WASHINGTON: Members of US Congress on Thursday pressed Microsoft to explain a “cascade of avoidable errors” that allowed a Chinese hacking group to breach emails of senior US officials.
Microsoft President Brad Smith spent more than three hours answering questions from members of the House Committee on Homeland Security in Washington, assuring them cybersecurity is being woven more deeply into the technology company’s culture.
“Microsoft accepts responsibility for each and every one of the issues cited” in a scathing US government report about the breach “without equivocation or hesitation,” Smith told the committee.
The Cyber Safety Review Board (CSRB), led by the US Department of Homeland Security, conducted a seven-month investigation into the incident last year that involved the China-affiliated cyberespionage actor Storm-0558.
“Microsoft has an enormous footprint in both government and critical infrastructure networks,” US congressman and committee member Bennie Thompson said to Smith as the hearing opened.
“It is our shared interest that the security issues raised by the (report) be addressed quickly.”
The operation, which was first discovered by the US State Department in June 2023, included hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.
Microsoft’s core business is to provide cloud computing services, such as Azure or Office360, that host sensitive data and power business and government operations across major sectors of the economy.
The report criticized a Microsoft corporate culture that was “at odds with... the level of trust customers place in the company.”
The review identified a series of operational and strategic decisions by Microsoft that opened the door to the breach, including the failure to identify a new employee’s compromised laptop following a corporate acquisition in 2021.
It also found that Microsoft fell short of safety standards seen at competing cloud companies, including Google, Amazon and Oracle.
“The Board finds that this intrusion was preventable and should never have occurred,” the review said, pinpointing “the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed.”
The report also recommended that Microsoft develop and publicly release a plan with timelines to enact wide-ranging security reforms across its products and practices.
“The real challenge is how you achieve effective lasting cultural change,” Smith said, noting Microsoft has nearly 226,000 employees.
Smith said Microsoft has the equivalent of 34,000 engineers working full time on answering the security shortcomings in “the largest engineering project focused on cybersecurity in the history of digital technology.”
Microsoft’s board on Wednesday approved a change that will tie cybersecurity accomplishments with annual bonuses for senior executives and make it part of every employee’s annual review, according to Smith.
Microsoft detects some 300 million cyberattacks on its customers daily, with most of those coming from China, Iran, Korea, Russia, or ransomware operations, Smith told the committee.
“We’re dealing with four formidable foes in China, Russia, North Korea and Iran, and they are getting better,” Smith said.
“We should expect them to work together; they’re waging attacks at an extraordinary rate.”
While it is inevitable that adversaries will use artificial intelligence for increasingly sophisticated attacks, the technology is already being used to strengthen cyber defenses, Smith added.
Microsoft faces heat from US Congress over cybersecurity
https://arab.news/6zvag
Microsoft faces heat from US Congress over cybersecurity
- A report criticized a Microsoft corporate culture that was “at odds with... the level of trust customers place in the company.”
US envoys juggle two crisis talks, raising questions about prospects for success
- “Trump seems more focused on quantity over quality instead of the difficult detailed work of diplomacy,” said Bruen
- A regional official close to Iran’s leadership said the US team’s double agenda in Geneva reinforced doubts
WASHINGTON/GENEVA/DUBAI: Even for a US president long fixated on deal-making, Donald Trump’s assignment of his favorite envoys to juggle two sets of negotiations – the Iranian nuclear standoff and Russia’s war in Ukraine — in a single day in Geneva has left many in the foreign policy world scratching their heads.
The shuttle diplomacy on Tuesday by US special envoy Steve Witkoff and Trump’s son-in-law Jared Kushner has raised questions not only about whether they are overstretched and outmatched, but about their serious prospects for resolving either of the twin crises, experts say.
Trump, who has frequently boasted about having ended multiple wars and conflicts in the first year of his second four-year term, has made clear he is looking to add more international deals that he can tout in his quest for the Nobel Peace Prize.
