Former Senior Director of the White House Cyber Policy, Hey Grotto (AJ Grotto), has raised concerns about Microsoft’s significant influence over IT technologies in the US government, labeling it as a national security issue.
In an interview with The Register, Grotto highlighted the challenges faced in making even minor concessions by Microsoft. He referenced the SolarWinds scandal, where Microsoft offered federal agencies expanded journalization capabilities as a paid option instead of default, complicating threat identification post-security breach. Despite earning approximately $20 billion in 2023 from security decisions, Microsoft was hesitant to provide default security features.
The breach of Microsoft Exchange by Chinese spies through Storm-0558, allowing access to the emails of American politicians, further raised alarm. Grotto argued that Microsoft’s dominance in productivity software (85% market share) and operating systems poses a threat to national security.
Grotto believes the solution lies in promoting competition and enhancing public oversight of Microsoft. Experts suggest that market incentives may encourage the corporation to alter their conduct, particularly if customers seek alternatives following public exposure of their mistakes.
In March, the German government expressed grave concerns over the vulnerability of approximately 17,000 (about 37%) Microsoft Exchange servers in the country to large-scale cyberattacks. The government warned of potential disruptions to regular operations in the IT sector, describing the situation as critical for businesses. The alarming security situation around using Microsoft Exchange, a vital communication tool for many German companies, prompted the government’s response.
In early April, CISA identified serious cybersecurity gaps in Microsoft systems, leading to a significant breach of Exchange data by the Storm-0558 group.