The U.S. Department of Justice has joined forces with whistleblowers in a lawsuit against the Georgia Institute of Technology, alleging that the university neglected its cybersecurity obligations under contracts with the U.S. Department of Defense. This move marks a significant step under the DOJ’s Civil Cyber-Fraud Initiative, aimed at holding government contractors accountable for cybersecurity violations.
The lawsuit, initially brought by current and former members of Georgia Tech’s cybersecurity team, has now gained federal backing. Launched in October 2021, the Civil Cyber-Fraud Initiative seeks to punish contractors who fail to meet mandated cybersecurity standards, especially when handling sensitive government data.
Prosecutors have accused Georgia Tech of blatantly disregarding federal cybersecurity regulations tied to billions of dollars in contracts with the Department of Defense and the U.S. Air Force. A spokesperson for Georgia Tech expressed strong disappointment with the DOJ’s involvement, stating, “Their complaint is entirely off base, and we will vigorously dispute it in court. This case has nothing to do with confidential information or protected government secrets.”
The spokesperson further argued that the government had previously informed Georgia Tech that the research in question did not require cybersecurity restrictions. They emphasized that no data breach or information leakage had occurred and criticized the lawsuit as “misguided.” Despite the legal battle, Georgia Tech expressed hope for continuing its collaborative relationship with the Department of Defense and other federal agencies.
The Role of Astrolavos Lab and Dr. Manos Antonakakis
At the heart of the lawsuit is Astrolavos Lab, a research entity under Georgia Tech’s Georgia Tech Research Corporation. Ironically, the lab’s focus is on cybersecurity, with Dr. Manos Antonakakis, a prominent figure in the field, leading research on cyberattack attribution and other critical projects.
Since 2016, Dr. Antonakakis has been a key contractor for both the Air Force and DARPA (Defense Advanced Research Projects Agency). His work includes developing advanced attribution technology to identify cyberattack perpetrators and creating tools to automate threat-emulated cyber infrastructure.
However, the DOJ alleges that Georgia Tech failed to implement a comprehensive cybersecurity plan for Astrolavos Lab until nearly four years after the initial contracts were signed. A key point of contention is Dr. Antonakakis’s refusal to install basic antivirus software on his work computers. In a 2019 email cited in the lawsuit, Antonakakis reportedly stated that the “Endpoint [antivirus] agent is a nonstarter,” and he was described as the sole voice opposing the installation of such software.
Moreover, the lawsuit accuses Georgia Tech of falsifying a cybersecurity assessment score required by federal contracts, a violation of federal law. Prosecutors argue that as a large and sophisticated contractor with billions of dollars in defense contracts, Georgia Tech was well aware of the federal cybersecurity requirements and knowingly failed to comply with them.
Government Response and Broader Implications
The Justice Department’s lawsuit represents the interests of the Department of Defense, the U.S. Air Force, and DARPA. Darrin Jones, Special Agent in Charge within the Defense Department’s Office of Inspector General, emphasized the seriousness of Georgia Tech’s alleged actions, stating that they “pose a significant threat not only to our national security but also to the safety of the men and women of our armed services who risk their lives daily.”
Brian Boynton, Principal Deputy Assistant Attorney General, underscored the broader significance of the Civil Cyber-Fraud Initiative, stating that government contractors who fail to implement required cybersecurity controls “jeopardize the confidentiality of sensitive government information.” He highlighted the initiative’s goal of identifying and holding such contractors accountable.
The lawsuit also notes that Georgia Tech experienced a data breach in 2019, which exposed the records of 1.3 million individuals. U.S. Attorney Ryan Buchanan for the Northern District of Georgia stressed the importance of cybersecurity compliance by government contractors, regardless of the organization’s size or the number of contracts involved.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
