(PartiallyPolitics.com) – Congress members are calling for a report from the Pentagon within the next six months, concerning the escalating dependence of the military on Microsoft, a single software supplier. This request is to assess the impacts on national cybersecurity and the competition among tech firms for defense agreements.
The Department of Defense’s (DOD) Chief Information Officer, John Sherman, is instructed in the Senate’s version of the yearly defense authorization bill to provide a written review detailing the pros and cons of procuring cybersecurity instruments from Microsoft. This request stems from the anxiety of some specialists who fear that the DOD’s heavy reliance on one software provider increases its susceptibility to cyberattacks and digital espionage.
Lawmakers are also curious about how authorities plan to promote vendor competition, given that the cybersecurity tools from Microsoft were bought through a contract that didn’t open the door for other firms to bid. Good governance experts emphasize that competition is crucial not just for the efficient use of taxpayers’ money, but also for guaranteeing that the DOD can procure the most superior and innovative products.
The clause in the bill, penned by Missouri’s recently appointed Republican Senator Eric Schmitt, builds on Newsweek’s report on the concerns of former officials and experts regarding the growing dominance of Microsoft within the DOD.
A Senate aide mentioned that Schmitt was approached by worried constituents and industry participants regarding the potential market consolidation around Microsoft, which could stifle competition and innovation. He also voiced worries that the “single-vendor dependence” could lead to a single point of failure if that company were to be compromised.
Amid this news, Microsoft has been dealing with revelations of breaches of their products by hackers from Russia and China, and the unexpected exit of the head of their government-sales subsidiary, Microsoft Federal, Rick Wagner. He has left “to pursue new opportunities,” the company announced. The announcement came hours before the disclosure that Chinese hackers had infiltrated email accounts in several organizations, including government agencies, using a master key to mimic users and access their accounts.
Subsequently, Microsoft confirmed discoveries by researchers at Cisco Talos about a loophole in its software validation process that allowed hackers to breach the protected kernel of Windows.
Despite the security concerns raised, the Defense Department has been using the Microsoft Windows operating system exclusively since 2017 on over four million desktop computers. It has also increased its use of Microsoft’s Azure cloud computing services. The majority of its active-duty and reserve military personnel and civilian employees use Microsoft software for administrative tasks.
However, many critics were alarmed by the DOD’s decision last year to abandon a multi-vendor cybersecurity program and opt for Microsoft security tools instead.
David McKeown, a senior DOD cybersecurity official, countered these concerns, arguing that the networks would be safer with a unified solution. He compared this to the purchasing of an aircraft – an integrated system rather than a collection of parts.
Senator Schmitt’s clause in the defense bill, which has been approved by the Armed Services Committee, also demands the DOD to reveal two internal reports examining the efficacy of Microsoft Defender tools.
The Pentagon and Microsoft chose not to comment on the legislation in progress. The bill will now be discussed on the Senate floor, and if passed, it will be harmonized with the House version, which does not contain a similar provision.
There is growing concern about the vulnerability of the U.S. military to a preemptive cyber strike by China, especially in a situation where the U.S. might need to aid Taiwan. China could potentially use cyber power to cripple key national infrastructure, according to U.S. officials.
Copyright 2023, PartiallyPolitics.com