Congress will hold a hearing to investigate Microsoft’s security breaches

Microsoft CEO Brad Smith will testify before the U.S. House of Representatives Committee on Homeland Security during a hearing into the company’s security lapses. Smith acknowledged the issues highlighted in the U.S. Cybersecurity Review Board’s report and expressed Microsoft’s commitment to making changes. The company introduced its Secure Future initiative, with CEO Satya Nadella pledging to prioritize security. Microsoft is working to implement all CSRB recommendations, including updating the “Restore” feature on Copilot+ computers to address security issues.

Questions have been raised about Microsoft’s commitment to the security of new product features given issues with its core software and services. Smith will have to answer questions about whether, despite these shortcomings, the company earns up to $20 billion a year from security products. The hearing, titled “Cascade of Security Failures,” will focus on a high-profile incident involving a Chinese hacking group that breached the Microsoft Exchange Online mailboxes of more than 500 people and 22 organizations, including senior U.S. government officials.

In his written testimony, Smith emphasized the broader geopolitical context, warning about potential cooperation between China, Russia, Iran and North Korea on cyber operations. He emphasized the importance of companies like Microsoft in defending against cyber threats and playing a leading role in protecting customers and allies. Critics hope the hearing will raise awareness of the security threats posed by Microsoft’s dominant position in the U.S. government office software market and quickly reassess the choices of cloud software and services by government officials and corporate policymakers.

The focus on Microsoft’s security lapses comes after a successful Chinese attack on the company highlighted the interconnected nature of cybersecurity threats. Companies must adapt quickly to address vulnerabilities and mitigate risks posed by aggressive nation-state actors. The hearing will discuss the implications for homeland security and the role Microsoft and other technology companies play in defending against cyberwarfare. The hearing begins at 10:15 a.m. Pacific time and can be viewed online. Smith’s full written testimony is available for viewing.