Microsoft president to testify about security lapses – Security


Microsoft president Brad Smith will testify before a US House of Representatives panel on homeland security, fielding questions about the company’s security practices after Russian and Chinese hackers breached its systems over the past year.



China-linked hackers stole 60,000 US State Department emails last year by breaking into the tech giant’s systems, while a Russian group spied on Microsoft’s senior staff emails earlier this year, according to the company’s disclosures.

In a scathing report in April, the Cyber Safety Review Board – formed by US Secretary of Homeland Security Alejandro Mayorkas – slammed Microsoft for its lack of transparency over the Chinese hack, which the board said had been preventable.

The world’s biggest software-maker, which is also a key vendor to the US government and national security establishment, has faced similar criticism from its security industry peers.

Lawmakers will examine Microsoft’s security lapses, challenges in ensuring defending against cyberattacks, and plans to improve its security measures, the House panel for homeland security said in an earlier statement.

They will also discuss the findings and recommendations of the board report following the Chinese hack.

“Since this is not the first time Microsoft has been the victim of an avoidable cyberattack, and in light of the CSRB’s report, it is now Congress’s responsibility to examine Microsoft’s response to this report,” Congressman Mark Green from Mississippi will tell Smith at the hearing, according to details of his opening statement seen by Reuters.

“Mr. Smith, as a long-time, key leader within Microsoft, I anticipate that you will help us understand the gaps that enabled these recent cyber intrusions.”

Following the board’s criticisms, Microsoft had said it was working on improving its processes and enforce security benchmarks. In November it launched a new cyber security initiative it said was aimed at preparing against the “increasing scale and high stakes of cyberattacks.”

“We are making security our top priority at Microsoft, above all else — over all other features,” the company said at the time.



Source link