Government Data Exposed: DoJ Takes Legal Action Against Georgia Tech for Cybersecurity Lapses

The US Department of Justice (DoJ) has filed a lawsuit against the Georgia Institute of Technology and its cybersecurity lab, headed by Dr. Emmanouil 'Manos' Antonakakis. The lawsuit claims numerous failures to adhere to obligatory security protocols for Department of Defense (DoD) research projects, potentially endangering confidential government data. The primary issue revolves around the lab's non-compliance with the National Institute of Standards and Technology Special Publication 800-171, a document specifying crucial security measures for managing controlled unclassified information. A significant concern in the lawsuit is the lack of endpoint antivirus software on devices handling or storing sensitive information. According to the lawsuit, this oversight amplified the risk of unauthorized access and potential data breaches.Furthermore, Georgia Tech and Antonakakis are accused of intentionally submitting invoices for DoD projects while knowing about their non-compliance with security requirements, effectively defrauding the Department of Defense. Antonakakis reportedly opposed the installation of antivirus software, referring to it as a 'nonstarter' and instead relying on the school's firewall. This resistance, combined with Georgia Tech's self-assessment score of 98 out of 110 for its security controls, portrays negligence and disregard for cybersecurity best practices. The lawsuit also uncovers a deeper cultural problem at Georgia Tech, where cybersecurity compliance was perceived as onerous. Researchers, vital in securing lucrative government contracts, often influenced the institution to bypass compliance, favoring financial advantages over security commitments. The case was brought to light by whistleblowers within Georgia Tech's IT staff, who revealed the institution's failure to meet its cybersecurity responsibilities.