NATO signs up for a Microsoft program that lets them check products for backdoors
A security agreement has been signed between Microsoft and NATO that would allow the organization to make a careful and critical examination of Microsoft products’ source code for backdoors.
The deal extends Microsoft’s 12-year longstanding cybersecurity partnership with the NATO Communications Information (NCI) Agency and marks the company’s latest Government Security Program (GSP) agreement.
Microsoft opened its second European Transparency Centre in Brussels to offer governments a safe location to review its source code by striking a similar agreement with the EU in June.
According to Microsoft, the agreement means the NCI agency will get controlled online access to source code for key Microsoft products including Windows and Office, product susceptibility information, details about Microsoft’s cloud services, and intelligence about cybersecurity threats.
That last piece is of particular importance, especially in light of high-profile attacks on government databases such as the hacking of the U.S. Office of Personnel Management, which the U.S. government blamed on Chinese crackers.
In 2003, Microsoft launched GSP to provide governments around the world with controlled access to Microsoft’s source code. Since its inception, the GSP has grown to encompass a bunch of other types of information, such as access to its Transparency Centers, and susceptibility and threat intelligence from the company.
Products available for inspecting and quality control include multiple editions of Windows and Windows Server, Office, Windows Embedded, Lync and SharePoint 2010.
It’s worth noting that Microsoft’s agreement is with NATO itself, and not its member states. Having said that, Microsoft has other agreements with more than 44 different agencies from 26 governments across the world, including organizations and countries like Australia, Austria, Canada, Poland and Russia. In order to protect them from threats, NATO will be able to share some security information with its constituent states.
The GSP will help participants plan for the migration of services to the cloud and Windows 10 deployments, says Microsoft.
The deal is part of the broader NATO-Industry Cyber Partnership, a program the treaty organization announced at the NATO’s annual cyber conference last year. NATO said that NATO-Industry Cyber Partnership, an initiative that was launched in 2014 to engage industry partners and academia with NATO’s 28 allies have since then made progress. The aim of the partnership is to encourage defenses against cyber attacks that may have an effect on physical infrastructure. Microsoft and NATO have been working together under the auspices of the GSP for the past 12 years.
Ambassador Sorin Ducaru, assistant secretary general of NATO’s emerging security challenges division said “We see this signing as another step forward in the NATO -Industry Cyber Partnership, building a stronger cyber defense network today with Microsoft, but also with other industry partners across the world.”