- U.S.
- World
- Business
- Arts
- Lifestyle
- Opinion
- Audio
- Games
- Cooking
- Wirecutter
- The Athletic
You have a preview view of this article while we are checking your access. When we have confirmed access, the full article content will load.
Brad Smith testified before a House committee a year after Chinese hackers infiltrated Microsoft’s technology and penetrated government networks.
By Karen Weise
Karen Weise has covered Microsoft since 2018.
Republican lawmakers questioned a senior Microsoft executive on Thursday about the company’s presence in China, about a year after Chinese hackers used the tech giant’s systems to launch a devastating hack of federal government networks.
Several members of the House Committee on Homeland Security asked Brad Smith, Microsoft’s president, in an hourslong hearing how a critical contractor for the U.S. government like Microsoft could maintain a commercial business in China, which Mr. Smith said accounted for about 1.4 or 1.5 percent of the company’s sales.
“Is it really worth it?” asked Representative Carlos Gimenez, a Republican from Florida.
Mr. Smith argued that Microsoft’s business in China served American interests by protecting the trade secrets of Microsoft’s American customers operating there and learning from what’s going on in the rest of the world.
He added that Microsoft had denied Chinese government requests to turn over sensitive information. “I will tell you that there are days when questions are put to Microsoft, and they come across my desk, and I say, ‘No,’” he said.
The hearing was a response to a scathing March report by the Department of Homeland Security’s Cyber Safety Review Board. The report detailed how “a cascade of security failures at Microsoft” allowed a hacking team called Storm-0558, which the report said was an espionage group affiliated with the Chinese government, to infiltrate Microsoft’s email systems in May and June last year.
The report criticized Microsoft for having “a corporate culture that deprioritized both enterprise security investments and rigorous risk management” and said the company’s cybersecurity practices were critical national security because “Microsoft’s products and services are ubiquitous.”