St. George Fire Protection District filed suit against its contracted cybersecurity provider General Informatics following a December 2023 living-off-the-land intrusion that went undetected, signaling that public sector organizations are increasingly willing to pursue legal remedies when managed security providers fail contractual detection obligations. The operational lesson for any organization using an MSSP is that LotL tradecraft specifically defeats set-and-monitor security postures, and that detection gaps for PowerShell, WMI, and system binary abuse must be explicitly validated — not assumed — in managed security engagements.