Microsoft President Brad Smith speaking in the White House in May 2020. Photo: Mandel Ngan/AFP via Getty Images
Microsoft President Brad Smith said in a blog post on Thursday that the suspected Russian cyberattack on multiple government agencies and U.S. companies is effectively "an attack on the United States and its government and other critical institutions, including security firms."
Why it matters: Smith said that the attack "unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them."
- He also said that "while investigations (and the attacks themselves) continue, Microsoft has identified and has been working this week to notify more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures."
Context: The cybersecurity firm FireEye said last week that its systems had been hacked by nation-state actors and that its clients, which include the U.S. government, had been placed at risk.
- SolarWinds, which provides software to the government and corporations, also discovered a breach in its systems this week, allowing hackers to access information from multiple agencies and companies — including the Treasury, Commerce and Homeland Security departments.
What he's saying: "As much as anything, this attack provides a moment of reckoning," Smith said.
- "It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response," he added.
- "This is not 'espionage as usual,' even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world."
Smith said the hackers, by including private companies in their attack on government agencies, have "put at risk the technology supply chain for the broader economy" and have weakened the "reliability of the world’s critical infrastructure."
- To respond to the attack, Smith said that governments and private companies should share analysis of threats more often and strengthen international rules to hold nation-states accountable for cyberattacks.
- "It will be critical for the incoming Biden-Harris Administration to move quickly and decisively to address this situation."
Go deeper: Biden promises retaliation for cyberattack on government agencies