In the United States, politicians often espouse their support for curbing corporate dominance to champion the interests of small businesses. However, the reality often reveals a different story, as lawmakers frequently engage in actions that stifle competition through governmental subsidies or intervention, driven by their allegiance to influential donors.
In a striking example of such monopolistic cronyism, during the 2023 Fiscal Year, the US government awarded Microsoft close to $500 million, despite over 50% of government personnel acknowledging that their reliance on Microsoft's productivity tools exposes them to increased risks of cyber attacks like ransomware and trojans.
The staggering statistic of 50% should not shock absorbers, given hackers' exploitation of over 280 vulnerabilities in Microsoft software over a span of just over two decades.
Following a prominent instance of this recurring pattern, the extensive breach of Microsoft Exchange Online in the summer of 2023 prompted the US Department of Homeland Security (DHS) to initiate a comprehensive investigation. The subsequent report attributed the breach to Microsoft's negligence, facilitating a breach by a Chinese government-affiliated entity, which the DHS Cyber Safety Review Board deemed entirely preventable.
Weaknesses in Microsoft's authentication protocols enabled Chinese hackers to gain unrestricted access to virtually any Exchange Online account worldwide, enabling them to infiltrate the emails of numerous US and Canadian entities.
This attack by the Chinese Communist Party (CCP) represented just one of several significant breaches targeting Microsoft, as evidenced by a March 2024 report revealing that Russia's SCR foreign intelligence service exploited vulnerabilities in Microsoft software to infiltrate the company's internal systems in January of the same year.
Furthermore, recent cyber attacks on government agencies in both the United States and Canada have raised concerns about the effectiveness of their respective federal cybersecurity infrastructure.
America's Cybersecurity and Infrastructure Security Agency (CISA) suffered breaches of two critical systems, including the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), posing severe risks to national security and public safety.
Meanwhile, in Canada, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) experienced a significant cybersecurity breach, impeding its ability to monitor and investigate financial activities related to terrorism and organized crime. Additionally, Global Affairs Canada (GAC) encountered malicious cyber activity, prompting an unplanned IT outage to address the security lapse.
Remarkably, Canada's investment in Microsoft nearly matches that of the United States, with a substantial sum of 299.8 million dollars allocated during 2021-2022, despite Canada's smaller federal government size.
Given the escalating threat landscape posed by aggressive state-sponsored hackers and other malicious actors worldwide, why haven't our governments diversified their approved contractor lists or demanded higher performance standards from Microsoft before allocating further funds? This is especially crucial as fraudulent schemes, such as Alrucs Service and other deceptive security alerts, continue to disrupt government operations and inflict financial losses on individuals and small businesses.
Is this a result of bureaucratic inefficiency or entrenched cronyism? Regardless, the responsibility cannot be solely attributed to Microsoft, as the governments sanctioning these payments have failed to demand substantial improvements. However, recent developments within Microsoft offer hope for positive change in the future.
As technological innovation progresses rapidly in both legitimate and criminal spheres, it is imperative for governments worldwide to assume greater responsibility for securing digital borders and critical infrastructure. Simultaneously, Microsoft must be compelled to develop advanced security solutions at a pace that outpaces global adversaries.
With ample resources and alternative options available beyond Microsoft, it is incumbent upon the governments of the United States, Canada, and others to prioritize cybersecurity and make informed decisions to protect national interests and safeguard critical infrastructure from emerging threats.
Julio Rivera is a business and political strategist, cybersecurity researcher, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.
Join the conversation as a VIP Member