The Department of Defense has made some major changes with the cybersecurity programs that protect the global IT network that it operates, despite criticism and opposition from internal experts who have said that the change will make America much more vulnerable to hackers from outside the country.
Newsweek learned recently that the DOD has abandoned a cybersecurity program that it has used for years and replaced it with a tool from Microsoft that is readily available to consumers off the shelf. The department has been quiet about the move, potentially because of the uproar that it caused within the IT sector of the DOD.
A former senior defense official who was directly involved with the decision-making process told Newsweek that a majority of senior leaders in the IT departments of military services were opposed to switching cybersecurity programs. This happened after John Sherman, the chief information officer at the DOD, held multiple meetings in the lead-up to the fiscal year 2024 budget request being finalized.
The many senior IT officials were worried about how the DOD was increasingly becoming reliant on just one vendor for its security software. As the source told Newsweek:
“I was completely against it. A lot of us were, for the same reason: It felt like we were further embedding ourselves into this monopolistic (Microsoft) monoculture.”
The concerns these officials had came to pass in March of this year, when news broke that hackers who were suspected to work for military intelligence groups in Russia had been exploiting a vulnerability in the Microsoft email program Outlook for nearly one year.
The incident went wholly unreported by most media outlets, though it goes to prove the concerns of many cybersecurity experts that relying just on IT services from Microsoft is a major issue.
The DOD went ahead with moving its cybersecurity tools to Microsoft after the National Security Agency conducted an assessment. Yet, it’s playing into concerns that have been around for a while about the security that the software produced by Microsoft actually has.
Newsweek pointed out in its recent report that relying on Microsoft – which has many concerns about its products – could be counter to the cybersecurity strategy recently put forth by the White House. That strategy called on all software companies to offer their products completely secure upfront, rather than making available additional security patches on top of their base software – for a fee.
The former DOD official told Newsweek that the NSA assessment ended up being one of the decisive factors that led to the DOD switching over to Microsoft.
This new move only put more of the DOD’s eggs in one basket, so to speak. The department has been exclusively using the Windows operating system that Microsoft produces since back in 2017 on the more than 4 million desktop computers it has.
Almost all of the 2.1 million reserve and active duty military personnel working for the DOD – as well as the nearly 750,000 civilian employees it has – use programs that Microsoft has created such as Office and Outlook for word processing, calendar management, email and general administrative tasks.