Tech
Microsoft president testifies over security lapses after China-linked hack
“Microsoft is one of the federal government’s most important technology and security partners, but we cannot afford to allow the importance of that relationship to enable complacency or interfere with our oversight,” he added.
The hearing drew on the findings of a scathing report in April by the Cyber Safety Review Board (CSRB) – formed by US Secretary of Homeland Security Alejandro Mayorkas – which slammed Microsoft for its lack of transparency over the Chinese hack that it said was preventable.
“We accept responsibility for each and every finding in the CSRB report,” Smith said in his opening statement, adding that the company had already begun working on a majority of the report’s recommendations.
He said cyberattacks had increased and become sophisticated over time, and public-private partnerships were critical in defending against them.
“We’re dealing with formidable foes in China, Russia, North Korea, Iran, and they’re getting better,” said Smith. “They’re getting more aggressive … They’re waging attacks at an extraordinary rate.”
When questioned about why Microsoft could not discover the Chinese intrusion and it was the State Department that did, Smith said: “That’s the way it should work. No one entity in the ecosystem can see everything.”
But Thompson was not convinced.
“It’s not our job to find the culprits. That’s what we’re paying you for,” Thompson told Smith.
Lawmakers also pushed Smith for details on Microsoft’s business and presence in China.
“Over the years, Microsoft has invested heavily in China setting up research incentives, including the Microsoft Research Asia centre in Beijing,” said congressman Mark Green from Mississippi, chairman of the homeland security panel.
“Microsoft’s presence in China creates a mix of complex challenges and risks. We have to talk about that today.”
Smith said around 1.5 per cent of the company’s revenue came from China, and that it was working on reducing its engineering presence there.
The world’s biggest software-maker and a major vendor to the US government and national security establishment, Microsoft has faced heightened criticism from its security industry peers over the past year over the breaches and lack of transparency.