Computerworld
Print Article
Close Window

Update: Rival groups debate DHS deal with Microsoft

Other software and operating systems should be considered, the CCIA said

Todd R. Weiss
 

August 28, 2003 (Computerworld)

The Computer & Communications Industry Association (CCIA) is criticizing a decision by the U.S. Department of Homeland Security (DHS) to use Microsoft Corp. software, arguing that recent computer virus and worm attacks against Microsoft products are evidence that such a decision is a poor choice.
The contract, awarded June 27, named Microsoft as the "primary technology provider" to the Department of Homeland Security, supplying desktop and server software critical for the agency.
In a letter yesterday to Tom Ridge, the secretary of the DHS, Ed Black, the CEO and president of the Washington-based CCIA, asked the agency to "reconsider" its decision to use Microsoft software inside an agency with critical security needs (download PDF).
The CCIA represents three of Microsoft's biggest direct competitors, Sun Microsystems, AOL Time Warner Inc. and Oracle Corp., as well as a number of computer electronics and phone companies, including Eastman Kodak Co., Fujitsu Ltd., Nokia Corp. and NTT Communications Corp.
"We believe that for software to be truly secure it must be well written from the outset, with security considerations given a high priority," Black wrote in his letter. "Unfortunately, there is ample evidence that for many years economic, marketing and even anticompetitive goals were far more important considerations than security for Microsoft's software developers, and these broader objectives were often achieved at the cost of adequate security.
"Also, from a security standpoint, the lack of diversity within a networked system amplifies the risk emanating from any vulnerabilities that do exist," he wrote. "But diversity is difficult without interoperability, and the benefits of interoperating with more robust systems can be blocked if any dominant player does not cooperate in fostering interoperability."
Jonathan Zuck, president of a rival industry group, the Association for Competitive Technology (ACT), in Washington, said in a statement today that Black's letter smacks of favoritism to the CCIA's own members. Microsoft is a member of the ACT.
"It is appalling that Ed Black and CCIA would exploit our nation's security for politics and greed," Zuck wrote. "CCIA's concerns are not based on good security or public policy, but business opportunities for the horde of Microsoft competitors it represents.To benefit its member companies like Oracle and Sun, CCIA repeatedly has attempted to hobble Microsoft using the political process here and abroad. This is just more of the same."
"Security is the No. 1 issue for the software industry," Zuck wrote. "Instead of this mercenary rhetoric, our industry needs to be focused on working together to improve security across the board and ensuring good security practices inside large organizations."
The DHS awarded Microsoft a $90 million enterprise software deal just two days after company Chairman Bill Gates met with Ridge in Washington (see story).
A DHS spokesperson said today that the agency had not received the CCIA letter yet and therefore couldn't comment on it. Asked for details about the DHS contract, Microsoft officials said they were looking into agreement.
In an interview yesterday, Black said his group reacted publicly because of the recent Blaster and Sobig.f viruses and worms that have caused problems on Microsoft-equipped computer systems since last week. "It's no secret that Microsoft isn't the most secure software around," Black said. "We care a lot about homeland security. The issue about [DHS] setting a good example on security has also come up before."
The group was "somewhat surprised and a little disappointed" by the DHS decision to use Microsoft software as a preferred choice, Black said. "They really should revisit this decision," he added. "They should be urging the best products, the most secure products."
Other software and operating systems, including Linux, Unix and Mac OS, should be considered, Black said. "In our office, we integrate Windows, Linux and Macintosh. There should be a certain recognition that diversity ... has some benefits."
In his letter, Black noted that the CCIA has recently pointed out in submissions to the Bush administration and Congress that there are "dangers of relying on single suppliers for information technology" and "the inherent risks associated with homogenous systems."