In April, the Cybersecurity Review Board (CSRB), under the umbrella of the US Department of Homeland Security, said in a report that the intrusion into Microsoft servers was due to a “cascade of preventable errors.” by the company.
"Microsoft takes responsibility for all of the issues cited in the CSRB report. Without equivocation or hesitation. And without any sense of defensiveness," Smith said on Thursday before the House of Representatives National Security Committee.
“We recognize that we can and must do better and we apologize and express our deepest regret to those who were affected,” said the head of the company founded by Bill Gates in the lower house of the US parliament.
Smith added that Microsoft is already implementing 16 of the 25 security recommendations made by the CRSB, four specifically aimed at the company and 12 at cloud service providers, and that it has taken other measures to prevent further attacks.
The official said that the company launched, in November, an initiative “to act on this learning”, expanded in January, “after an aggressive attack” by Russia's secret services.
Smith stressed the “unique role” and “collective duty” that Microsoft plays in protecting US cybersecurity.
“In today’s world, the nation of the United States cannot protect itself without securing the cyber domain,” he added.
After a seven-month investigation, the CSRB accused the China-affiliated cyber espionage group Storm-0558 of accessing the official and personal emails of Secretary of State for Commerce Gina Raimondo and US Ambassador to China Nicholas Burns.
The cyber-hacking operation was discovered by the US State Department in June 2023.
Microsoft provides remote cloud computing services such as Azure or Office360, including storing sensitive data for companies and governments.
CSRB Vice Chairman Dmitri Alperovitch described Storm-0558 and other similar groups as a “persistent and pernicious threat” with “the ability and intent to compromise identity systems to access sensitive data, including emails from interest to the Chinese government.”
No comments:
Post a Comment