WASHINGTON (Reuters) - Microsoft President Brad Smith appeared before the House of Representatives panel on homeland security on Thursday, where he will field questions about the company's security practices after Chinese hackers breached its systems past year.
China-linked hackers stole 60,000 U.S. State Department emails last year by breaking into the tech giant's systems, while a Russian group separately spied on Microsoft's senior staff emails earlier this year, according to the company's disclosures.
In a scathing report in April, the Cyber Safety Review Board - formed by U.S. Secretary of Homeland Security Alejandro Mayorkas - slammed Microsoft for its lack of transparency over the Chinese hack, which the board said had been preventable.
The world's biggest software maker, which is also a key vendor to the U.S. government and national security establishment, has faced similar criticism from its security industry peers.
Lawmakers plan to examine Microsoft's security lapses, challenges in ensuring defending against cyberattacks, and plans to improve its security measures, the House panel for homeland security said in an earlier statement. They will also discuss the findings and recommendations of the board report following the Chinese hack.
"Since this is not the first time Microsoft has been the victim of an avoidable cyberattack, and in light of the CSRB's report, it is now Congress's responsibility to examine Microsoft's response to this report," Congressman Mark Green from Mississippi, who chairs the panel on homeland security, said in his opening statement.
"Mr. Smith, as a long-time, key leader within Microsoft, I anticipate that you will help us understand the gaps that enabled these recent cyber intrusions."
Microsoft's presence in China will also be a focus.
"Over the years, Microsoft has invested heavily in China setting up research incentives, including the Microsoft Research Asia center in Beijing," Green said.
"Microsoft's presence in China creates a mix of complex challenges and risks. We have to talk about that today."
Following the board's criticisms, Microsoft said it was working on improving its processes and enforcing security benchmarks. In November it launched a new cybersecurity initiative it said was aimed at preparing against the "increasing scale and high stakes of cyberattacks."
"We are making security our top priority at Microsoft, above all else - over all other features," the company said at the time.