On-Prem

Public Sector

Microsoft is a national security threat, says ex-White House cyber policy director

With little competition at the goverment level, Windows giant has no incentive to make its systems safer


Interview Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it's fair to call Redmond's recent security failures a national security issue. 

Grotto this week spoke with The Register in an interview you can watch below, in which he told us that exacting even slight concessions from Microsoft has been a major fight for the Feds.

"If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." 

Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. 

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." 

Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern. 

But what can be done to solve the problem when 85 percent of US government productivity software, by Grotto's reckoning, and even more operating system share, belongs to Redmond? 

"The government needs to focus on encouraging and catalyzing competition," Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up. 

"At the end of the day, Microsoft, any company, is going to respond most directly to market incentives," Grotto told us. "Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be." ®

Send us news
121 Comments

Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud

Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda

So how's Microsoft's Secure Future Initiative going?

34,000 engineers pledged to the cause, but no word on exec pay

Microsoft hits go on Windows 11 24H2: Fresh features, bugs, and a whole lotta AI

Complete with Copilot Vision – but sessions won't be stored, insists Redmond

Germany is monitoring Microsoft to thwart 'anti-competitive practices'

Wants to peer into gaps in DMA to keep Redmond honest in cloud and AI

Google files first ever complaint with European Commission against Microsoft

Mountain View versus Redmond: Fight over cloud software licensing policies gets formal

Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable

AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more

Office 2024 unveiled for Microsoft 365 refuseniks

For the IT professional who has to take work home

Post-CrowdStrike catastrophe, Microsoft figures moving antivirus out of Windows kernel mode is a good idea

Existing low-level access for security solutions will undergo a rework

Saying goodbye to the tech dreams Microsoft abandoned with Windows 11 24H2

Is that a Mixed Reality headset, or just a complicated paperweight? Oh and farewell WordPad

Microsoft throws in the towel on HoloLens 2

Five years of mixed reality – now just mixed feelings

Cloud threats have execs the most freaked out because they're not prepared

Ransomware? More like 'we don't care' for everyone but CISOs

Windows 11 Patch Tuesday preview is a glitchy disaster

Blue is the color of some screens after optional KB5043145 update