SoylentNews

An Anonymous Coward writes:

CNN —

Microsoft “accepts responsibility for each and every one” of the issues cited in a scathing US government-backed report on the tech giant’s cybersecurity failings, Microsoft President Brad Smith will tell US lawmakers Thursday, according to his prepared testimony.

“We acknowledge that we can and must do better, and we apologize and express our deepest regrets to those who have been impacted,” reads Smith’s testimony to the House Homeland Security Committee. He is set to testify before the panel Thursday afternoon in a hearing the committee says will assess the impact of Microsoft’s “cybersecurity shortfalls” on homeland security.

Microsoft has been at the center of two sweeping hacking campaigns in the last year allegedly carried out by Chinese and Russian spies.

A report issued in April by the US Cyber Safety Review Board found that Microsoft committed a “cascade” of “avoidable errors” that allowed Chinese hackers to breach the tech giant’s network and later the email accounts of senior US officials last year, including the secretary of commerce. The board is comprised of government and private cybersecurity experts led by the Department of Homeland Security.

Smith says Microsoft has for months been overhauling its cybersecurity practices, in part by implementing recommendations from the US government-backed board.

-- https://edition.cnn.com/2024/06/13/tech/microsoft-president-congress-cybersecurity-failures/ [cnn.com]

#####

— Microsoft Chose Profit Over Security and Left US Government Vulnerable To Russian Hack, Whistleblower Says

https://it.slashdot.org/story/24/06/13/1337214/microsoft-chose-profit-over-security-and-left-us-government-vulnerable-to-russian-hack-whistleblower-says [slashdot.org]

— Ex-White House Cyber Policy Director: Microsoft is a National Security Risk

https://yro.slashdot.org/story/24/04/22/0337218/ex-white-house-cyber-policy-director-microsoft-is-a-national-security-risk [slashdot.org]

— A snippet from a Wired article:

“When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company.

Despite the angst among policymakers, security experts, and competitors, Microsoft faced no consequences for its latest embarrassing failure. The United States government kept buying and using Microsoft products, and senior officials refused to publicly rebuke the tech giant. It was another reminder of how insulated Microsoft has become from virtually any government accountability, even as the Biden administration vows to make powerful tech firms take more responsibility for America’s cyberdefense.

That state of affairs is unlikely to change even in the wake of a new report by the Cyber Safety Review Board (CSRB), a group of government and industry experts, which lambasts Microsoft for failing to prevent one of the worst hacking incidents in the company’s recent history. The report says Microsoft’s “security culture was inadequate and requires an overhaul.””

Original Submission