A PYMNTS Company

Microsoft President Grilled on Security and China Ties in Congressional Hearing

 |  June 16, 2024

Microsoft President Brad Smith appeared before a House Homeland Security panel on Thursday to address pressing concerns about the company’s security measures and its connections with China. This hearing comes nearly a year after alleged China-linked hackers infiltrated the firm’s systems to spy on federal emails.

Last summer, these hackers accessed 60,000 U.S. State Department emails by breaching Microsoft’s security, according to the company’s disclosures. Additionally, Russian-linked cybercriminals compromised the emails of Microsoft’s senior staff earlier this year. These breaches have intensified federal scrutiny of Microsoft, a crucial software provider to the U.S. government, responsible for about 3% of the federal IT budget.

Lawmakers were particularly critical of Microsoft’s inability to prevent the security breaches attributed to both Russian and Chinese hackers. They argued that these incidents posed significant risks to federal networks, highlighting that the methods used by the hackers were not particularly sophisticated.

Related: Microsoft President Brad Smith to Testify Before Congress on Security Breaches

Democratic Representative Bennie Thompson emphasized the seriousness of the situation, noting that the Russian hackers’ access included correspondence with government officials. “Microsoft is one of the federal government’s most important technology and security partners,” Thompson stated. “But we cannot afford to allow the importance of that relationship to enable complacency or interfere with our oversight.”

The hearing also referenced a damning report from April by the Cyber Safety Review Board (CSRB), a group of experts established by U.S. Secretary of Homeland Security Alejandro Mayorkas. The CSRB’s report criticized Microsoft for a lack of transparency regarding the China hack and labeled the breach as preventable.

Smith accepted responsibility for the CSRB report’s findings and assured the panel that Microsoft has already begun implementing many of the report’s recommendations. “We’re dealing with formidable foes in China, Russia, North Korea, Iran, and they’re getting better,” Smith said. “They’re getting more aggressive … They’re waging attacks at an extraordinary rate.”

Thompson also criticized Microsoft for its failure to detect the breach, which was ultimately discovered by the U.S. State Department. Smith defended the company’s actions, stating, “That’s the way it should work. No one entity in the ecosystem can see everything.”

Source: Reuters