Government-Facilitated Tech Monopolies Endanger North American Interests

In America these days, there is a pervasive narrative that portrays politicians as advocates for small businesses, purportedly fighting against the dominance of corporate giants. However, the reality often contradicts this portrayal, as politicians frequently engage in actions that effectively stifle competition and perpetuate the dominance of large corporations. 

These actions, whether through governmental subsidies or legislative and bureaucratic interventions, are often driven by the vested interests of politicians’ financial backers and donors.

One of the most alarming manifestations of this monopolistic cronyism is the government’s substantial financial support of tech giants such as Microsoft. During the 2023 Fiscal Year, the US government awarded Microsoft nearly $500 million in subsidies, despite the unsettling fact that more than 50% of government workers have expressed concerns about the vulnerability of their systems to cyber attacks due to their reliance on Microsoft’s productivity technology. 

This substantial government subsidy to Microsoft, in the face of widespread apprehension among government workers, raises serious questions about the true motivations behind such allocations and underscores the influence of corporate interests in government decision-making processes.

The staggering statistic that over half of government workers believe their dependence on Microsoft technology increases their susceptibility to cyber intrusions should serve as a wake-up call. This perception is not unfounded, as evidenced by the extensive history of cyber vulnerabilities within Microsoft software. Over the course of more than two decades, hackers have exploited over 280 vulnerabilities in various Microsoft software products, underscoring the systemic weaknesses inherent in these technologies.

One of the most notable instances of the consequences of these vulnerabilities occurred in the summer of 2023, when Microsoft Exchange Online was subjected to a massive cyber intrusion. The subsequent investigation conducted by the US Department of Homeland Security (DHS) revealed shocking findings: Microsoft’s negligence was directly implicated as the primary cause of the breach, which allowed a Chinese government-affiliated entity to gain unauthorized access to sensitive data. 

This breach, which compromised the emails of numerous US and Canadian entities, serves as a stark reminder of the far-reaching implications of lax cybersecurity practices and the potential national security risks posed by tech monopolies.

Furthermore, the vulnerabilities within Microsoft’s systems have not gone unnoticed by other adversarial nations. In March 2024, reports surfaced indicating that Russia’s SCR foreign intelligence service had exploited vulnerabilities in Microsoft software to infiltrate the company’s internal systems. These incidents underscore the urgent need for heightened vigilance and proactive measures to address the systemic weaknesses inherent in current technological infrastructures.

Compounding these concerns are the recent cyber attacks targeting government agencies in both the United States and Canada, which have raised serious doubts about the adequacy of their cybersecurity measures. In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) experienced breaches in two critical systems: the Infrastructure Protection Gateway and the Chemical Security Assessment Tool. These breaches, which occurred despite the agencies’ purported focus on cybersecurity, highlight the alarming vulnerabilities within government systems and the urgent need for enhanced cybersecurity measures.

Similarly, in Canada, government agencies have fallen victim to cyber breaches, further exacerbating concerns about the security of critical infrastructure and national interests. For instance, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), responsible for monitoring and investigating financial activities related to terrorism and organized crime, suffered a significant cybersecurity breach, compromising its ability to fulfill its crucial mandate.

Additionally, Global Affairs Canada (GAC) experienced malicious cyber activity, prompting an unplanned IT outage to address the security lapse. These incidents underscore the systemic vulnerabilities within government systems and the urgent need for comprehensive cybersecurity reforms.

Despite these alarming developments, both the United States and Canada continue to heavily invest in Microsoft, raising serious questions about the rationale behind such investments and the government’s commitment to addressing cybersecurity concerns. In Canada, the government allocated a staggering $299.8 million to Microsoft during the 2021-2022 fiscal year, despite the country’s smaller federal government size. 

This significant investment, coupled with the alarming vulnerabilities within Microsoft’s systems, underscores the urgent need for a reassessment of government procurement practices and a diversification of technology suppliers to mitigate potential security risks.

In light of these pressing cybersecurity challenges, it is imperative for governments to take proactive measures to strengthen cybersecurity defenses and safeguard critical infrastructure and national interests. This includes diversifying technology suppliers, imposing stricter cybersecurity standards, and holding tech giants like Microsoft accountable for security lapses. 

By prioritizing cybersecurity and adopting a multifaceted approach to cybersecurity governance, governments can better protect themselves and their citizens from cyber threats and mitigate the potentially catastrophic consequences of cyber attacks on critical infrastructure and national security.

Julio Rivera is a business and political strategist, cybersecurity researcher, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.