Over the past year, Microsoft has faced two cyber attacks, putting the communication systems of U.S. federal agencies at risk. On June 13 (Thursday), Microsoft President Brad Smith testified at a hearing by the House Committee on Homeland Security to answer questions about the security measures taken following hacking incidents by Russian and Chinese hackers.
Last July, Microsoft disclosed that a China-backed hacker group breached its Exchange Online email system in 2023, stealing 60,000 emails from the U.S. State Department, affecting emails of Commerce Secretary Gina Raimondo and several state officials.
In January this year, Microsoft reported another cyber attack incident. This time, the Russian intelligence agency infiltrated some of the company’s email accounts. The Cybersecurity and Infrastructure Security Agency (CISA) earlier this year stated that Russian intelligence hackers also stole emails from multiple federal agencies after infiltrating Microsoft’s systems.
Following these events, Microsoft has faced a barrage of scrutiny from lawmakers and competitors. In April this year, the Cyber Safety Review Board under the Department of Homeland Security stated in a report that hacking activities, especially those linked to the Chinese government, “could have been avoided and should not have occurred at all.”
Microsoft is the world’s largest software company and a key supplier to the U.S. government and national security agencies. Many government agencies rely on Microsoft as the sole operating system, email provider, cybersecurity product supplier, and office software supplier.
The House Committee on Homeland Security said in a statement that lawmakers will review Microsoft’s security vulnerabilities, ensure resilience against cyber attacks, and urge improvements in security measures. They will also discuss the conclusions and recommendations from Microsoft’s board after the Chinese hacker attacks.
At the hearing, Smith will need to provide lawmakers and regulatory agencies assurance and transparency in an airtight security plan to regain trust from the federal government.
In November last year, Microsoft launched a new cybersecurity initiative, citing the need to address “escalating and increasingly risky cyber attacks.”
The company stated at that time, “We are making security Microsoft’s top priority, above all else – above all other functions.”