On Friday, May 9th, the United States House of Representatives committee invited Microsoft CEO Brad Smith to testify at a public hearing, which will focus on the company’s network security flaws and their impact on national security.
Chairman of the House Homeland Security Committee Mark Green and the committee’s Democratic Ranking Member Bennie Thompson sent a letter requesting Smith’s attendance at the hearing scheduled for 10:00 a.m. on May 22nd.
In their letter, the lawmakers stated that the hearing would provide an opportunity for Microsoft to present its perspective on a security report released by the U.S. Department of Homeland Security’s Cybersecurity Review Board (CSRB) in March, titled “Review of the Microsoft Online Exchange Incident from Summer 2023”.
The federal report reviewed an incident in 2023 where a hacker group believed to be affiliated with the Chinese Communist Party infiltrated over 22 organizations and more than 500 individuals’ Microsoft Exchange Online mailboxes for espionage purposes.
The report revealed that among those affected were senior U.S. government officials responsible for national security affairs, including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, Assistant Secretary of State for East Asian Affairs Daniel Kritenbrink, and Nebraska Republican Congressman Don Bacon.
Lawmakers emphasized in the letter that as a trusted provider of operating systems, cloud platforms, and productivity software relied upon by U.S. government agencies, including intelligence agencies, Microsoft holds significant responsibility in prioritizing and implementing effective cybersecurity measures.
“However, the CSRB report shows that Microsoft has repeatedly failed to prevent major network intrusions, severely impacting the security and integrity of U.S. government data, networks, and information,” they stressed, underlining the importance of taking decisive action promptly.
In a statement to CNBC, Microsoft expressed its intention to collaborate with the committee but did not confirm whether CEO Smith would attend the May 22nd meeting.
Microsoft stated in the release, “We are committed to providing Congress with crucial information regarding national security, and we look forward to discussing the specific details of the best timing and approach.”
In January of this year, Microsoft reported another cyber attack incident where Russian intelligence accessed the email accounts of some top company executives.
Lawmakers noted in the letter that such cyber intrusion events have eroded public confidence in the company’s capabilities and raised serious questions about its “evident lack of accountability and oversight,” but they also expressed encouragement at Microsoft’s recent commitments to address its security issues.
They stated, “Microsoft holds nearly 85% of the market share in U.S. government productivity software, and therefore, must bear the same responsibility as other suppliers trusted by the U.S. government.”