Did you see this story?
To be honest I sat down right where I was and read the entire thing, and then I went and found other news outlets and read their copy as well.
Why?
I was pissed that's why. I was mad. Period.
If you are turned off by honesty then I encourage you to move on this morning. This post is not for you.
The US Military has been using contractors to support various efforts and departments for over 100 years. It is a part of the normal operating rhythm to reach out to highly qualified or specialized civilian entities to draw on their skills and expertise to increase our capabilities or understanding.
So why am I mad?
Well Georgia Institute of Technology and Georgia Tech Research Corporation are being sued by the US Government for basically FLAT OUT ignoring cyber security regulations that are required if working on military contract research or projects.
What does "ignored" look like?
No antivirus installed, no security plan in place, no policies defined, no updates being run, FALSIFYING annual reports regarding security posture.....
Does that seem outrageous? Let me make it so....
I quickly Googled and found this:
"Georgia Tech Applied Research Tech Corp., Georgia Tech Research Institute (GTRI), Atlanta, Georgia, is being awarded a $339,000,000 extension to the indefinite delivery/indefinite quantity, cost-plus-fixed-fee contract HQ0854-21-D-0002. The contract ceiling value will increase from $121,000,000 to $460,000,000"
This is a university with a 2.97 BILLION dollar endowment (Google it) who is working on a recently renewed (indefinitely) 300+ million dollar government contract dealing with military research/support. Yet, they would not be bothered to implement cyber security controls and policies required by the terms of their contract. Forget the fact that we are dealing with issues of national security, forget the fact that we know we are constantly being targeted by foreign governments who so much as tell us they are focused on stealing our critical information. Don't worry about that....the professor who runs the lab didn't want to be inconvenienced....
I don't know about you, but that makes me mad.
Harden the Target, Stay Vigilant!