Skip to main content

Microsoft could be set for a US government windfall

Microsoft October 2 event
(Image credit: StockStudio / Shutterstock)

Nearly a quarter of the Covid relief funds set aside for cybersecurity defenders will be going to Microsoft though some US lawmakers have voiced concerns that they don't want to increase funding for the company after it suffered two high-profile hacks.

As first reported by Reuters, Congress allocated the funds in its new Covid relief bill after two major cyberattacks took advantage of weaknesses in the software giant's products to penetrate the computer networks of government agencies as well as those at tens of thousands of companies. Not only do these two hacks pose a major national security threat for the US but lawmakers also say that Microsoft's faulty software is making the company more profitable.

A draft spending plan from CISA has allocated over $150m of its new $650m in funding for a “secure cloud platform” according to documents seen by the news outlet and people familiar with the matter. Four people briefed on the matter said that the funds have been budgeted to help federal agencies upgrade their existing deals with Microsoft to improve the security of their cloud computing systems.

US government officials are also seeking access to the company's premium tracking capabilities after they discovered that a lack of logs has made it more difficult to investigate the SolarWinds hack as well as a recent hack of Microsoft Exchange servers.

Cybersecurity ratings scheme

Following the recent attacks on SolarWinds' Orion platform and Microsoft Exchange, the Biden administration has outlined its plans to address US government security through additional private sector collaboration. In a transcript of a recent phone briefing, the administration revealed its plans, saying:

“Today, the cost of insecure technology is borne at the end: by incidence response and cleanup. And we really believe it will cost us a lot less if we build it right at the outset. We are focused on tightening the partnership between the US government and the private sector, who does have visibility into the domestic industry and into private sector networks, to ensure we can rapidly share threat information and we can address the liability barriers and disincentives that disincentivize U.S. companies from both addressing some of these issues and rapidly sharing information when there are incidents.”

One solution the administration has suggested as a way to improve US government security is implementing a cybersecurity ratings scheme that grades vendors. Singapore already uses a similar system to rate IoT devices and its system will be the basis for the one the Biden administration is proposing.

A senior administration official also said that the US government wants to continue delivering timely alerts and data breach warnings to consumers and businesses to help improve security across the board. 

Via Reuters and The Register