The U.S. Department of Justice (DOJ) announced Georgia Tech Research Corporation (GTRC) agreed to pay $875,000 to resolve allegations it violated federal law.
According to the DOJ, the corporation failed to meet cybersecurity requirements with certain Air Force and Defense Advanced Research Projects Agency (DARPA) contracts.
“When contractors fail to follow the required cybersecurity standards in their DoD contracts, they leave sensitive government information vulnerable to malicious actors and cyber threats,” Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division said. “Together with DoD and other agency partners, the Department of Justice will continue to pursue and litigate violations of cybersecurity requirements to hold contractors accountable when they violate their cybersecurity commitments.”
According to the DOJ, GTEC and Georgia Tech failed to install, update or run anti-virus or anti-malware tools at Georgia Tech’s Astrolavos Lab through December 2021. That lab was conducting sensitive cyber-defense research for the DoD at the time. The DOJ also alleged that until Feb. 2020, there was no system security plan in place for Astrolavos Lab to set out the cybersecurity controls that GTRC’s contracts required.
“Failure to follow required cybersecurity requirements puts all of us at risk,” Stacy Bostjanick, Chief Defense Industrial Base Cybersecurity, Deputy Chief Information Officer for Cybersecurity, Office of the Chief Information Officer, said. “Those who knowingly provide deficient cybersecurity products or services, misrepresent their cybersecurity practices or protocols, or violate obligations to monitor and report cybersecurity incidents and breaches must be held accountable. Enforcement efforts like this should serve as a reminder to industry to prioritize DoD cybersecurity compliance.”
The DOJ also alleged that in December 2020 GTRC and Georgia Tech submitted a false summary level cybersecurity assessment score to the DoD which supposedly applied campus-wide. The score of 98 was false, the department said, because there was no campus-wide IT system at the school and that the score was based on a fictitious or virtual environment that didn’t apply to an actual contracting system at Georgia Tech.
The settlement stems from a complaint filed by former members of Georgia Tech’s Cybersecurity Team, under the whistleblower provisions of the False Claims Act.
The U.S. 7th Fleet welcomed Vice Adm. Patrick Hannifin in a change of command ceremony…
California-based Anduril Industries, a defense contractor, and South Korea-based HD Hyundai Heavy Industries, a shipbuilder,…
FBI Indianapolis announced it is coordinating with the Homeland Security Investigations for a first-of-its-kind Homeland…
Legislation by U.S. Rep. Brian Mast (R-FL) would ensure that members of the armed forces…
The Defense Advanced Research Projects Agency (DARPA) recently launched a challenge with the goal of…
The Gerald R. Ford Carrier Strike Group entered the U.S. Southern Command area of responsibility…
This website uses cookies.