DOJ Settles with Georgia Tech-Affiliated Company Over Alleged Cybersecurity Non-Compliance in DOD Contract

The Department of Justice (DOJ) and a company affiliated with Georgia Tech have settled a dispute involving alleged failures to meet cybersecurity requirements in a Department of Defense (DOD) contract. The company agreed to pay $875,000 to resolve the litigation, with neither party admitting fault. This case underscores the critical importance of cybersecurity compliance in defense contracts and the potential consequences of non-compliance. The DOD has stringent cybersecurity requirements, often based on standards like NIST SP 800-171, to protect sensitive information and critical infrastructure. Non-compliance can expose defense information to cyber threats, compromising national security. The False Claims Act, which imposes liability for defrauding governmental programs, is a key legal framework in such cases. This settlement highlights the DOJ's commitment to enforcing cybersecurity standards and serves as a warning to DOD contractors about the financial and reputational risks of non-compliance. Companies should conduct regular cybersecurity audits, implement robust security controls, and train employees on best practices to ensure compliance and protect critical assets.