In July 2022, two relators sued the Georgia Tech Research Corporation (GTRC) and the Georgia Institute of Technology (GA Tech) under the FCA . The allegations include violations of the FCA and employment law, based on the “increasing retaliation” experienced by the relators after they escalated their concerns. In February 2024, the DOJ intervened in the case, and on Aug. 22, 2024, with the U.S. Attorney’s Office for the Northern District of Georgia, DOJ filed its complaint-in-intervention (Complaint), raising its own allegations under the FCA and federal common law alleging that GTRC and GA Tech failed to meet cybersecurity requirements in connection with the performance of their DoD contracts. This is the first FCA litigation matter where the DOJ has intervened as part of the Civil Cyber-Fraud Initiative .
Since 2013 contractors and subcontractors have been required to provide “adequate security” to protect controlled unclassified information (CUI) that resides on a covered contractor information system. See DFARS 252.204-7012. Since 2016 “adequate security” has entailed compliance with the version of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 in effect at the time a solicitation is issued. Id . Contractors should have a Plan of Action and Milestones (POAM) for each control that is not fully implemented. The contract clauses also state that by submitting their offers, contractors are representing that they will implement the NIST SP 800-171 controls. See DFARS 252.204-7008(c)(1). In December 2020, additional clauses were issued providing for an assessment against the NIST SP 800-171 controls, which should be filed in the Supplier Performance Risk Management System (SPRS). See DFARS 252.204-7019. The score, the scope of assessment, and the date by which the contractor intends to implement the NIST SP 800-171 controls must be posted at the time of contract award for each covered contractor information system that is relevant to the contract.
DOJ’s allegations focus on one lab at GA Tech, the Astrolavos Lab, and two contracts that lab held between 2016 and the present. DOJ alleges that these contracts incorporated the requirements to comply with NIST SP 800-171, and the later-in-time contract incorporated the self-assessment requirements. According to DOJ, testimony from GA Tech’s staff indicates that both contracts also included CUI. The allegations focus on three main areas of noncompliance: the failure to have in place a comprehensive System Security Plan (SSP) in accordance with NIST control 3.13.4; the failure to install, update, and run antivirus software in accordance with NIST control 3.14.2; and the failure to post an accurate NIST self-assessment score.
DOJ alleges that staff at GA Tech were aware of the above issues and the regulatory requirements imposed on GA Tech, and that the violations were material to payment decisions by the government for the following reasons:
The intervention and allegations in the Complaint demonstrate DOJ’s continued focus on cybersecurity fraud and enforcing contractor compliance with cybersecurity requirements under the Civil Cyber-Fraud Initiative. In announcing the Complaint, DOJ also highlighted the risk that deficiencies in cybersecurity pose to our national security and the safety of our armed services, stating that “government contractors that fail to fully implement required cybersecurity controls jeopardize the confidentiality of sensitive government information” and the goal is “to identify such contractors and to hold them accountable.”
DOJ’s actions here align with DoD’s rulemaking activities on CMMC , which propose more robust controls around contractor verification of cybersecurity control implementation. Contractors should carefully review any requests for verification or attestations related to cybersecurity compliance. For example, under the new proposed rule contractors and subcontractors may need to provide a confidence level in their assessment or provide an annual affirmation of their assessment. Contractors should be alert to any such requirements and the increased risks such statements may impose.
Contractors must also keep in mind that cybersecurity obligations have been part of DoD contracts and subcontracts since at least December 2017. This case emphasizes that DoD contractors and subcontractors at all tiers risk significant consequences if they fail to meet cybersecurity compliance obligations. Contractors should carefully review their existing contracts and clarify any questions regarding the application of any cybersecurity requirements, as well as verify the accuracy of any explicit or implied statements of compliance.
IMAGES
COMMENTS
About the journal. Journal of Cybersecurity publishes accessible articles describing original research in the inherently interdisciplinary world of computer, systems, and information security …. Find out more. The health belief model and phishing: determinants of preventative security behaviors. Narrow windows of opportunity: the limited ...
Abstract. Cyber security has become a very critical concern that needs the attention of researchers, academicians, and organizations to confidentially ensure the protection and security of information systems. Due to the increasing demand for digitalization, every individual and organization faces continually shifting cyber threats.
An audio version of "Why the United Nations Is Chasing Its Tail on Cybersecurity," a new commentary by CSIS's James Andrew Lewis. This audio was generated with text-to-speech by Eleven Labs. CSIS's cybersecurity research and analysis work covers cyber warfare, encryption, military cyber capacity, hacking, financial terrorism, and more.
Researchers are actively working in the field of sensor identification and authentication to ensure the security of cyber-physical systems or the automotive sector. Channel [97] and sensor [98, 99] imperfections are used to find the transient and steady-state parameters as an input to the machine learning model for sensor identification. 5.2.1.3.
The journal publishes research articles and reviews in the areas including, but not limited to: • Cryptography and its applications. • Network and critical infrastructure security. • Hardware security. • Software and system security. • Cybersecurity data analytics. • Data-driven security and measurement studies. • Adversarial ...
