Microsoft’s vice chairman and president, Brad Smith, will testify before Congress next month on the tech giant’s alleged “security shortcomings” following multiple cyberattacks, lawmakers announced on May 21.
Mr. Smith will testify before the House Homeland Security Committee on June 13, the committee said in a press release.
The hearing will also examine the “challenges encountered in preventing significant cyber intrusions,” at Microsoft, House Committee on Homeland Security Chairman Mark E. Green (R-Tenn.) and Ranking Member Bennie G. Thompson (D-Miss.) announced.
Lawmakers will also look at how Microsoft “plans to strengthen security measures” in the wake of the Cyber Safety Review Board’s (CSRB) report on the Microsoft Online Exchange 2023 cyber intrusion by “threat actors” affiliated with China.
A Russian-based hacking group was suspected of being behind that incident, widely known as the SolarWinds hack.
June’s hearing also comes roughly one year after a hacking group linked to the Chinese communist regime, called Storm-0558, was implicated in the breach of thousands of emails from top U.S. officials, including those from several U.S. government agencies.
‘Avoidable Errors’
According to Microsoft, the hacking group was able to access the emails after obtaining a private encryption key, known as an MSA key, and used it to forge access tokens for the Outlook Web Access (OWA) and Outlook.com services before Microsoft resolved the issue.At the time, the tech giant said it had deployed “in-depth measures to harden all systems involved,” in the cyberattack and successfully blocked the hack.
‘Integrity of Government Data’
Reps. Green and Thompson said they are pleased Mr. Smith will appear before the committee to share information on how Microsoft is responding to the “grave homeland security threats.”“Given the Microsoft Exchange Online incident and other recent major cyberattacks experienced by the company, the Committee is also deeply concerned about the continued integrity of U.S. government data, networks, and information–especially considering Microsoft’s role as a trusted vendor and dominant supplier of information technology for the federal government,” they said.
“We look forward to Mr. Smith’s testimony and anticipate a productive discussion that advances our shared goal of strengthening cybersecurity practices for the cloud and addressing any vulnerabilities in the company’s security culture,” they continued. “This includes building confidence about a path forward to enhance the collective cyber defense of federal civilian networks and the private sector as threats rise from nefarious nation-state actors and opportunistic cybercriminals.”
“It is our hope that Microsoft plays a leading role in accomplishing this mission,” the lawmakers added.
June’s hearing is entitled: “A Cascade of Security Failures: Assessing Microsoft Corporation’s Cybersecurity Shortfalls and the Implications for Homeland Security,” and will be livestreamed on YouTube, according to Reps. Green and Thompson.
