THE INCREASING RELIANCE OF THE FEDERAL government on Microsoft software, and in particular the exclusive use of its security tools, is causing heartburn among cyber experts, former officials and some on Capitol Hill, who worry that reliance on a single IT vendor will make the nation more vulnerable to foreign hackers, enemy cyberwarriors and online spies.
Microsoft, by some estimates, already provides 85 percent of the office software (think email, word processing and meetings/collaboration) in the federal government. Now the federal government is moving to use its security tools, too.
Last year, despite internal opposition and criticism from experts, the Department of Defense abandoned one of its longest-running stand-alone cybersecurity program, which multiple vendors competed for, opting instead for Microsoft security tools that the company bundles with its other software—all purchased in a massive, multiyear blanket contract, where the competition, according to government watchdogs, boiled down to a contest between Microsoft resellers.
The risks of this approach were thrown into sharp focus in July, when Microsoft revealed details of a major intrusion in May and June into its customers’ cloud Outlook and Office services, which provide email and calendaring software. Microsoft said Chinese hackers were behind the breach, which affected a handful of U.S. government agencies including the State and Commerce Departments. Access to the unclassified email of top officials at those two agencies, as diplomats were planning a slew of summer visits to Beijing by U.S. cabinet leaders including the secretaries of State, Commerce and Treasury, would have given Chinese intelligence invaluable insight and perhaps even leverage, former officials tell Newsweek.
Microsoft claimed to have closed the security hole the hackers used, but independent researchers said later the scope of the breach might be much wider than initially acknowledged.
The Outlook intrusion is just the latest in a string of security incidents and hacking campaigns that have cast a new light on long-standing questions about the security of the software produced by the Redmond, Washington-based technology giant and the impact of its dominance of government technology markets.
Another potential tipping point is the White House’s new cybersecurity strategy, which calls on software companies to offer secure products in the first place
