Close this menu

House Hearing Tackles Microsoft’s Cyber Failures That Put U.S. Security at Risk

WASHINGTON—Today, Microsoft Vice Chair and President Brad Smith will testify before the U.S. House Homeland Security Committee about the company’s “cybersecurity shortfalls.” 

The U.S. Cyber Safety Review Board (CSRB), under the U.S. Cybersecurity & Infrastructure Security Agency (CISA), recently brought more attention to Microsoft’s vulnerabilities. It released a report in March detailing how a suspected actor from China exploited security weaknesses in Microsoft’s cloud systems to gain access to sensitive materials from various U.S. government agencies and officials. 

This is particularly problematic because America’s government contracts nearly exclusively with Microsoft for software tools. And it is just one example of several notable breaches of systems run by Microsoft where U.S. government emails and sensitive information were exposed.

“It is critical that the cybersecurity of American government systems is protected at the highest possible levels. Recent breaches have shown that Microsoft, the primary provider of cyber systems for the US government, is continuously failing to uphold high security standards for our most important systems,” said Carl Szabo, NetChoice Vice President & General Counsel. “It is good that the House Homeland Security Committee is holding Microsoft’s repeated security failures accountable in today’s hearing. As our recent polling with Morning Consult shows, American voters understand that our government is facing an onslaught of targeted cyberattacks, and they understand Microsoft’s culpability in these breaches.”

Szabo continued: “Moving forward, the Committee should continue to support more secure systems by ending Microsoft’s vendor lock practices and endorsing bills like the SAMOSA Act, which requires government agencies to report in more detail on their software contracts and procurement practices. This would go a long way to promote more secure and cost-effective government technology systems. Americans want this, too: more than 80 percent of voters think the U.S. government should consider cybersecurity performance and track records when selecting vendors for tech purposes.”

The CSRB report offers clear proof that the government must not allow concern over retaining incumbent systems to take precedence over crucial cybersecurity safeguards. By prioritizing incumbency, the U.S. government has unintentionally motivated Microsoft to persist with an alarmingly insecure system that jeopardizes the safety of all Americans.

NetChoice applauds the House Homeland Security Committee for prioritizing American security in our technology systems in this hearing. 

You can read NetChoice’s letter to the Committee on today’s hearing here, learn more about the problems with vendor lock here, and find NetChoice’s new polling with Morning Consult here

Please contact Krista Chavez at with inquiries.