Curated Content | Thought Leadership | Technology News

Microsoft President Testifies Before Congress Regarding Security Lapses

Accepting responsibility, committing to improvement.
Ryan Uliss
Contributing Writer
A red and blue picture of the capitol building with digital numbers running across the screen.

Microsoft President Brad Smith addressed a congressional committee on Thursday, acknowledging the company’s recent cybersecurity shortcomings while advocating for stricter government measures against nation-state hackers. Smith emphasized the need for clear “red lines” and collective action to hold cyber threat actors accountable, emphasizing the importance of collaboration between businesses and government associations in safeguarding U.S. infrastructure from future threats.

The House Homeland Security Committee’s hearing was prompted by a recent Department of Homeland Security (DHS) report on a 2023 cyber incident linked to Chinese government hackers. The report criticized Microsoft’s operational decisions, prompting Smith to accept responsibility and commit to improving the company’s cybersecurity measures.

The committee also addressed other issues, including deep-fake technology and the controversial Recall feature, with Smith pledging to review and implement additional actions to protect users.

Why it matters: While being questioned, Brad Smith admitted to Microsoft’s recent cybersecurity failures, including the specific issues cited in the DHS report, and committed to prioritizing better security practices. Smith, however, stressed the importance of collective action between the private sector, public sector, and allied governments to establish clear consequences for cyberattacks, underscoring the growing realization that cybersecurity challenges extend far beyond any singular organization.

  • Operational Changes: Microsoft is implementing the 16 recommendations from the Cyber Safety Review Board (CSRB) report and plans to provide Congress with updates on progress and timelines for these changes.
  • Cybersecurity Initiatives: Smith also highlighted efforts to tie executive compensation to cybersecurity performance to enhance Microsoft’s security posture. However, when questioned regarding the specifics of the compensation program, he replied that the plan was in the process of being formulated, and he would update Congress with the details in the future.
  • Comparison to UnitedHealth: The hearing mirrored a recent session where UnitedHealth CEO, Andrew Witty, was questioned about a ransomware attack affecting its subsidiary, Change Healthcare, demonstrating ongoing congressional scrutiny of major corporations’ cybersecurity practices.

Go Deeper -> Microsoft President Tells Lawmakers ‘Red Lines’ Needed for Nation-State Attacks – The Record

Microsoft President to Congress: ‘We Accept Responsibility’ for Cybersecurity Failures – CNN

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Deep Dive: Scott Checkoway, Chief Information Officer at onehome
Scott Checkoway sat down with TNCR and shared his passion for IT leadership and healthcare, and his philosophy he calls the "Technical Timeout."

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.