Microsoft President Brad Smith testified at a House homeland security subcommittee on Thursday, a year after claimed China-linked hackers hacked the company and spied on federal emails
According to Microsoft’s disclosures, the hackers gained access to 60,000 U.S. State Department emails by breaching its systems last summer, and cybercriminals affiliated with Russia conducted a distinct investigation of Microsoft’s senior staff emails this year.
The congressional hearing is scheduled to take place in the context of heightened federal scrutiny of Microsoft, the world’s largest software manufacturer and a critical vendor to the U.S. government and national security establishment.
Smith stated during the hearing that Microsoft’s operations comprise approximately three percent of the federal IT budget in the United States.
Lawmakers criticized Microsoft for failing to prevent the Russian and Chinese breaches, which they claimed endangered federal networks despite the absence of sophisticated measures.
The company’s emails that Russian hackers accessed also “included correspondence with government officials,” according to Democrat Bennie Thompson.
“Microsoft is one of the federal government’s most important technology and security partners, but we cannot afford to allow the importance of that relationship to enable complacency or interfere with our oversight,” said the official.
The Cyber Safety Review Board (CSRB), a group of experts established by U.S. Secretary of Homeland Security Alejandro Mayorkas, issued a critical report in April that criticized Microsoft for its failure to disclose the China breach.
The report characterized the hack as preventable. Lawmakers cited these findings.
Smith stated at the hearing that Microsoft had implemented most of the report’s recommendations and accepted blame for every finding in the CSRB report.
“We’re dealing with formidable foes in China, Russia, North Korea, Iran, and they’re getting better,” according to Smith. “They’re getting more aggressive … They’re waging attacks at an extraordinary rate.”
The hack was discovered by the U.S. State Department, rather than Smith’s corporation, which Thompson criticized for its failure to detect. In response, Smith stated, “That is the appropriate course of action.” “No single entity within the ecosystem can observe everything.”
However, Congressman Thompson was not persuaded.
“It is not our responsibility to identify the perpetrators.” Thompson stated, “That is the reason we are compensating you.”
Smith was also questioned by the panel members regarding Microsoft’s operations in China, as they observed that the company had made substantial investments in the establishment of research incentives.
The panel was convened by Congressman Mark Green of Mississippi, who stated that Microsoft’s presence in China presents a combination of intricate challenges and risks.
Smith stated that Microsoft is currently in the process of reducing its engineering presence in China, where it generates approximately 1.5% of its revenue.
Over the past year, the company has been subjected to increased criticism from its security industry rivals due to the breaches and lack of transparency.
Some members of the panel, including Republican Congresswoman Marjorie Taylor Greene, expressed their admiration for Smith’s responses during the hearing. “You said you accept a responsibility, and I just want to commend you for that,” Greene indicated.
Microsoft had announced that it was in the process of enhancing its processes and enforcing security benchmarks in response to the board’s criticisms.
It initiated a new cybersecurity initiative in November and declared that security would be the company’s primary focus “above all else – over all other features.”