But the high-stakes negotiations over the two long-running issues were arranged quickly, and the choice of Geneva as the setting for both was never clearly explained, except for the city’s long history of hosting international diplomacy.
“Trump seems more focused on quantity over quality instead of the difficult detailed work of diplomacy,” said Brett Bruen, who was a foreign policy adviser in the Obama administration and now heads the Global Situation Room strategic consultancy. “Tackling both issues at the same time in the same place doesn’t make a lot of sense.”
Iran was the opening act in a carefully choreographed diplomatic dance in Geneva, where talks took place under high security in two locations on different sides of the Swiss, French-speaking city.
After 3-1/2 hours of indirect discussions between the US team and Iranian Foreign Minister Abbas Araqchi mediated by Oman, both sides indicated that some progress was made, but there was no suggestion that an agreement was imminent in the longstanding dispute over Iran’s nuclear program.
As long as the diplomatic process continues, Trump can keep expanding his massive military buildup near Iran, making clear that use of force remains on the table. That is likely to keep the Middle East on edge, with many fearing that US strikes could escalate into a wider regional war.
’OVERSTRETCH’?
With barely a pause on Tuesday, the US delegates went straight from the Iran talks at Oman’s diplomatic mission to the five-star InterContinental hotel for the first of two days of Russia-Ukraine negotiations over a war that Trump, during the 2024 presidential campaign, had promised to end in a day.
Expectations were low for a breakthrough in the latest round of talks to end Europe’s biggest war since World War Two ended in 1945.
A regional official close to Iran’s leadership said the US team’s double agenda in Geneva reinforced doubts about whether Washington was sincere about either of the diplomatic efforts.
“The approach risks overstretch,” the official, who spoke on condition of anonymity, told Reuters. “It resembles an emergency room with two critically ill patients and a single doctor unable to give either case sustained attention, increasing the likelihood of failure.”
Mohanad Hajj-Ali of the Carnegie Middle East Center in Beirut said there was too much at stake in the Iran crisis for the US to handle diplomacy this way.
“Having a team of Witkoff and Kushner tasked with resolving all the world’s problems is, frankly, a shocking reality,” he said.
Some experts said the two, both from Trump’s world of New York real estate development, lack the depth of knowledge and experience to go up against veteran negotiators like Araqchi and their Russian interlocutors and that they were in over their heads in such complicated conflicts.
Absent from the Geneva meetings was US Secretary of State Marco Rubio, Trump’s top diplomat, who is known as a foreign policy wonk.
Asked for comment, White House spokesperson Anna Kelly said Trump and his team “have done more than anyone to bring both sides together to stop the killing and deliver a peace deal” in Ukraine. She denounced anonymous “critics” of the president’s approach but did not provide answers to Reuters’ specific questions for this story.
’ENVOY FOR EVERYTHING’
Administration officials have long defended Witkoff and Kushner’s roles, citing their skills as dealmakers, the trust Trump puts in them, and the failings over the years of more traditional diplomatic approaches. Witkoff, a longtime Trump friend often called the “envoy for everything” due to his broad remit, played a key role in securing a ceasefire agreement last year between Israel and Hamas in the Gaza war, though progress has stalled toward a more permanent resolution. His diplomatic efforts with Iran and Russia have had little success so far.
In Trump’s first term, Kushner spearheaded the Abraham Accords, under which several Arab states forged landmark diplomatic relations with Israel. But the pact has not advanced much since Trump returned to office nearly 13 months ago.
Kushner and Witkoff’s ability to handle their latest diplomatic tasks has been undercut by Trump’s stripping down of the government’s foreign policy apparatus, both at the State Department and the National Security Council, where many veteran staffers were sent packing, some analysts say.
”We’ve seen a hollowing-out of our diplomatic bench,” said former Obama foreign policy adviser Bruen. “So there’s a question of whether we still have the right people to work on these big issues.”
