DOJ Takes Legal Action Against Georgia Tech

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

The Justice Department has joined a whistleblower lawsuit accusing the Georgia Institute of Technology of failing to meet its cybersecurity responsibilities in contracts with the US Department of Defense.

The original lawsuit, filed by current and former members of Georgia Tech’s cybersecurity team, centers on Astrolavos Lab, a company under Georgia Tech’s Research Corp. that signs research contracts with the federal government, including those focused on cybersecurity.

Despite contract requirements for classified information protection, Georgia Tech admitted it didn’t implement a cybersecurity plan at Astrolavos Lab until nearly 4 years after signing the first contract. The suit also highlights a refusal to install basic antivirus software, citing a 2019 email where the company’s co-director, Manos Antonakakis dismissed the use of antivirus on the computers he used as a “nonstarter.”

“Specifically, the lawsuit alleges that until at least February 2020, the Astrolavos Lab at Georgia Tech failed to develop and implement a system security plan, which is required by DoD cybersecurity regulations, that set out the cybersecurity controls that Georgia Tech was required to put in place in the lab,” the DOJ explained in the announcement.

“Even when the Astrolavos Lab finally implemented a system security plan in February 2020, the lawsuit alleges that Georgia Tech failed to properly scope that plan to include all covered laptops, desktops, and servers,” the DOJ added in a statement.

“Their complaint is entirely off base, and we will vigorously dispute it in court. This case has nothing to do with confidential information or protected government secrets,” a Georgia Tech spokesperson said in response to the DOJ’s move, adding they’re “extremely disappointed” in the Justice Department’s decision.

“The government told Georgia Tech that it was conducting research that did not require cybersecurity restrictions, and the government itself publicized Georgia Tech’s groundbreaking research findings. In fact, in this case, there was no breach of information, and no data leaked,” the statement from the spokesperson continued.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment