In the USA recently a lawsuit was filed against one of the leading research universities in the country, accused of violating cybersecurity standards established by the Ministry of Defense (DOD). The Georgia Institute of Technology (Georgia Tech) and its subsidiary, Georgia Tech Research Corporation (GTRC), were reported to have failed to provide proper protection of non-classified information (CUI).
A series of accusations that began in 2019 relates to events that have occurred over several years. One key episode involved the Astrolavos Lab laboratory, specializing in cybersecurity in the field of national security, failing to have a cyber protection plan that met DOD standards until February 2020. However, the coverage of this plan was deemed insufficient, resulting in a violation of DOD requirements.
Furthermore, the laboratory is accused of refusing to install antivirus software on its devices, made possible with the support of the university leadership. These violations persisted until December 2021, representing a serious deviation from federal standards and internal university regulations.
In December 2020, Georgia Tech and GTRC allegedly provided a false cybersecurity evaluation, rating themselves at 98 points, which was later revealed to be fraudulent. The assessment was conducted on a “fictitious” system unrelated to DoD contracts.
The case is being pursued under the False Claims Act Law as part of the Civil Cyber-Fraud Initiative (CCFI), which aims to penalize organizations that intentionally compromise the security of US information systems.
This marks the first case within the CCFI framework to go to trial, as previous cases were settled pre-trial. American officials have expressed serious concerns about Georgia Tech’s actions, which they believe jeopardize national security and military personnel.
It is worth noting that Georgia Tech is also under congressional investigation for potential ties to China. Since 2013, the university has been collaborating with Tianjin University, suspected of having close connections to the Chinese military and previously blacklisted for the theft of American military technologies.
An investigation by the Chinese Communist Party Committee began in May 2024, but the results have yet to be disclosed.