Microsoft (NASDAQ: MSFT ) is set to receive nearly a quarter of the pandemic relief funding earmarked for U.S. cybersecurity defenders, sources told Reuters. something that angers some MPs who do not want to see increased funding for a company whose software was recently affected by two large-scale cyberattacks.
Congress appropriated the funds in question under the coronavirus relief bill that passed Thursday, after two massive cyberattacks exploited shortcomings in Microsoft products to access the computer networks of both federal and local agencies. like tens of thousands of companies.
One of the attacks, attributed to Russia in December, affected emails from the Justice Department, the Commerce Department and the Treasury Department.
These attacks pose a significant national security threat, frustrating lawmakers who say flawed Microsoft software is benefiting the company.
“If the only solution to a major breach in which hackers exploited a design flaw long ignored by Microsoft is to give Microsoft more money, the government needs to reassess its reliance on Microsoft,” said Oregon Senator Ron Wyden, a leading Democrat on the intelligence committee.
“The government shouldn’t reward a company that sold it less secure software with even bigger government contracts.”
Microsoft has previously said it makes it a priority to fix attacks that affect a large number of users.
A draft spending plan prepared by the Cybersecurity Infrastructure Security Agency (CISA) allocates more than $150 million of a total $650 million to a “secure cloud platform,” according to documents seen by Reuters and people. familiar with the matter.
More specifically, the money has been awarded to Microsoft, according to four people familiar with the decision, in large part to help other federal agencies update their existing agreements with Microsoft to improve the security of their cloud systems.
A CISA spokesman declined to comment.
An essential service offered by Microsoft, known as activity logging, allows its customers to monitor data traffic within their cloud space and detect inconsistencies that could reveal hacker intervention.
Authorities have requested access to Microsoft’s tracking capabilities after discovering that a lack of records made it much more difficult to investigate recent cyberattacks linked to other countries.
Microsoft said on Sunday that while all of its cloud products have security features, “larger organizations may require more advanced capabilities, such as greater depth of security logs and the ability to investigate those logs and take action.” .
The company did not address the fairness issues raised by the deputies.
Microsoft has turned its security offer into an important source of income, with an activity that has generated 10,000 million dollars annually, 40% more than the previous year.