Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

👉 Watch drones inspect power assets live—click here to register for the June 17 webinar.

Intelligent Utility
Richard "Dick" Brooks
Richard "Dick" Brooks
Expert Member
Top Contributor
 · Posted in Intelligent Utility

DOJ’s Complaint-in-Intervention in Cybersecurity Provides Key Indicators on How DOJ Intends to Ensure Compliance with Cybersecurity Regulations - O'Melveny

This story provides empirical evidence that "Risk always exists, but trust must be earned and awarded."

Always ask for the "trust score" along with tamper-proof evidence that companies are verifiably implementing "CISA Secure by Design principles and practices".

DOJ’s complaint-in-intervention provides key insights into DOJ’s priorities in litigating cybersecurity-related FCA cases because it details how DOJ believes Georgia Tech failed to meet cybersecurity compliance obligations and defrauded the government. Broadly, DOJ emphasizes that Georgia Tech failed on several key fronts: 

  • Submitting inaccurate self-assessment scores with respect to NIST compliance: DOJ contends that Georgia Tech submitted a “fictitious” self-assessment score for the campus as a whole instead of evaluating individual contractors or laboratories. DOJ also alleges that Georgia Tech knew this score did not reflect actual compliance from contractors.7
  • Deferring to employees who pushed back against cybersecurity requirements: DOJ accuses Georgia Tech of choosing to accommodate “star quarterback” researchers whose high-profile projects pulled in significant government funding. Georgia Tech allegedly deferred to these researchers’ demands instead of enforcing requirements.8
  • Knowingly permitting contractor noncompliance with security requirements: DOJ alleges that Georgia Tech knew a contractor was operating without a system security plan or antivirus software in violation of NIST and other requirements. DOJ contends that Georgia Tech knew that failing to meet these requirements violated Georgia Tech’s contracts with the government.9 

In the complaint, DOJ emphasizes that Georgia Tech knowingly submitted an inaccurate self-assessment score regarding NIST compliance in order to maintain eligibility for DOD contracts; that staff had been trained and were aware of the compliance requirements; and that Georgia Tech chose to accommodate its “star quarterback” researchers whose labs pulled in government funding when these researchers “push[ed] back against compliance with federal cybersecurity rules.”10