HomeWinBuzzer NewsConcerns Mount Over Microsoft's Control and Security Failures in Federal IT

Concerns Mount Over Microsoft’s Control and Security Failures in Federal IT

US government reliance on Microsoft for IT raises security concerns. Expert suggests fostering competition and holding Microsoft accountable

-

The United States federal government’s reliance on Microsoft for IT infrastructure has come under scrutiny, with concerns being raised about the company’s significant control and recent security lapses. AJ Grotto, a former senior White House cyber policy director, has voiced his concerns, suggesting that Microsoft’s dominance in the sector poses a national security risk. Grotto’s comments to The Register come in the wake of several high-profile security breaches, including incidents involving SolarWinds and unauthorized access by foreign entities to US government emails through Microsoft’s platforms.

Security Lapses and Federal Response

Grotto points to specific instances where Microsoft’s practices have directly impacted federal security measures. Notably, during the SolarWinds breach, Microsoft was criticized for not providing adequate logging capabilities by default, a decision that complicated the federal government’s ability to assess its vulnerability. Despite Microsoft’s significant revenue from security services, estimated at around $20 billion last year, the company was reluctant to make concessions without external pressure. This behavior, according to Grotto, illustrates Microsoft’s leverage over the federal government and its willingness to use it to its advantage.

Strategies for Mitigating Risk

To address the risks associated with Microsoft’s dominance, Grotto suggests that the federal government should focus on fostering competition within the IT sector. He advocates for public scrutiny of Microsoft’s practices to ensure accountability and encourage a market-driven response to security concerns. By highlighting Microsoft’s missteps and exploring alternatives, Grotto believes that market incentives could motivate Microsoft to prioritize security and reduce its control over federal IT infrastructure. The goal is to create a more secure and competitive environment that diminishes the national security risks currently associated with Microsoft’s dominance.

Ongoing Concerns Over Email Access

Just last week, The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive following the discovery that Russian espionage operatives, known as Midnight Blizzard or Cozy Bear, infiltrated Microsoft’s email system. The breach, which was first reported earlier this year, allowed the hackers to access and exfiltrate sensitive data, including email correspondences between Federal Civilian Executive Branch (FCEB) agencies and Microsoft. 

CISA’s Emergency Directive ED 24-02 mandates federal agencies to conduct a thorough review of the compromised emails, reset any exposed credentials, and bolster the security of authentication tools, particularly for privileged Microsoft Azure accounts.

Last Updated on November 7, 2024 8:53 pm CET

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x