The U.S. government’s increasing reliance on Microsoft is facing fresh scrutiny on Capitol Hill despite the Biden administration touting its private sector collaborations as key to its cyber and tech innovation policies.
Microsoft President Brad Smith is headed to Capitol Hill on Thursday to answer for his company’s struggles to defend the federal government from cyber attacks.
The House Homeland Security Committee is looking to get to the bottom of problems that a federal board of cyber investigators labeled in March as a “cascade of security failures at Microsoft,” according to Reps. Mark Green, committee chairman, and Bennie Thompson of Mississippi, the committee’s top Democrat.
Mr. Green, Tennessee Republican, and Mr. Thompson are particularly focused on an incident involving Chinese hackers breaching the Big Tech company’s products.
The hackers accessed Microsoft Exchange Online mailboxes in May and June of 2023, including email accounts belonging to Rep. Don Bacon and Commerce Secretary Gina Raimondo, among others, according to the Cyber Safety Review Board’s March report.
“Given the Microsoft Exchange Online incident and other recent major cyberattacks experienced by the company, the committee is also deeply concerned about the continued integrity of U.S. government data, networks, and information — especially considering Microsoft’s role as a trusted vendor and dominant supplier of information technology for the federal government,” Mr. Green and Mr. Thompson said in a statement last month.
Senators also are running out of patience with Microsoft.
Sens. Eric Schmitt, Missouri Republican, and Ron Wyden, Oregon Democrat, are worried that the Department of Defense may soon mandate the use of Microsoft products.
The bipartisan duo said last week they wrote to the Department of Defense that such an effort with Microsoft could waste taxpayer dollars and foster an anti-competitive environment that stymies innovation.
“The risks associated with the government’s dependence on Microsoft were evident when a hacking group associated with the Chinese government known as Storm-0558 successfully compromised 22 enterprise organizations and over 500 individuals globally,” the senators wrote.
Problems with Microsoft’s security extend beyond Microsoft Exchange hacking. An unprotected Microsoft Azure server holding approximately three terabytes of government data was discovered by cybersecurity researcher Anurag Sen last year. Some of the exposed data included U.S. military emails and Mr. Sen shared some of his findings with The Washington Times.
Lawmakers’ apprehension about the government’s work with The Biden administration is not as concerned about Microsoft.
Asked last week if he was worried about what would happen if Microsoft pulled the plug on its work with the U.S. government, President Biden’s cyberspace ambassador demurred.
Nathaniel C. Fick, the inaugural cyberspace ambassador, told Washington Post Live he worries about everything, including relying on just one tech provider.
“I think it’s essential that we have, we avoid monopolies wherever we can; in technology areas where there’s only one provider you end up with a much scratchier relationship and more risk,” Mr. Fick said. “But the partnership with Microsoft in particular has been so robust, I think, that this kind of collaboration is, at this point, in the DNA of the business.”
While the allegiances of some major tech companies and artificial intelligence startups connected with Big Tech can appear fuzzy, Microsoft is fully aligned with the Biden administration’s foreign policy agenda. For example, the Biden administration leaned on Microsoft as a key collaborator in providing cyber defense for the Ukrainian government.
Microsoft did not respond to a request for comment.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.