America needs to treat ‘the cloud’ as critical infrastructure

Excerpt

When it comes to cybersecurity and Communist China, Microsoft needs to get its act together — and so does the American government.

When an independent board of experts tells a company — which boasts to its customers about the security its products offers — that its corporate culture in fact deprioritizes cybersecurity, it might be time for some self-reflection. When that company plays a dominant role providing essential technology services to the U.S. government, critical infrastructure, tens of thousands of companies and tens of millions of Americans, the federal government also needs to self-reflect.

This month, the Cyber Safety Review Board (CSRB) released a damning report on Microsoft’s cybersecurity failings, following revelations last summer that China’s hackers leveraged compromised Microsoft systems to access the email accounts of senior American officials. The report does not mince words: This cyberattack was “preventable,” and “should never have happened,” and was the result of a “cascade of security failures at Microsoft.”

Rear Adm. (Ret.) Mark Montgomery is a senior fellow and senior director of the Center for Cyber and Technology Innovation at the Foundation for Defense of Democracies. He served as executive director of the congressionally mandated Cyberspace Solarium Commission.