Georgia Tech Sued: Alleged DoD Cybersecurity Standards Breach
A lawsuit has recently been filed in the United States against one of the nation’s leading research universities, accused of violating cybersecurity standards established by the Department of Defense (DoD). The Georgia Institute of Technology (Georgia Tech) and its subsidiary, the Georgia Tech Research Corporation (GTRC), are under scrutiny for allegedly failing to adequately protect Controlled Unclassified Information (CUI).
The series of allegations, which began in 2019, spans events that took place over several years. One of the key incidents involves the Astrolavos Lab, which specializes in cybersecurity for national defense, and its failure to implement a digital defense plan that met DoD standards. This plan was not put in place until February 2020, but its scope was insufficient, falling short of the Department’s requirements.
Furthermore, the lab is accused of neglecting to install antivirus software on its devices, a lapse reportedly supported by the university’s administration. These violations persisted until December 2021, representing a significant deviation from federal standards and the university’s own internal policies.
It is also alleged that in December 2020, Georgia Tech and GTRC submitted a fraudulent cybersecurity assessment, awarding themselves a score of 98, which was later deemed fraudulent. The assessment was conducted on a “dummy” system, unconnected to any DoD contracts.
The case is being prosecuted under the False Claims Act and is part of the Civil Cyber-Fraud Initiative (CCFI), which seeks to penalize organizations that knowingly compromise the security of U.S. information systems.
This marks the first such case to proceed to litigation under the CCFI, as previous cases have been settled pre-trial. U.S. officials have expressed grave concerns over Georgia Tech’s actions, which they believe endanger national security and the lives of military personnel.
Notably, Georgia Tech is also under investigation by Congress for its potential ties to China. Since 2013, the university has partnered with Tianjin University, which is suspected of close connections with the Chinese military and has been previously blacklisted for stealing American military technologies.
The investigation, conducted by the Congressional Committee on the Chinese Communist Party, began in May 2024, but its findings have yet to be disclosed.
