House panel leaders are calling on Microsoft’s president to testify about security shortcomings

Leaders of the House Homeland Security Committee want Microsoft President Brad Smith to testify before their panel in the wake of mounting cybersecurity incidents that have drawn some rather negative attention to the tech giant.

The committee is specifically focusing on the Cybersecurity Review Commission’s report, which blamed Microsoft’s “cascade of security failures” that contributed to the theft by Chinese government-linked hackers last summer of thousands of emails, including those from federal agencies. .

“As a trusted provider of operating systems, cloud platforms and productivity software to U.S. government agencies, including U.S. intelligence agencies, Microsoft has an enormous responsibility to prioritize and implement effective cybersecurity measures,” Chairman Mark Green, R-Tenn. and top panel Democrat Bennie Thompson of Mississippi wrote in a letter to Smith on Thursday.

The lawmakers continued: “However, the CSRB report revealed that Microsoft repeatedly failed to prevent significant cyber intrusions, which had serious consequences for the security and integrity of U.S. government data, networks and information and put Americans – including U.S. government officials – at risk.”

The panel plans a hearing for May 22.

“While Microsoft’s cooperation with the CSRB investigation was encouraging, the numerous failings revealed in the report led to serious threats to our homeland and must be fully investigated by this committee,” Green said in a written statement to CyberScoop. “As cyber threats from China, Russia, Iran and other countries continue to grow, it is critical that a key supplier of operating systems, cloud platforms and productivity software to the U.S. government can protect its systems and properly implement cybersecurity measures to prevent cyber intrusions .

“We believe that recent events have undermined this trust and the Commission must fully investigate them,” he continued. “We look forward to working with the company as we work to increase the security and resiliency of our federal networks.”

Microsoft said it welcomed the discussion but had not yet set a date for the hearing.

“We always strive to provide Congress with information important to the nation’s security, and we look forward to discussing the details of the best time and way to do so,” a Microsoft spokesman said.

The incident described in the report is not the only one making headlines involving Microsoft and federal agencies. The Cybersecurity and Infrastructure Security Agency issued an emergency directive to address another breach that occurred in January.

With dismay over Microsoft’s growing number of vulnerabilities in Washington, the company announced organizational changes aimed at improving its security culture. Homeland Security Committee leaders said one goal of the hearing is to examine Microsoft’s future plans for improvements.

Tim Starks

Written by Tim Starks

Tim Starks is a senior reporter at CyberScoop. His previous stops include work at The Washington Post, POLITICO and Congressional Quarterly. He is from Evansville, Indiana and has been involved in cybersecurity since 2003. Email Tim here: [email protected].