A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
A version of this article appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
The U.S. government’s increasing reliance on Microsoft is facing fresh scrutiny on Capitol Hill despite the Biden administration’s advocacy for private-sector collaborations to assist with its cybersecurity and technological innovation policies.
Microsoft President Brad Smith is heading to Capitol Hill on Thursday to answer for his company’s struggles to defend the federal government from cyberattacks.
The House Homeland Security Committee hopes to get to the bottom of problems that a federal board of cyberintelligence investigators labeled in March as a “cascade of security failures at Microsoft,” said Reps. Mark Green, Tennessee Republican and committee chairman, and Bennie Thompson of Mississippi, the panel’s top Democrat.
Mr. Green and Mr. Thompson are particularly focused on an incident involving Chinese hacking of Microsoft’s products.
The hackers accessed Microsoft Exchange Online mailboxes in May and June 2023. They breached the email accounts of Rep. Don Bacon, Nebraska Republican, Commerce Secretary Gina Raimondo and others, according to the Cyber Safety Review Board’s March report.
“Given the Microsoft Exchange Online incident and other recent major cyberattacks experienced by the company, the committee is also deeply concerned about the continued integrity of U.S. government data, networks, and information — especially considering Microsoft’s role as a trusted vendor and dominant supplier of information technology for the federal government,” Mr. Green and Mr. Thompson said in a statement last month.
Senators also are running out of patience with Microsoft.
Sens. Eric Schmitt, Missouri Republican, and Ron Wyden, Oregon Democrat, are worried that the Defense Department will mandate the use of Microsoft products.
Last week, The senators said they sent a letter to the Pentagon warning that such a move could waste taxpayer dollars and foster an anti-competitive environment that stymies innovation.
“The risks associated with the government’s dependence on Microsoft were evident when a hacking group associated with the Chinese government known as Storm-0558 successfully compromised 22 enterprise organizations and over 500 individuals globally,” the senators wrote.
Security problems extend beyond Microsoft Exchange hacking. Last year, cybersecurity researcher Anurag Sen discovered an unprotected Microsoft Azure server holding approximately 3 terabytes of government data, including U.S. military emails. Mr. Sen shared some of his findings with The Washington Times.
The Biden administration is not as concerned about Microsoft’s work with the federal government.
Nathaniel C. Fick, the State Department’s inaugural cyberspace ambassador, told Washington Post Live last week that he worries about everything, including reliance on a single technology provider.
“I think it’s essential that we have, we avoid monopolies wherever we can. In technology areas where there’s only one provider, you end up with a much scratchier relationship and more risk,” Mr. Fick said. “But the partnership with Microsoft, in particular, has been so robust, I think, that this kind of collaboration is, at this point, in the DNA of the business.”
Although Big Tech’s allegiance to some artificial intelligence startups appears fuzzy, Microsoft fully aligns with the Biden administration’s foreign policy agenda. The Biden administration leaned on Microsoft’s collaboration in cyber defense for the Ukrainian government.
Microsoft said it is eager to work with Congress.
“We’re always committed to providing Congress with information that is important to the nation’s security,” a Microsoft spokesperson said in a statement.
Please read our comment policy before commenting.