Nearly a quarter of the Covid relief funds set aside for cybersecurity defenders will be going to Microsoft (opens in new tab) though some US lawmakers have voiced concerns that they don't want to increase funding for the company after it suffered two high-profile hacks.
As first reported by Reuters (opens in new tab), Congress allocated the funds in its new Covid relief bill after two major cyberattacks took advantage of weaknesses in the software giant's products to penetrate the computer networks of government agencies as well as those at tens of thousands of companies. Not only do these two hacks pose a major national security threat for the US but lawmakers also say that Microsoft's faulty software is making the company more profitable.
A draft spending plan from CISA (opens in new tab) has allocated over $150m of its new $650m in funding for a “secure cloud platform” according to documents seen by the news outlet and people familiar with the matter. Four people briefed on the matter said that the funds have been budgeted to help federal agencies upgrade their existing deals with Microsoft to improve the security of their cloud computing (opens in new tab) systems.
- We've compiled a list of the best antivirus (opens in new tab) software available
- These are the best ransomware protection (opens in new tab) solutions on the market
- Also check out our roundup of the best endpoint protection (opens in new tab) software
US government officials are also seeking access to the company's premium tracking capabilities after they discovered that a lack of logs has made it more difficult to investigate the SolarWinds hack (opens in new tab) as well as a recent hack of Microsoft Exchange servers. (opens in new tab)
Cybersecurity ratings scheme
Following the recent attacks on SolarWinds' Orion platform and Microsoft Exchange, the Biden administration has outlined its plans to address US government security through additional private sector collaboration. In a transcript (opens in new tab) of a recent phone briefing, the administration revealed its plans, saying:
“Today, the cost of insecure technology is borne at the end: by incidence response and cleanup. And we really believe it will cost us a lot less if we build it right at the outset. We are focused on tightening the partnership between the US government and the private sector, who does have visibility into the domestic industry and into private sector networks, to ensure we can rapidly share threat information and we can address the liability barriers and disincentives that disincentivize U.S. companies from both addressing some of these issues and rapidly sharing information when there are incidents.”
One solution the administration has suggested as a way to improve US government security is implementing a cybersecurity ratings scheme that grades vendors. Singapore already uses a similar system to rate IoT (opens in new tab) devices and its system will be the basis for the one the Biden administration is proposing.
A senior administration official also said that the US government wants to continue delivering timely alerts and data breach (opens in new tab) warnings to consumers and businesses to help improve security across the board.
- We've also highlighted the best malware removal software (opens in new tab)
Via Reuters (opens in new tab) and The Register (opens in new tab)