Microsoft President Brad Smith answered questions about the tech giant's security measures and its relationship with China during a House Homeland Security Committee hearing on Thursday. Last year, it was rumored that Chinese hackers infiltrated Microsoft's systems to steal federal emails.
According to the company, last summer these hackers accessed 60,000 US State Department emails through breaches in Microsoft's systems, and this year, Russian cybercriminals also stole emails from senior Microsoft staff.
The congressional hearing comes as the federal government increases its scrutiny of Microsoft—one of the world's largest software manufacturers and a key supplier to US government and national security agencies. Smith stated during the hearing that Microsoft's business accounts for about 3% of the US federal information technology budget.
Lawmakers questioned why Microsoft failed to prevent the Russian and Chinese hacks, noting that despite the simplicity of these hacking methods, they still posed risks to federal networks.
Democratic Representative Bennie Thompson indicated that the emails accessed by Russian hackers included communications with government officials.
He added, "Microsoft is one of the federal government’s most crucial technology and security partners, but we cannot afford to become complacent or allow this relationship to interfere with our oversight."
Lawmakers cited findings from a harsh report released in April by the Cybersecurity Review Board (CSRB), established by U.S. Homeland Security Secretary Alejandro Mayorkas. The report criticized Microsoft for a lack of transparency in the China hacking incident, stating that the breach could have been prevented.
During the hearing, Smith stated, "We take responsibility for every finding in the CSRB report," and added that Microsoft has already begun to implement most of the report's recommendations.
