Former White House cyber policy director believes Microsoft failures could threaten US national security

Former White House senior director for cyber policy A.J. Grotto says that the recent Microsoft security breaches can be considered a national security issue. He spoke about this in an interview with The Register.

Getto said that Microsoft has considerable influence on the government, as the company owns 85% of the federal government’s software market and an even larger share of operating systems.

“If you go back to the SolarWinds episode a few years ago, the episode where SolarWinds software was compromised by the Russians and Microsoft was actually selling logging capabilities to federal agencies, it was part of a standard security and service package, and as a result, it was very difficult for agencies to determine whether they were exposed to a SolarWinds hack,” says Grotto.

He notes that the government had to fight with the company for almost 18 months to get it to provide the government with logging capabilities by default.

The company is now the largest provider of cybersecurity services in the world and earned about $20 billion last year, which is twice as much as in 2022. So it comes down to the fact that Microsoft simply “has leverage that they are not afraid to use.”

Grotto believes that the government can potentially solve this problem if it focuses on encouraging and catalyzing competition. He also believes that it is necessary to publicly audit the company and make sure that everyone knows when problems arise.

“At the end of the day, Microsoft, any company, is going to respond most directly to market incentives. Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be,” Grotto said.