April 3, 2024 at 09:18AM
A review board appointed by the Biden administration heavily criticized Microsoft’s corporate security and transparency. The report highlighted a cascade of errors that allowed state-backed Chinese cyber operators to breach email accounts of senior U.S. officials. The board urged substantial security improvements and a cultural change at Microsoft to prevent future breaches.
From the meeting notes, I have gleaned that a Biden administration-appointed review board issued a scathing report regarding Microsoft’s corporate security and transparency. The review board accused Microsoft of shoddy cybersecurity practices, a lax corporate culture, and insincerity about the company’s knowledge of a targeted breach by state-backed Chinese cyber operators. The report concluded that Microsoft’s security culture was inadequate and requires an overhaul, and it made sweeping recommendations for substantial security improvements, including putting on hold the addition of features to its cloud computing environment. The board also expressed concern about a separate hack attributed to state-backed Russian hackers. Despite Microsoft’s acknowledgement of the need to adopt a new culture of engineering security, the report highlighted the company’s historical challenges with nation-state threat actors.