Note that the Justice Department is suing Georgia Tech for violating required cybersecurity policies in its military contracts division. This would be analogous to MIT allegedly not following required cybersecurity standards at Lincoln Laboratory or Berkeley allegedly having security lapses at Lawrence Livermore.

More like UC Merced, not UC Berkeley. UC Berkeley has Lawrence Berkeley Lab.

It's quite common for universities to acquire government contracts. It's not so common to fail to meet the NOC, SOC, and/or Endpoint Protection requirements entailed in those contracts. It's even less common to lie to DoD about it.

If you want the money and the prestige, maintain compliance. It's not that difficult.