Microsoft president testifies on security lapses after China-linked hack
What's the story
Microsoft's president Brad Smith has testified before a US House panel on homeland security, addressing concerns about the company's security practices and its relationship with China. This appearance follows a breach last year by Chinese hackers who infiltrated Microsoft's systems and spied on federal emails. The breach resulted in the theft of 60,000 US State Department emails, as confirmed by Microsoft. In a separate incident, a Russian group surveilled Microsoft's senior staff emails this year.
Criticism
Lawmakers grill Smith over security measures
Lawmakers have criticized Smith for Microsoft's failure to prevent these breaches, which they argue posed a significant risk to federal networks. Democratic congressman Bennie Thompson highlighted that "Microsoft is one of the federal government's most important technology and security partners." "We cannot allow the importance of that relationship to lead to complacency or interfere with our oversight," he added.
Transparency concerns
Cyber Safety Review Board recently criticized Microsoft's transparency
The hearing also referenced a report by the Cyber Safety Review Board (CSRB), which criticized Microsoft for its lack of transparency regarding the Chinese breach. Smith acknowledged the findings of the CSRB report and stated that the company had already begun implementing most of the report's recommendations. He also acknowledged that cyberattacks have increased and become more sophisticated over time and public-private partnerships should play a crucial role in defending against them.
China operations
Microsoft's business in China under scrutiny
Smith was also questioned about Microsoft's business in China. He disclosed that approximately 1.5% of the company's revenue is generated from China and that they are working to reduce their engineering presence there. Despite these efforts, Microsoft has faced increased criticism from its security industry peers over the past year due to breaches and perceived lack of transparency.