Microsoft’s president addressed Congress on Thursday, acknowledging the company’s responsibility for security lapses that allowed China-linked hackers to breach federal government computer networks, NBC News reported.
During his testimony before the House Homeland Security Committee, Brad Smith expressed a commitment to rectify these security issues in Microsoft’s widely-used products within federal agencies, according to NBC News. However, Republican lawmakers scrutinized Microsoft’s operations in China and questioned how the company could bolster cybersecurity while operating in a country that mandates access to data from businesses.
Smith clarified that Microsoft’s data centers and cloud services in China mainly serve American and other non-Chinese corporations, helping to protect their trade secrets. He noted that the company’s business in China represents a small fraction of its revenue, around 1.4% to 1.5%, the outlet stated.
Microsoft exec vows to fix security gaps that let China-linked hackers get federal emails, but defends presence in China: Microsoft’s president told Congress on Thursday his company accepted responsibility for major security failures that let… https://t.co/ihGdOCoS8D pic.twitter.com/fd1EkHugAX
— Binturong (@NWMNBint) June 14, 2024
“Is it really worth it?” Republican Florida Rep. Carlos Gimenez asked Smith, NBC News reported. Smith stated that Microsoft does not adhere to China’s 2017 national intelligence law, which mandates companies submit data to the government when asked. He revealed that the company has denied some of Beijing’s requests, although he did not offer details.
Gimenez further pressed Smith on how Microsoft manages to defy the law without repercussions. Smith explained that while some countries enforce all their laws strictly, others, like China, do not, NBC News reported. He said Microsoft has rejected certain demands from the Chinese government, maintaining the company’s principles and security standards.
Brad Smith, Vice Chairman and President of Microsoft, is sworn in before testifying about Microsoft’s cybersecurity work during a House Committee on Homeland Security hearing on Capitol Hill in Washington, DC, on June 13, 2024. (Photo by SAUL LOEB/AFP via Getty Images)
The hearing was prompted by a government report released April, which detailed “a cascade of errors” by Microsoft that enabled state-backed Chinese hackers to access email accounts of government employees and senior officials, including the Commerce Secretary Gina Raimondo, the outlet stated. The Cyber Safety Review Board’s report, established by the Department of Homeland Security, criticized Microsoft’s corporate culture for deprioritizing enterprise security investments and rigorous risk management. (RELATED: Multiple Media Outlets File Lawsuit Claiming AI Companies Are Stealing Their Work)
Smith acknowledged the findings of the report and stated that Microsoft is implementing its recommendations. He said the company has deployed approximately 34,000 engineers to enhance security, according to NBC News. Addressing concerns about Microsoft’s security focus, Smith admitted there was an over reliance on a specialized security team, which led to a broader workforce not viewing cybersecurity as a collective responsibility.