Study of smart grid cyber-security, examining architectures, communication networks, cyber-attacks, countermeasure techniques, and challenges ... (IIE) is a national research institute in Beijing that specializes in comprehensive research on theories and applications related to information technology.
Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses ...
The extracted information can provide security analysts with useful Cyber Threat Intelligence (CTI) to enhance their decision-making. However, because the data sources are heterogeneous, there is a lack of common representation of information, rendering the analysis of CTI complicated. ... This research paper aims to survey the current state of ...
The cyber security research community is an eclectic group, addressing a diverse set of research questions, based on multifarious theories and deploying sundry methods, making it difficult to obtain a comprehensive grasp of this league. Using quantitative methods, the present work aims to summarize the activities of this group of researchers in ...
Recent research has introduced effective Machine Learning (ML) models for cyber-attack detection, promising to automate the task of detecting, tracking and blocking malware and intruders ...
Cyber security is a set of technologies, processes, and practices aimed at preventing attacks, damage, and illegal access to networks, computers, programmes, and data. The primary goal of this ...
Abstract. There has been a tremendous increase in research in the area of cyber security to support cyber applications and to avoid key security threats faced by these applications. The goal of ...
Cyber Security is a blend of innovative headways, process cycles and practices. The goal of cyber security is to ensure protection of applications, networks, PCs, and critical information from attack. ... becomes unsafe and to forestall such vindictive practices, a few security goals have been found. This paper reviews research work done in ...
We research, develop, evaluate, and deploy tools and systems designed to ensure that national security missions can be accomplished successfully despite cyber attacks. We also develop advanced hardware, software, and algorithms for processing datasets from a range of sources, including speech, imagery, text, and network traffic.
This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets.
Over the next three to five years, we expect three major cybersecurity trends that cross-cut multiple technologies to have the biggest implications for organizations. 1. On-demand access to ubiquitous data and information platforms is growing. Mobile platforms, remote work, and other shifts increasingly hinge on high-speed access to ubiquitous ...
The paper first explains what cyber space and cyber security is. Then the costs and impact of cyber security are discussed. The causes of security vulnerabilities in an organization and the challenging factors of protecting an organization from cybercrimes are discussed in brief. Then a few common cyber-attacks and the ways to protect from them ...
Cyber Security Research Topics. Cyber Security Research Topics are as follows: The role of machine learning in detecting cyber threats. The impact of cloud computing on cyber security. Cyber warfare and its effects on national security. The rise of ransomware attacks and their prevention methods.
Abstract. In the current world that is run by technology and network connections, it is crucial to know what cyber security is and to be able to use it effectively. Systems, important files, data ...
Criminal Law. Cyber Security Future Research Topics. Developing more effective methods for detecting and responding to cyber attacks. Investigating the role of social media in cyber security. Examining the impact of cloud computing on cyber security. Investigating the security implications of the Internet of Things.
This paper mainly focuses on challenges faced by cyber security on the latest technologies .It also focuses on latest about the cyber security techniques, ethics and the trends changing the face of cyber security. Keywords: cyber security, cyber crime, cyber ethics, social media, cloud computing, android apps. 1. INTRODUCTION.
A Cyber Security degree can significantly influence your career mobility and advancement in America, opening doors to a variety of exciting opportunities. Here's how: Diverse Career Paths: Graduates can pursue roles such as Security Analyst, Penetration Tester, Incident Responder, or Cybersecurity Consultant. According to the U.S. Bureau of ...
Cyber-security policy may require that "when the risk of disclosure of confidential information is high, ... His research interests include information security, computational intelligence and big data analysis. E-mail: [email protected]. Qinghui Liu was born in Jining Shandong, P.R. China, in 1977. He received the Master degree from Shandong ...
Research reports from ISC2 and WiCyS highlight the diversity and equitable inclusion issues seen every day in the cybersecurity profession. We take a closer look at how gender and inclusion imbalance in the cybersecurity workplace are ongoing obstacles to entry, retention and advancement.
Check Point Research Publications; Global Cyber Attack Reports; Threat Research; February 17, 2020 ... January 22, 2020 The 2020 Cyber Security Report. Global Cyber Attack Reports; December 15, 2021 StealthLoader Malware Leveraging Log4Shell. Publications. Global cyber attack reports; Research publications; IPS advisories; Check point blog;
The group is recognized for outstanding, novel research on youth cybersecurity and privacy knowledge and practices. This groundbreaking effort was the first time NIST conducted cybersecurity research with youths, filling a gap by contributing data and practical guidance on protecting and educating the next generation of the American workforce and future digital citizens.
The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees. Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia ...
This paper mainly. focuses on challenges faced by cyber security on the latest technologies .It also focuses on latest about. the cyber security techniques, ethics and the trends changing the face ...
The federal government is alleging that Georgia Tech and its research arm didn't follow enforcement of cybersecurity rules stated within U.S. Department of Defense contracts.
• On Aug. 22, 2024, the Department of Justice filed its complaint-in-intervention against the Georgia Tech Research Corporation and the Georgia Institute of Technology, raising claims under the False Claims Act (FCA) and federal common law. This is the first FCA lawsuit the United States has intervened in as part of DOJ's Civil Cyber-Fraud Initiative.