Microsoft CEO gives testimony regarding security shortcomings
Brad Smith, president of Microsoft, has appeared in front of a US House committee on national security, addressing inquiries about its security protocols and connections to China a year after Chinese hackers spied on government emails by breaching the tech behemoth’s systems.
Hackers linked to China pilfered 60,000 US State Department emails by breaching the tech giant’s systems last year, while a Russian faction spied on Microsoft’s top staff emails this year, according to the company’s disclosures.
Smith faced intense questioning from legislators for Microsoft’s failure to thwart both intrusions that were described as lacking sophistication and posed recurrent threats to government networks.
The emails of Microsoft accessed by Russian hackers also contained “exchanges with government officials,” mentioned Democrat Bennie Thompson.
“Microsoft stands as one of the federal government’s most critical technology and security collaborators, nevertheless, we must not allow the significance of this relationship to foster negligence or impede our oversight,” he emphasized.
The hearing was based on the revelations from a damning report from April by the Cyber Safety Review Board (CSRB) – assembled by US Secretary of Homeland Security Alejandro Mayorkas – which criticized Microsoft for its absence of transparency concerning the preventable Chinese hack.
“We acknowledge accountability for each determination made in the CSRB report,” stated Smith in his introductory remarks, noting that the company had already initiated action on a majority of the report’s suggestions.
He highlighted the escalating and sophisticated nature of cyber threats over time, emphasizing the necessity of public-private partnerships in combating them.
“We face formidable adversaries in China, Russia, North Korea, Iran, and they are enhancing their capabilities,” mentioned Smith. “Their aggression is on the rise, launching attacks at an alarming rate.”
When asked why Microsoft didn’t detect the Chinese breach and it was the State Department that did, Smith responded: “That’s the appropriate process. No single entity in the ecosystem can have total visibility.”
However, Congressman Thompson remained unconvinced.
“It’s not our duty to identify the perpetrators. That is your responsibility,” Thompson asserted to Smith.
Legislators also probed for more information on Microsoft’s operations and influence in China.
“Over the years, Microsoft has made significant investments in China, establishing research incentives, such as the Microsoft Research Asia center in Beijing,” outlined Congressman Mark Green from Mississippi, head of the national security panel.
“Microsoft’s presence in China brings forth a myriad of intricate challenges and risks. This must be addressed today.”
Smith mentioned that roughly 1.5 percent of the company’s revenue originated from China and that efforts were underway to diminish its engineering operations in the country.
As the largest software company globally and a crucial supplier to the US government and national security sector, Microsoft has faced mounting criticisms from its security industry peers over the past year due to breaches and lack of transparency.
Following the criticisms from the board, Microsoft expressed its commitment to enhancing its procedures and enforcing stringent security standards.
In November, it launched a new cybersecurity initiative, emphasizing that security was the company’s topmost priority “over and above all other features.”
About Author
