Microsoft President Brad Smith was called before the US House Committee on Homeland Security following concerns that the company’s operating procedures left their governmental clients exposed to security threats.
Concerns about Microsoft’s Security
Smith was questioned about the tech giant’s plans for improving its system security. This came about after a series of federal US officials’ email account hacks last year prompted questions about Microsoft’s suitability as a chief government contractor. A federal cybersecurity oversight board found that the breach could have been avoided and cited a corporate culture of security that requires revision.
The hacking incidents were allegedly linked to China’s Ministry of State Security. The hackers created digital keys that enabled them to impersonate any Microsoft customer. They posed as employees of 22 organizations, including the US State Department and Department of Commerce and accessed the email of Gina Raimondo, Secretary of Commerce and others. This incident led to severe criticism of Microsoft and calls from competing companies and certain authorities to decrease the government’s dependence on Microsoft.
Questions regarding Military Dependency on Microsoft
Last month, two senators questioned the Pentagon about its decision to increase the Department of Defense’s non-classified system’s technical security by purchasing expensive Microsoft licenses instead of opting for cheaper solutions from other vendors. During the hearing, Smith was questioned about the risks of the military’s dependency on a solitary provider. His response was that an environment with multiple providers is equally risky as hackers can infiltrate the connecting points between two systems. Smith refrained from giving a direct answer when questioned about a Microsoft security expert who repeatedly reported system vulnerabilities previously used in compromising another vendor’s system. Smith said the vulnerability was related to the industry standard and not a specific Microsoft product.
Microsoft’s Business Involvement in China
Questions about Microsoft’s involvement in China were also raised. According to Smith, Microsoft earns 1.5% of its revenue from China. It primarily operates in China to service other American companies and does not adhere to the law requiring all organizations to support local security organs and armed forces. Smith spoke of a new initiative at Microsoft focusing on security, which has already employed 1600 specialist engineers and it plans to add 800 more positions in the following year. He ensured that security has now become a priority for the company and promised to implement recommendations made by the White House’s oversight board for not just Microsoft but for the industry as a whole.
New ‘Recall’ Feature Raises Eyebrows
Smith’s testimony raised eyebrows among the public who pointed to the recently announced Recall feature for Windows, which takes screen snapshots every few seconds, allowing users to restore their previous actions. Microsoft assured that only the user has access to their activity history and the data would be stored locally. However, anyone with administrator rights on a computer will be able to spy on all activity occurring on that computer, and in the event of a hack, cybercriminals could export and read financial system account details and encrypted messages. Microsoft didn’t comment on these allegations for over a week until they eventually promised to add security measures for the Recall feature. Following Smith’s Congressional hearings, the company announced a delay in Recall’s rollout.