This failure to implement a system security plan, according to the Department of Justice, constitutes a violation of the law. The DOJ’s complaint also alleges that the lab at Georgia Tech failed to conduct regular security assessments, which are also required by DoD cybersecurity regulations. This failure to conduct regular security assessments, according to the Department of Justice, constitutes a violation of the law.
This lack of security measures, coupled with the lab’s failure to implement a comprehensive security plan, left the lab vulnerable to a wide range of cyberattacks. The lab’s lack of security measures exposed it to potential threats such as ransomware, data breaches, and phishing attacks. These threats could have resulted in significant financial losses, reputational damage, and even national security implications. The lab’s failure to comply with Georgia Tech’s policies and federal cybersecurity requirements was a serious breach of trust and a significant risk to the university’s overall security posture.