Dive Brief:
- The House Committee on Homeland Security on Thursday formally requested Brad Smith, Microsoft’s president and vice chair, to testify in a hearing scheduled for May 22.
- “We’re always committed to providing Congress with information that is important to the nation’s security, and we look forward to discussing the specifics of the best time and way to do this,” a Microsoft spokesperson said Monday via email. The company hasn’t yet obligated itself or Smith to the hearing date set by the committee.
- The public hearing aims to examine Microsoft’s “security shortcomings, challenges encountered in preventing significant cyber intrusions by suspected nation-state threat actors, and plans to strengthen security measures moving forward,” Reps. Mark Green, R-Tenn., chair of the committee, and Bennie Thompson, D-Miss., wrote in the letter requesting Smith’s testimony.
Dive Insight:
The fallout from last month’s searing Cyber Safety Review Board report about Microsoft’s security failures is encircling the enterprise giant’s top leadership, placing a top executive in the crosshairs of a congressional inquiry request on Capitol Hill.
Microsoft is confronting a wave of criticism from across the cybersecurity industry and throughout multiple levels of the federal government for a pair of major nation-state intrusions of its core platforms that underscore cultural and technical defects. The argument is Microsoft allowed basic security measures to go unmet for years.
“As a trusted provider of operating systems, cloud platforms, and productivity software for U.S. government agencies, including those within the U.S. intelligence community, Microsoft bears a profound responsibility to prioritize and implement effective cybersecurity measures,” Green and Thompson wrote.
The request follows a series of companywide initiatives intended to revamp Microsoft’s security chops.
The company kicked off its secure future initiative in November and early this month expanded the effort with plans to restructure its cybersecurity governnance model.
At the RSA Conference in San Francisco last week, federal cyber officials and cybersecurity experts said they’re hopeful Microsoft will improve its security and pointed to key measures of the company’s overhaul, including a direct link between security and executive compensation, as a key driver of that effort.