From Dark Reading
The Software Licensing Disease Infecting Our Nation’s Cybersecurity
By Steve Weber
This month, Microsoft president Brad Smith was confronted by the US House Committee on Homeland Security, in a hearing over the cybersecurity woes that have plagued the government as a direct result of the company’s security shortcomings. These issues, however, don’t just come down to insecure products. They’re symptoms of a larger disease — a lapse in market and competition policy that has allowed Microsoft to dominate virtually all of the public sector technology market. And the US government’s failure to properly diagnose the deeper cause puts us all at risk.
Microsoft, by its own admission, is ground zero for state-sponsored hacking groups, and flaws in the company’s software have been responsible for a huge proportion of cyber breaches affecting the US government in recent memory. Our country’s cyber watchdogs — the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Safety Review Board (CSRB) — have spent considerable resources assessing these incidents and trying to assess and address Microsoft’s vulnerabilities.
There’s a fundamental problem with this process. The government is confusing symptoms — persistent hacks, breaches, and vulnerabilities — with an underlying disease: the lack of competition around cybersecurity. Microsoft has systematically exploited weaknesses in procurement processes to stifle competition and lock government customers into its insecure technology. That confusion ultimately leaves the government’s tools to enhance competition on the sidelines, when those tools are the best remedy for cyber insecurity...
Steven Weber is a professor emeritus of the I School, retiring in 2021. He previously served as the faculty director at the Center for Long Term Cybersecurity (CLTC).
