Tuesday, August 27, 2024

Well, that doesn't sound like much of a "Cybersecurity Lab"

Cybersecurity Lab didn't use antivirus:

Dr. Emmanouil "Manos" Antonakakis runs a Georgia Tech cybersecurity lab and has attracted millions of dollars in the last few years from the US government for Department of Defense research projects like "Rhamnousia: Attributing Cyber Actors Through Tensor Decomposition and Novel Data Acquisition."

The government yesterday sued Georgia Tech in federal court, singling out Antonakakis and claiming that neither he nor Georgia Tech followed basic (and required) security protocols for years, knew they were not in compliance with such protocols, and then submitted invoices for their DoD projects anyway.

It seems that Dr. Antonakakis wasn't much impressed with antivirus products.  Fair enough - it's a perpetual game of locking the barn door after the horse got out.

But the contract said that the lab would follow particular standards (in this case, NIST 800-171) which mandates antivirus, and the lab issued compliance statements with the invoices they submitted.  This case seems pretty cut and dried.

And not at all impressive for Georgia Tech Cybersecurity Lab.

 

3 comments:

Rick T said...

His excuse may be the lab is wide open as a honeypot, attracting the cyber criminals to them so their methods can be analyzed.

Otherwise? He is screwed, blued, and tattooed if he can't come up with enough receipts for donations to Camel-ho's campaign.

Old NFO said...

Actually doesn't surprise me. GT has always done it 'their' way...

jwl said...

Reminds me of the "I have special/secret knowledge because I'm smart" attitude some folks get, that leads them to pursue risky courses of action with objectively low probabilities of success. Steve Jobs re cancer treatment, for instance.