Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers

March 15, 2021

Reuters

Microsoft stands to receive nearly a quarter of Covid relief funds destined for U.S. cybersecurity defenders, sources told Reuters, angering some lawmakers who don’t want to increase funding for a company whose software was recently at the heart of two big hacks.

Congress allocated the funds at issue in the COVID relief bill signed on Thursday after two enormous cyberattacks leveraged weaknesses in Microsoft products to reach into computer networks at federal and local agencies and tens of thousands of companies. One breach attributed to Russia in December grabbed emails from the Justice Department, Commerce Department and Treasury Department.

The government could impose new regulations, said Curtis Dukes, a former head of the defensive mission at the National Security Agency now at the nonprofit Center for Internet Security, which works closely with CISA. “Maybe with additional size, vendors should have to do more.”