DOJ files federal complaint, accusing Georgia Tech of failing to meet cybersecurity requirements

This browser does not support the video element.

ATLANTA — On Thursday, the Department of Justice announced that the U.S. government filed a federal complaint against the Georgia Institute of Technology, accusing the institution of failing to provide cybersecurity requirements.

The lawsuit claims that the Georgia Institute of Technology failed to follow adequate security for sensitive government information.

[DOWNLOAD: Free WSB-TV News app for alerts as news breaks]

According to a government press release, it is a threat “not only to our national security but also to the safety of the men and women in our armed services that risk their lives daily.”

This comes after two whistleblowers, Christopher Craig and Kyle Koza, took on the university in an initial lawsuit.

On Monday, Channel 2 Investigative Reporter Sophia Choi spoke to the former and current employees, Christopher Craig and Kyle Koza, who said they tried to get the university to do the right thing, knowing the dangers of this kind of secret government information getting into the wrong hands.

In their lawsuit, the two claimed that Georgia Tech did “not adequately protect sensitive military information in Department of Defense contracts.”

U.S. Attorney Ryan K. Buchanan said in the complaint that cybersecurity compliance by the government is critical in protecting information against threats.

“Cybersecurity compliance by government contractors is critical in safeguarding U.S. information and systems against threats posed by malicious actors,” said Buchanan. “For this reason, we expect contractors to abide by cybersecurity requirements in their contracts and grants, regardless of the size or type of the organization or the number of contracts involved. Our office will hold accountable those contractors who ignore cybersecurity rules.”

The complaint states that Georgia Tech “essentially had ‘no enforcement’ of federal cybersecurity regulations in connection with DoD contracts” in at least one tab and alleges that from 2019 to 2021, there was a failure to update or operate the necessary tools to protect sensitive information.

TRENDING STORIES:

“From at least as early as May 2019 until December 2021, the Astrolavos lab failed to install, update, or operate anti-virus or anti-malware tools on desktops, laptops, servers, and networks at the lab. Georgia Tech allegedly approved the lab’s refusal to install antivirus software—in violation of both federal cybersecurity requirements and Georgia Tech’s own policies—to satisfy the demands of the professor who headed the lab. In connection with contracts that DoD entered into with GTRC on behalf of Georgia Tech, defendants were obligated to implement these and other cybersecurity controls at the Astrolavos Lab,” the complaint read. The lawsuit further alleges that in December 2020, Georgia Tech and GTRC submitted a false and fraudulent cybersecurity assessment score to DoD for the Georgia Tech campus.

Earlier this week, in response to the lawsuit filed by the whistleblowers under the qui tam or whistleblower provisions of the False Claims Act, Georgia Tech responded and said it is “disappointed with the government’s lawsuit...this case has nothing to do with confidential information or protected government secrets.”

Georgia Tech released a statement in response to the Department of Justice’s lawsuit that was filed Thursday, saying, “We are extremely disappointed by the Department of Justice’s filing, which misrepresents Georgia Tech’s culture of innovation and integrity. Their complaint is entirely off base, and we will vigorously dispute it in court. This case has nothing to do with confidential information or protected government secrets. The government told Georgia Tech that it was conducting research that did not require cybersecurity restrictions, and the government itself publicized Georgia Tech’s groundbreaking research findings. In fact, in this case, there was no breach of information, and no data was leaked. Despite the misguided action by the Department of Justice, Georgia Tech remains committed to strong cybersecurity and continuing its collaborative relationship with the Department of Defense and other federal agencies.”

[SIGN UP: WSB-TV Daily Headlines Newsletter]

IN OTHER NEWS:

This browser does not support the video element.