Following a sophisticated cyber breach by Chinese hackers targeting senior US government officials, Microsoft has announced a significant expansion of free logging capabilities to strengthen cybersecurity defenses across federal institutions.
The action follows revelations that a cyberattack went unnoticed for months, raising questions about the availability of critical security safeguards.
What Exactly Happened?
Last year in July 2023, hackers affiliated with the Chinese government exploited a Microsoft signing key to breach the email accounts of high-ranking U.S. government officials. The breach, which remained undetected until the U.S. State Department utilized an expensive logging option, highlighted the critical importance of cybersecurity measures in safeguarding sensitive government information.
Microsoft faced intense scrutiny following the revelation, particularly regarding its practice of charging premiums for essential security features. In response, the tech giant swiftly announced plans to enhance the accessibility of logs, acknowledging the necessity of such measures in combating evolving cyber threats.
This is How Microsoft Responded
The latest development sees Microsoft extending free logging capabilities to all Purview Audit standard customers, including U.S. federal agencies. This expansion follows six months of collaboration with key stakeholders, including the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Management and Budget (OMB), and the Office of the National Cyber Director (ONCD).
Under the new initiative, the tech giant will automatically enable expanded logs for customer accounts, doubling the default log retention period from 90 to 180 days. This enhancement aligns with CISA’s Secure by Design guidance, which advocates for the provision of high-quality audit logs to customers at no additional cost.
The collaboration between Microsoft and federal agencies has also yielded a new Expanded Cloud Log Implementation Playbook, designed to equip agencies with detailed insights into leveraging available logs for threat detection and incident response operations.
Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity, lauded the progress made, emphasizing the importance of accessible security logs in fortifying the nation’s cybersecurity posture.
“We look forward to continued progress with our partners to ensure that every organization has access to necessary security logs– a core tenet of our Secure by Design guidance in support of the National Cybersecurity Strategy. Every organization has the right to safe and secure technology, and we continue to make progress toward this goal,” said Goldstein in an official statement.
Chris DeRusha, Federal Chief Information Security Officer and Deputy National Cyber Director, echoed Goldstein’s sentiments, emphasizing the pivotal role of upgraded logging features in enhancing threat detection capabilities amidst the federal government’s transition to cloud environments.
“The upgraded logging features now available to Microsoft’s government community cloud customers will provide greater visibility, and enable our network defenders to enhance their threat detection capabilities,” said DeRusha.
Candice Ling, Senior Vice President at Microsoft Federal, reaffirmed the company’s dedication to partnering with the federal government to bolster cybersecurity defenses. Ling stressed the vital role of advanced logging in countering sophisticated cyber threats, particularly those orchestrated by well-resourced state-sponsored actors.
“Microsoft will continue to play a critical role in partnering with the federal government to reinforce our commitment to secure by design and further enhance the security baseline of our nation,” said Ling.
This initiative to expand free logging capabilities represents a significant step towards enhance the nation’s cyber defenses, reinforcing the principle of secure-by-design in an ever-changing digital landscape.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.