Biden's HHS Sent Kids to Strip Clubs, Where They Were Pimped Out
Wray and Mayorkas Were Set to Testify Today. They Didn't Show Up.
Trump Has a New Attorney General Nominee
Is This Why Gaetz Withdrew His Name From Consideration for Attorney General?
Matt Gaetz Withdraws From Attorney General Nomination
ABC News Actually Attempts to Pin Laken Riley's Murder on Donald Trump in...
Liberal Media Is Already Melting Down Over Pam Bondi
Dem Bob Casey Finally Concedes to Dave McCormick... Weeks After Election
Josh Hawley Alleges This Is Why Mayorkas, Wray Skipped Senate Hearing
MSNBC's Future a 'Big Concern' Among Staffers
AOC's Take on Banning Transgenders From Women's Restrooms Is Something Else
FEMA Director Denies, Denies, Denies
The System Finally Worked for Laken Riley -- Long After Her Entirely Avoidable...
Gun Ownership Is Growing Among This Group of Americans
We’ve Got an Update on Jussie Smollett…and You’re Not Going to Like It
OPINION

Inept Microsoft is Compromising National Security

The opinions expressed by columnists are their own and do not necessarily represent the views of Townhall.com.
Advertisement
Advertisement
Advertisement

In the United States, politicians often espouse their support for curbing corporate dominance to champion the interests of small businesses. However, the reality often reveals a different story, as lawmakers frequently engage in actions that stifle competition through governmental subsidies or intervention, driven by their allegiance to influential donors.

Advertisement

In a striking example of such monopolistic cronyism, during the 2023 Fiscal Year, the US government awarded Microsoft close to $500 million, despite over 50% of government personnel acknowledging that their reliance on Microsoft's productivity tools exposes them to increased risks of cyber attacks like ransomware and trojans.

The staggering statistic of 50% should not shock absorbers, given hackers' exploitation of over 280 vulnerabilities in Microsoft software over a span of just over two decades.

Following a prominent instance of this recurring pattern, the extensive breach of Microsoft Exchange Online in the summer of 2023 prompted the US Department of Homeland Security (DHS) to initiate a comprehensive investigation. The subsequent report attributed the breach to Microsoft's negligence, facilitating a breach by a Chinese government-affiliated entity, which the DHS Cyber Safety Review Board deemed entirely preventable.

Weaknesses in Microsoft's authentication protocols enabled Chinese hackers to gain unrestricted access to virtually any Exchange Online account worldwide, enabling them to infiltrate the emails of numerous US and Canadian entities.

Advertisement

This attack by the Chinese Communist Party (CCP) represented just one of several significant breaches targeting Microsoft, as evidenced by a March 2024 report revealing that Russia's SCR foreign intelligence service exploited vulnerabilities in Microsoft software to infiltrate the company's internal systems in January of the same year.

Furthermore, recent cyber attacks on government agencies in both the United States and Canada have raised concerns about the effectiveness of their respective federal cybersecurity infrastructure.

America's Cybersecurity and Infrastructure Security Agency (CISA) suffered breaches of two critical systems, including the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), posing severe risks to national security and public safety.

Meanwhile, in Canada, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) experienced a significant cybersecurity breach, impeding its ability to monitor and investigate financial activities related to terrorism and organized crime. Additionally, Global Affairs Canada (GAC) encountered malicious cyber activity, prompting an unplanned IT outage to address the security lapse.

Advertisement

Remarkably, Canada's investment in Microsoft nearly matches that of the United States, with a substantial sum of 299.8 million dollars allocated during 2021-2022, despite Canada's smaller federal government size.

Given the escalating threat landscape posed by aggressive state-sponsored hackers and other malicious actors worldwide, why haven't our governments diversified their approved contractor lists or demanded higher performance standards from Microsoft before allocating further funds? This is especially crucial as fraudulent schemes, such as Alrucs Service and other deceptive security alerts, continue to disrupt government operations and inflict financial losses on individuals and small businesses.

Is this a result of bureaucratic inefficiency or entrenched cronyism? Regardless, the responsibility cannot be solely attributed to Microsoft, as the governments sanctioning these payments have failed to demand substantial improvements. However, recent developments within Microsoft offer hope for positive change in the future.

As technological innovation progresses rapidly in both legitimate and criminal spheres, it is imperative for governments worldwide to assume greater responsibility for securing digital borders and critical infrastructure. Simultaneously, Microsoft must be compelled to develop advanced security solutions at a pace that outpaces global adversaries.

Advertisement

With ample resources and alternative options available beyond Microsoft, it is incumbent upon the governments of the United States, Canada, and others to prioritize cybersecurity and make informed decisions to protect national interests and safeguard critical infrastructure from emerging threats.

Julio Rivera is a business and political strategist, cybersecurity researcher, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.

Join the conversation as a VIP Member

Recommended

Trending on Townhall Videos