US lawmakers grill Microsoft president over China ties, hacks

Brad Smith, President of Microsoft (MSFT.O), addressed inquiries regarding the tech giant’s security protocols and relationships with China during a House homeland security panel on Thursday. This session occurred a year after suspected China-linked hackers allegedly conducted espionage on federal emails through Microsoft’s systems. The breach led to the unauthorized access of 60,000 U.S. State Department emails last summer. Additionally, Microsoft disclosed that this year, cybercriminals linked to Russia separately spied on the emails of the company’s senior staff.

The congressional hearing occurs amidst heightened federal scrutiny of Microsoft, the largest software maker globally and a critical vendor to the U.S. government and national security apparatus. Brad Smith highlighted at the hearing that Microsoft’s operations constitute approximately 3% of the U.S. federal IT budget.

Lawmakers questioned Microsoft extensively about its failure to prevent both the Russian and Chinese cyber intrusions, which they argued jeopardized federal networks despite the absence of sophisticated methods used in the attacks.

Democrat Bennie Thompson highlighted that the company emails accessed by Russian hackers also “included correspondence with government officials.”

He emphasized, “Microsoft is a crucial technology and security partner for the federal government, but we must ensure that the significance of this relationship does not lead to complacency or hinder our oversight.”

Lawmakers referenced a damning report from April by the Cyber Safety Review Board (CSRB), a panel of experts established by U.S. Secretary of Homeland Security Alejandro Mayorkas. The report criticized Microsoft for its lack of transparency regarding the China hack, describing it as avoidable.

“At the hearing, Smith acknowledged full responsibility for every finding in the CSRB report,” noting that Microsoft had already initiated actions on most of the recommendations.

“We’re up against formidable adversaries in China, Russia, North Korea, and Iran, and they are continuously improving,” Smith remarked. “They are becoming more assertive… They are launching attacks at an unprecedented frequency.”

Thompson criticized Microsoft for not detecting the hack, which was instead uncovered by the U.S. State Department. In response, Smith defended, stating, “That’s the intended process. No single entity within the ecosystem can have complete visibility.”

Congressman Thompson remained skeptical. “It’s not our role to uncover the perpetrators. That’s what we’re paying you to do,” Thompson asserted.

Panel members also pressed Smith for specifics regarding Microsoft’s operations in China, highlighting its substantial investments in research incentives there.

“Microsoft’s presence in China presents a complex mix of challenges and risks,” remarked Congressman Mark Green of Mississippi, who chaired the panel.

Smith clarified that Microsoft derives approximately 1.5% of its revenue from China and disclosed ongoing efforts to reduce its engineering footprint in the region.

Over the past year, the company has faced increased scrutiny from its peers in the cybersecurity industry due to breaches and perceived lack of transparency.

Smith’s responses at the hearing garnered approval from some panel members, including Republican Congresswoman Marjorie Taylor Greene. “Your acknowledgment of responsibility deserves commendation,” Greene praised.

In response to the board’s critiques, Microsoft announced initiatives to enhance its processes and enforce stricter security standards. In November, it launched a new cybersecurity initiative, emphasizing security as its foremost priority “above all else.”