Microsoft Accepts Responsibility for U.S. Government Security Breaches

Microsoft president Brad Smith in sworn testimony before a congressional committee this week said with humility the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies including the Department of Homeland Security, the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI).

The investigation was commissioned by President Biden in response to Microsoft disclosing that a Chinese hacking group referred to as “Storm-0558” was responsible for a security breach that led to the access of the email accounts belonging to multiple Federal agencies.

Microsoft apologizes for the breaches and inadequacies described in the Cyber Safety Review Board report and is now working to integrate Secure by Design principles into every aspect of its software development processes and cloud services platforms, said Smith. He added that Microsoft’s biggest mistake was becoming too dependent on cybersecurity specialists rather than embedding cybersecurity across its entire employee base.

Microsoft has more than 34,000 engineers working on cybersecurity initiatives, said Smith. Nevertheless, it’s “open season” on customers of IT vendors as cyberattacks continue to be launched around the world with impunity, said Smith. Countries need to extend the Geneva Convention to make it a crime to launch cyberattacks against civilians in peacetime, he added. That convention today makes it a crime against civilian populations in times of war.

https://securityboulevard.com/2024/06/microsoft-accepts-responsibility-for-u-s-government-security-breaches/