According to Reuters, Microsoft is set to obtain nearly a quarter of the Covid relief funds earmarked for US cybersecurity defenders, angering several lawmakers who are opposed to increasing support for a firm whose software was recently at the center of two major hacks.
After two major cyberattacks exploited vulnerabilities in Microsoft products to gain access to computer systems at federal and local agencies, as well as tens of thousands of businesses, Congress approved the funds at issue in the COVID relief bill signed on Thursday. In December, emails from the Justice Department, Commerce Department, and Treasury Department were stolen in a cyberattack blamed on Russia.
The hacks pose a serious threat to the country, angering lawmakers who claim that its flawed software is boosting its profits.
More About Situation Of Microsoft After Recent Hacks:
“If the only solution to a major breach in which hackers exploited a design flaw long ignored by Microsoft is to give the company more money, the government needs to re-evaluate its dependence on the company,” said Oregon Senator Ron Wyden, a leading Democrat on the intelligence committee.
“The government should not be rewarding a company that sold it insecure software with even bigger government contracts.”
Microsoft previously stated that it prioritizes addressing attacks that are widely used.
According to documents seen by Reuters and people familiar with the matter, the Cybersecurity Infrastructure Protection Agency’s draught budget plan allocates more than $150 million of their new $650 million funding towards a “safe cloud network.”
According to four people informed of the decision, the funds will be used to help other federal agencies update their current Microsoft contracts in order to strengthen the security of their cloud systems.
A spokesperson for CISA declined to comment.
Its activity logging service, for example, enables clients to track data traffic inside their own cloud and spot discrepancies that might expose hackers at work.
After finding that the lack of logs made it more difficult to investigate the latest hacks linked to nation-states, officials have sought access to its premium monitoring capabilities.
While all of Microsoft’s cloud products have security features, “larger organizations can need more unique technologies and capabilities such as a greater depth of security logs and the ability to monitor and act on those logs,” according to a statement released on Sunday. It didn’t answer the legislators’ concerns about justice.
Despite the fact that some top US cyber officials believe they have little option but to pay up, Wyden and three other politicians have publicly expressed their opposition to the initiative.
