybersecurity and export compliance regulations from the federal government. There have been multiple violations of export regulations that have led to Voluntary Self-Disclosures to the Bureau of Industry and Security (BIS). These have included unauthorized exports of biohazards, genetic materials, and information regarding aerospace propulsion, and telecommunications.
CVG Strategy Cybersecurity
As the suit filed against Georgia Tech Research Corp. shows, the U.S, government is serious in its pursuit for protection of CUI. CVG Strategy information security consulting services help organizations develop comprehensive programs to meet U.S. government cybersecurity requirements. We can assist in establishing customized programs to address:
- NIST 800-171
- CMMC 2.0
- NIST 800-161
- NIST 800-53
We can also provide training to make your entire team aware of cyber threats, keep them informed on best practices, and the specific policies of your organization. Additionally, we can assist with reviews of policies, risk assessment approaches, and best practices to build management systems capable of handling complex cybersecurity requirements.
CVG Strategy is committed to the goals of CMMC in securing our defense manufacturing supply chain’s information secure. As industry leaders in cybersecurity, ITAR, and risk-based management systems, we understand the importance of innovating flexible approaches to meeting the requirements CMMC, establishing effective programs, and achieving certification.