Cyberattacks: Microsoft President Brad Smith to Testify Before House Homeland Security Committee

by

Lawmakers will also look at how Microsoft ‘plans to strengthen security measures’ following a 2023 cyber intrusion by ’threat actors’ affiliated with China.

Microsoft’s vice chairman and president, Brad Smith, will testify before Congress next month on the tech giant’s alleged “security shortcomings” following multiple cyberattacks, lawmakers announced on May 21.

Mr. Smith will testify before the House Homeland Security Committee on June 13, the committee said in a press release.

The hearing will also examine the “challenges encountered in preventing significant cyber intrusions,” at Microsoft, House Committee on Homeland Security Chairman Mark E. Green (R-Tenn.) and Ranking Member Bennie G. Thompson (D-Miss.) announced.

Lawmakers will also look at how Microsoft “plans to strengthen security measures” in the wake of the Cyber Safety Review Board’s (CSRB) report on the Microsoft Online Exchange 2023 cyber intrusion by “threat actors” affiliated with China.

The hearing marks the first time Mr. Smith has appeared before a congressional committee to discuss a cybersecurity issue since 2021, when at least seven agencies, including the Departments of Defense, State, Homeland Security, Energy, Treasury, and Commerce were compromised due to information-stealing malware planted in SolarWinds software updates.

A Russian-based hacking group was suspected of being behind that incident, widely known as the SolarWinds hack.

Related Stories

Cyberattacks: EPA Urges Water Utilities to Take Immediate Action to Protect Water Supply
Fallout from Massive Cyberattack Against one of Largest Health Care Companies in US

June’s hearing also comes roughly one year after a hacking group linked to the Chinese communist regime, called Storm-0558, was implicated in the breach of thousands of emails from top U.S. officials, including those from several U.S. government agencies.

Roughly 60,000 emails were stolen from the State Department alone during that attack, which occurred just weeks ahead of Secretary of State Antony Blinken’s high-profile visit to Beijing.

‘Avoidable Errors’

According to Microsoft, the hacking group was able to access the emails after obtaining a private encryption key, known as an MSA key, and used it to forge access tokens for the Outlook Web Access (OWA) and Outlook.com services before Microsoft resolved the issue.

At the time, the tech giant said it had deployed “in-depth measures to harden all systems involved,” in the cyberattack and successfully blocked the hack.

However, a government advisory board established by President Joe Biden stated in a report published earlier this year that the intrusion occurred due to “the cascade of Microsoft’s avoidable errors” and that the company had failed to “detect the compromise of its cryptographic crown jewels on its own, relying instead on a customer to reach out and identify anomalies the customer had observed.”

“The board finds that Microsoft had not sufficiently prioritized rearchitecting its legacy infrastructure to address the current threat landscape,” the report read.

‘Integrity of Government Data’

Reps. Green and Thompson said they are pleased Mr. Smith will appear before the committee to share information on how Microsoft is responding to the “grave homeland security threats.”

“Given the Microsoft Exchange Online incident and other recent major cyberattacks experienced by the company, the Committee is also deeply concerned about the continued integrity of U.S. government data, networks, and information–especially considering Microsoft’s role as a trusted vendor and dominant supplier of information technology for the federal government,” they said.

“We look forward to Mr. Smith’s testimony and anticipate a productive discussion that advances our shared goal of strengthening cybersecurity practices for the cloud and addressing any vulnerabilities in the company’s security culture,” they continued. “This includes building confidence about a path forward to enhance the collective cyber defense of federal civilian networks and the private sector as threats rise from nefarious nation-state actors and opportunistic cybercriminals.”

“It is our hope that Microsoft plays a leading role in accomplishing this mission,” the lawmakers added.

June’s hearing is entitled: “A Cascade of Security Failures: Assessing Microsoft Corporation’s Cybersecurity Shortfalls and the Implications for Homeland Security,” and will be livestreamed on YouTube, according to Reps. Green and Thompson.

Original News Source Link – Epoch Times

Running For Office? Conservative Campaign Consulting – Election Day Strategies!