Members of Congress sent a letter to the Pentagon on Wednesday asking about the department’s efforts to begin rolling out Microsoft’s maximum licenses, known as E5, everywhere next month.
The Pentagon plans to require all decomponents to deploy the full set of Microsoft 365 E5 licenses on its network of Unclassified Internet Protocol (NIPRNet) routers over the next 12 months, as part of its efforts to reach the target point of 0 acceptance as this is true through 2027, according to a draft note first received through Axios.
In a letter, Sens. Eric Schmitt (R-Mo. ) and Ron Wyden (D-Ore. ) said they were “deeply concerned” by the department’s resolution to expand the use of Microsoft and that it is “redoubling its efforts. “”Failed strategy” of expanding dependence on the company’s products.
“While we welcome the department’s resolve to invest in increased cybersecurity, we are deeply involved that the Department of Defense is choosing not to pursue a multi-vendor technique that would lead to increased competition, lower long-term costs, and deliver better cybersecurity outcomes. the lawmakers wrote.
Join us on June 25 and 26 at 1 p. m. EST stands for Federal News Network’s Cloud Exchange, presented through Maximus, where we will explore the progress of civilian agencies in employing the cloud in virtual facilities and federal missions. Sign up today!
“Cybersecurity should be a core attribute of software, not a premium feature that corporations sell to governments and deep-pocketed business customers. With their purchasing power, the Department of Defense’s policies and criteria have the strength to shape business methods that result in more resilient cybersecurity services. Although the Department of Defense mandates complicated cybersecurity products, there are not only positive effects within the U. S. government, but also the effects of the U. S. Department of Defense. Not only does it have a positive impact on the U. S. , but also on the public and personal sectors.
If the memorandum is signed, all parts of the Department of Defense are expected to begin their implementation process by June 3 and complete the transition by June 2, 2025.
“With the long-term deployment of Microsoft E5 in NIPR across the branch, the branch will achieve Zero Trust implementation at the target point [zero trust] through fiscal year 2027, cutting off our attack surface and preventing adversaries from moving freely across our networks and beyond. Protect our critical data,” the draft memo reads.
Microsoft has been criticized for failing to salvage a high-profile hack of government email accounts through a Chinese state-backed organization last summer. The Department of Homeland Security’s Cybersecurity Review Committee concluded that the breaches “were salvageable and have never occurred. “”
As Congress investigates breaches of the email accounts of the most sensible U. S. officials, Microsoft is informing the federal government of its plan to deal with the demanding security situations that have plagued the company in recent years. Brad Smith, Microsoft’s vice president and president, will testify before Congress next month about the most recent circular on serious cybersecurity incidents and the company’s efforts in its internal practices.
In addition to security concerns, the department’s over-reliance on a single person hampers innovation and “results in a waste of taxpayer dollars,” Schmitt and Wyden said.
“The threat is that you focus on a single supplier for those products. You don’t have heterogeneity in your ecosystem. And if there’s a systemic failure, it may just be all of those products. If you can focus on a single provider with no competition, how can you expect to get the most productive out of the breed?And the answer is that you can’t expect to get the most productive out of the breed. This is something that deserves to be a cause for fear for the Ministry of Defence. “And for better or worse, Microsoft doesn’t have the most productive track record,” David Mihelcic, a former leadership generation officer at the Defense Information Systems Agency, told Federal News Network.
“This is something that Congress is pushing the Department of Defense and the rest of the federal government to look into as well,” he added. “Why have they become absolutely captive to a single vendor for a full diversity of features that can be purchased elsewhere?”?”
Read more: Advocacy
Lawmakers are asking Pentagon Chief Information Officer John Sherman for the justification for the resolution to require implementation of the E5 suite, as senators prepare to take up the 2025 defense policy bill next month.
They also ask the Ministry to explain the deadlines set out in the note.
“It would possibly be imperative to do so due to budget constraints. It turns out to be an unenforceable deadline,” Mihelcic said. “The draft memo calls for parts of the Department of Defense to begin implementing E5 by June 3, 2024. Basically, they say, “Do it; Don’t program, don’t align resources with that, don’t program that, just do it. Which to me is a recipe for failure.
At the same time, the Coalition for Fair Software Licensing, which advocates for fair software licensing practices, says that moving to the E5 suite will result in significant price increases while also restricting other vendors’ ability to compete and offer the best. possible. Cybersecurity responses at the table.
“It’s about a branch becoming more entrenched in the Microsoft ecosystem before the company has demonstrated that it has met the recommendations of the CSRB report. Given the significant increase in the cost of E5 licenses and similar services, we are concerned that “This will restrict the ability of other cybersecurity vendors to compete and address vulnerabilities created in government systems due to over-reliance on Microsoft products and security,” said Ryan Triplette, group executive director, to Federal News Network.
Every week, defense journalist Jared Serbu speaks with the heads of the federal government’s department. Subscribe to PodcastOne or Apple Podcasts.