The Computer & Communications Industry Association (CCIA) is criticizing last month’s decision by the U.S. Department of Homeland Security (DHS) to exclusively use Microsoft Corp. software, arguing that recent computer virus and worm attacks against Microsoft products are evidence that such a decision is a poor choice.
In a letter Wednesday to Tom Ridge, the secretary of the DHS, Ed Black, the CEO and president of the Washington-based CCIA, asked the agency to “reconsider” its decision to use Microsoft software inside an agency with critical security needs.
“We believe that for software to be truly secure it must be well written from the outset, with security considerations given a high priority,” Black wrote in his letter. “Unfortunately, there is ample evidence that for many years economic, marketing and even anticompetitive goals were far more important considerations than security for Microsoft’s software developers, and these broader objectives were often achieved at the cost of adequate security.
“Also, from a security standpoint, the lack of diversity within a networked system amplifies the risk emanating from any vulnerabilities that do exist,” he wrote. “But diversity is difficult without interoperability, and the benefits of interoperating with more robust systems can be blocked if any dominant player does not cooperate in fostering interoperability.”
The DHS awarded Microsoft a US$90 million enterprise software deal last month, just two days after company Chairman Bill Gates met with Ridge in Washington.
A DHS spokesman couldn’t be reached for comment on the CCIA letter late Wednesday afternoon. A spokesman for Microsoft was also unavailable by deadline.
In an interview Wednesday, Black said his group reacted publicly because of the recent Blaster and Sobig.f viruses and worms that have caused problems on Microsoft-equipped computer systems since last week. “It’s no secret that Microsoft isn’t the most secure software around,” Black said. “We care a lot about homeland security. The issue about (DHS) setting a good example on security has also come up before.”
The group was “somewhat surprised and a little disappointed” by the DHS decision to use Microsoft software as a preferred choice, Black said. “They really should revisit this decision,” he added. “They should be urging the best products, the most secure products.”
Other software and operating systems, including Linux, Unix and Mac OS, should be considered, Black said. “In our office, we integrate Windows, Linux and Macintosh. There should be a certain recognition that diversity … has some benefits.”
In his letter, Black noted that the CCIA has recently pointed out in submissions to the Bush administration and Congress that there are “dangers of relying on single suppliers for information technology” and “the inherent risks associated with homogenous systems.”