Dive Brief:
- A top Microsoft executive will testify next month before the House Committee on Homeland Security on recent cyberattacks that impacted the company and its customers, and Microsoft’s revitalized security strategy.
- Brad Smith, Microsoft’s president and vice chair, will testify on June 13 in a hearing set to “examine the company’s security shortcomings, challenges encountered in preventing significant cyber intrusions, and its plans to strengthen security measures,” the committee said Tuesday.
- The committee previously requested Smith to testify in a hearing scheduled for May 22, but Microsoft asked for additional time and more information. “We’re always committed to providing Congress with information that is important to the nation’s security, and we look forward to discussing the specifics of the best time and way to do this,” a company spokesperson said at the time. Microsoft did not respond to a request for comment after the hearing was scheduled.
Dive Insight:
The congressional inquiry on Capitol Hill extends the fallout from last month’s searing Cyber Safety Review Board report about Microsoft’s security failures and the wave of criticism the company is confronting from across the industry and government.
A pair of major nation-state intrusions into Microsoft’s core platforms underscore the company’s cultural and technical defects. The CSRB report said a “cascade of security failures at Microsoft” allowed a China-affiliated threat group to compromise Microsoft Exchange accounts last May.
The attack compromised 22 enterprise organizations and over 500 individuals, including key U.S. officials and Secretary of Commerce Gina Raimondo.
Microsoft enacted a cybersecurity overhaul, dubbed the secure future initiative, in November and earlier this month expanded the effort with plans to restructure its cybersecurity governance model.
At the RSA Conference in San Francisco earlier this month, federal cyber officials and cybersecurity experts said they’re hopeful Microsoft will improve its security and point to key measures of the company’s overhaul, including a direct link between security and executive compensation, as a key driver of that effort.
Smith previously testified before Congress in 2021 on behalf of Microsoft in the wake of the Sunburst supply-chain attack that planted backdoors into the SolarWinds Orion IT monitoring system.