The president of Microsoft spoke before Congress on Thursday, accepting responsibility for security failings that allowed China-linked hackers to penetrate federal computer networks, NBC News reported.
Testifying before the House Homeland Security Committee, Brad Smith expressed his commitment to fixing security issues in Microsoft products that are widely used by federal agencies. according to Republican lawmakers have scrutinized Microsoft’s operations in China, questioning how the company can strengthen cybersecurity while operating in a country that mandates access to data from companies, according to NBC News.
Smith said Microsoft’s data centers and cloud services in China are mainly provided to U.S. and other non-Chinese companies, helping to protect trade secrets. He noted that the company’s business in China accounts for only 1.4% to 1.5% of its revenue, the media reported.
Microsoft executive vows to fix security flaws that allowed China-linked hackers to obtain federal emails, but defends presence in China Microsoft’s president told Congress on Thursday that the company has accepted responsibility for serious security flaws that allowed China-linked hackers to obtain federal emails. https://t.co/ihGdOCoS8D pic.twitter.com/fd1EkHugAX
— Bintron (@NWMNBint) June 14, 2024
“Is it really worth it?” Republican Rep. Carlos Gimenez of Florida asked Smith, NBC News reported. Smith said Microsoft wasn’t complying with the 2017 National Intelligence Law, which requires it to turn over data if requested by the Chinese government. He said the company had rejected some of Beijing’s requests, without providing details.
Jimenez further pressed Smith on how Microsoft can ignore the law and get away with it. Smith explained that some countries strictly enforce all laws, while others, like China, do not, according to NBC News. He said Microsoft has rejected certain requests from the Chinese government and maintained the company’s principles and security standards.
Microsoft vice chairman and president Brad Smith is sworn in before testifying about Microsoft’s cybersecurity activities during a House Homeland Security Committee hearing on Capitol Hill in Washington, DC, June 13, 2024. (Photo by SAUL LOEB/AFP via Getty Images)
The hearing followed the release of a government report in April. Microsoft The media reported that the vulnerability allowed government-sponsored Chinese hackers to access email accounts of government employees and senior officials, including Secretary of Commerce Gina Raimondo. The report by the Cyber Security Review Board established by the Department of Homeland Security criticized Microsoft’s corporate culture for underestimating corporate security investments and strict risk management. (Related: Multiple media outlets file lawsuits alleging AI companies are stealing their jobs)
Smith acknowledged the report’s findings and said Microsoft was implementing the recommendations. The company has deployed about 34,000 engineers to strengthen security, according to NBC News. Regarding concerns about Microsoft’s focus on security, Smith acknowledged that the company had relied too heavily on a dedicated security team, which resulted in the entire workforce not viewing cybersecurity as a shared responsibility.
