House committee asks Microsoft’s Brad Smith to attend hearing on security lapses

A
House
committee
wants


Microsoft‘s
top
lawyer,
Brad
Smith,
to
attend
a
hearing
this
month
on
exploits
of
the
company’s
software
that
resulted
in
hackers
obtaining
U.S.
government
officials’
emails.

Politicians
regularly
request
that
technology
companies
send
their
leaders
to
Washington.
The
CEOs
of
Alphabet,
Meta
and
TikTok
have
all
answered
questions
from
members
of
Congress
in
recent
years.
Microsoft,
the
world’s
most
valuable
public
company,
sells
subscriptions
to
email
software
that’s
pervasive
in
business
and
government,
making
it
an
obvious
target
for
hackers.

A
proposed
hearing
before
the
House
Committee
on
Homeland
Security,
at
10
a.m.
ET
on
May
22
in
Washington,
would
go
over
Microsoft’s
response
to
China’s
breach
of
U.S.
government
officials’
email
accounts,
which
the
company

disclosed
last
summer.
The
attack
involved
accounts
belonging
to
Commerce
Secretary
Gina
Raimondo,
the
Rep.
Don
Bacon,
R-Neb.,
and
Nicholas
Burns,
the
U.S.
ambassador
to
China.

But
Smith
might
not
necessarily
show
up
at
the
time
the
committee
asked
about
in
a

letter
it
sent
him
on
Thursday.

“We’re
always
committed
to
providing
Congress
with
information
that
is
important
to
the
nation’s
security,
and
we
look
forward
to
discussing
the
specifics
of
the
best
time
and
way
to
do
this,”
a
Microsoft
spokesperson
told
CNBC
in
an
email
on
Thursday.

Last
month,
the
Cyber
Safety
Review
Board
said
in
a
34-page

report
on
the
attack
that “Microsoft’s
customers
would
benefit
from
its
CEO
and
board
of
directors
directly
focusing
on
the
company’s
security
culture.”

Microsoft
CEO
Satya
Nadella
directed
employees
to
put
security
first
in
a

memo
last
week.
The
company
announced

operational
changes
that
address
shortcomings
that
the
independent
federal
board
identified
in
the
report.

Charlie
Bell,
executive
vice
president
for
security,
said
the
Microsoft
would “improve
the
accuracy,
effectiveness,
transparency,
and
velocity
of
public
messaging
and
customer
engagement”
after
the
board
expressed
concern
about
the
company
not
correcting
an
error
in
a
corporate
blog
post
for
months.

In
January,
Microsoft

reported
another
cyberattack.
This
time,
Russian
intelligence
gained
access
to
some
of
the
company’s
top
executives’
email
accounts.

Committee
chairman
Mark
Green,
R-Tenn.,
and
Bennie
Thompson,
D-Miss.,
said
in
their
letter
inviting
Smith
to
the
hearing
that
they
were
encouraged
by
the
company’s
plans
to
overhaul
its
security
practices.
But
they
said
the
company’s
failure
to
stop
attacks
put
Americans
at
risk.

“Given
the
gravity
of
the
issues
discussed
above
and
the
need
for
thorough
examination
and
oversight,
it
is
critical
that
you
appear
before
the
committee,”
Green
and
Thompson
wrote.

WATCH:

Microsoft
needs
to
prioritize
security
over
feature
development:
Former
CISA
Director
Chris
Krebs