Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023 | Homeland Security
www.dhs.gov
The U.S. Department of Homeland Security released the Cyber Safety Review Board’s (CSRB) findings and recommendations following its independent review of the Summer 2023 Microsoft Exchange Online intrusion.

In its report published this week, the Cyber Safety Review Board (CSRB) says that the June 2023 online breach by Chinese threat actors who accessed U.S. government emails right before Secretary of State Anthony Blinken was to visit China, was “preventable”.

“[The report] identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations,” the report says.

The CSRB urges Microsoft to develop and “publicly share” a plan with specific timelines to make fundamental, security-focused reforms across the company and its suite of products.

  • Ephera
    4·
    3 months ago

    That culture has been in Microsoft’s DNA since forever. A one-off reform will not fix this.