The US Cybersecurity Advisory Board will investigate risks in cloud computing, including Microsoft’s role in the recent breach of email accounts of government officials by Chinese hackers. .
According to the US Department of Homeland Security, the Cybersecurity Review committee, set up by the Biden administration to investigate major cybersecurity events, will focus on risks to electrical infrastructure. extensive cloud computing, including identity management and authentication, and will audit all relevant cloud service providers. The official said the issue was brought to attention due to a breach of Microsoft’s email system.
The panel’s decision to focus on cloud computing was requested last month by Senator Ron Wyden to investigate Microsoft’s role in the breach. On July 27, Wyden asked US Attorney General Merrick Garland, Federal Trade Commission Chairman Lina Khan and US Homeland Security Secretary Jen Easterly to investigate Microsoft and force the company to “suffer responsible for its negligent cybersecurity practices”.
Microsoft representatives have yet to comment on the matter.
Microsoft, the world’s largest software maker, is facing increasing scrutiny from computer security experts and government agencies, due to its notoriety for protecting customers from hackers. violation. Amit Yoran, chief executive officer of cybersecurity firm Tenable Holdings Inc., criticized Microsoft. He said on LinkedIn that “the company’s lack of transparency in preventing breaches, irresponsible security practices and vulnerabilities, all put customers at risk.” ro. Microsoft has deliberately hidden these things.”
According to the statement when established in 2022, CISA will be responsible for the management and convening of the council following significant cybersecurity events. After concluding the investigation, the panel will compile a report detailing what happened and make recommendations for future changes.
In an interview, Ms. Easterly suggested that Microsoft should rebuild what Microsoft co-founder Bill Gates called a “reliable computer” in 2002, when he instructed employees to focus on security security rather than adding new features.
“They have to focus on making sure their products are secure by default and secure by design, and we will continue to urge them to do so,” Ms. Easterly said of Microsoft.
The email hack of US officials, including those of Commerce Secretary Gina Raimondo and State Department officials, came weeks before Secretary of State Antony Blinken traveled to China to meet President Xi Jinping. . Hackers broke into the network by stealing keys that allowed them to gain access to officials’ emails.
“The government emails were stolen because Microsoft made another mistake,” said Wyden, a Democrat from Oregon. “Microsoft shouldn’t have had such a key, which, when stolen, could be used to spoof access to the private communications of various customers.”
Mr. Wyden also pushed US officials to investigate the so-called SolarWinds attack and stressed that Microsoft “never took responsibility for it”. In the attack revealed in 2020, Russian hackers breached the computer networks of the federal government and the private sector.
SolarWinds is the first survey conducted by the council. The board investigated the Log4j software vulnerability and then the Lapsus$ hacking group, which compromised major US companies. The panel’s report on Lapsus$ was released this past Thursday.