Congress pushes Microsoft on cybersecurity
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Annelise Capossela/Axios
The House Homeland Security Committee is trying to get Microsoft president Brad Smith to testify this month on the company's recent cyberattacks.
Why it matters: Microsoft has recently come under fire in Washington over its cybersecurity practices after a series of high-profile cyberattacks — but it's been years since a congressional committee grilled the tech company on the topic.
Zoom in: House Homeland Security Chair Mark Green (R-Tenn.) and ranking member Rep. Bennie Thompson (D-Miss.) sent a letter to Smith on Thursday requesting that he testify at an upcoming hearing focused on the company's cybersecurity practices.
- The letter, first obtained by Politico, says the committee plans to hold a hearing — called "A Cascade of Security Failures: Assessing Microsoft Corporation's Cybersecurity Shortfalls and the Implications for Homeland Security" — on May 22.
- The hearing is expected to examine the company's recent nation-state cyberattacks and its plans to strengthen its internal practices moving forward, according to the letter.
Catch up quick: Microsoft recently started overhauling its internal cyber practices after a scathing government report into last summer's China hack.
- The company is now prioritizing security over fast-paced production cycles and working to align its technology with "secure-by-design" principles.
- Microsoft has also been responding to a persistent Russia-backed spear-phishing campaign targeting its executives and cybersecurity and legal teams.
What they're saying: "While we appreciate the company's cooperation with the CSRB's investigation and its recent commitment to making improvements, the report's findings not only reveal numerous troubling failures that compromised sensitive government information, but potentially revealed a lack of accountability at the company that could lead to even greater failures in the future," Green said in a statement to Axios.
- Microsoft told Axios that the company is "committed to providing Congress with information that is important to the nation's security" and it looks forward to "discussing the specifics of the best time and way to do this."
Between the lines: Microsoft is the top cloud and enterprise software provider for the federal government, underscoring lawmakers' and government officials' growing concerns.
What we're watching: The House Homeland Security Committee hasn't formally published the date for the hearing, and the date mentioned in the letter could change.
- It's also unclear if the hearing could inspire any specific legislation.
