• 4 months ago
During a House Homeland Security Committee hearing Thursday, Rep. August Pfluger (R-TX) spoke about Microsoft's ability to defend itself from hundreds of millions of Chinese cyberattacks a day.

Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:

https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript


Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Transcript
00:00The gentleman yields. Point of clarification for the record, it was 300 million attacks
00:06a day. Did I hear that correctly? Yes, that's correct. Against our customers
00:10that we observe, we detect more than 300 million such attacks every day.
00:17Just clarifying for the record, I now recognize Mr. Pfluger for five minutes of questioning.
00:22Thank you, Mr. Chairman. Mr. Smith, thanks for being here. I want to talk about the collaboration.
00:29In many committees on Capitol Hill, we're talking about this balance and tension between
00:35safety and security and liberty and private enterprises. What I really want to hear from
00:43you is talk to us about the relationship with CISA. I know you've mentioned this in testimony
00:49written and also today, but just talk to us about how that relationship is. What can be
00:57better from your side? What can be better, what you expect from the government? Is it
01:02a mandate for reporting from the government? Is it voluntary roundtables in a classified
01:09setting? I'd like to hear a little bit about that and I have some follow-on questions.
01:13Yeah, I think CISA is a critical agency. It's been moving in a positive direction overall.
01:18I think the CSRB plays an important part of this. I think that ultimately we would benefit
01:25from finding more ways to keep working together across the tech sector and then with the CISA
01:32and other agencies in the U.S. government and, frankly, with our allies because it's
01:37an entire ecosystem that we're seeking to defend and nobody can do it by themselves.
01:45I think fundamentally, just as the CSRB's words were well taken by us, we needed to
01:51focus on our culture. I think we have a collective culture and it's a collective culture that
01:58we need to work on by inspiring more collaboration, not just with the government but, frankly,
02:06across our industry so that people can compete. Somebody said there's no plan B. I think about
02:12two-thirds of the folks who are sitting behind me in this room are trying to sell plan B
02:16to you in one way or another and that's okay. But there's a higher calling here as well.
02:24And I like to say, you know, the truth is when shots are being fired, people end up
02:28being hit and they take their turn being the patient in the back of the ambulance. Everybody
02:35else, you're either going to be an ambulance driver or you're going to be an ambulance
02:38chaser. Let's be ambulance drivers together.
02:42Well, let's drill down to that and the relationship that you have with the U.S. intelligence community,
02:48with DOD. The thing that's unique about Microsoft is you pretty much cover every sector, every
02:54industry, every, you know, households, businesses, but when you look at the relationship with the
03:00national security entities, tell us what the biggest gaps are right now to making sure that
03:05they can stay secure in their operations.
03:10The thing to think about is that defenders too often work in silos. Every company thinks
03:16about their products. Every agency thinks about what they have. Attackers look for the seams
03:23between the silos. The more silos you have, the more seams you have. And just as there
03:30are seams in different technology products because most customers deploy them together,
03:35there are seams across the government. So a lot of times one of the challenges for us
03:41is that the parts of the government, when this information is coming in about, say,
03:47an active cyber attack from a place like China, that information doesn't necessarily flow from
03:52one part of the federal government to another. And there's a lot of work being done to address
03:58this, but I think that needs to be advanced more quickly as a matter of priority.
04:02300 million attacks a day. That's incredible. Finally, let me just talk about that. I think
04:09this is the Committee on Homeland Security. We're very worried about what nation-state actors and
04:13non-nation-state actors are doing and how that affects our homeland. Obviously, the PRC and
04:19the CCP's attempts to undermine this country, our government industries, intellectual property,
04:25all of it is a massive concern. And so I know you've mentioned this before here today,
04:33but just talk to us a little bit about the relationship with the PRC. How does that
04:38affect intellectual property, things that you have that could be either exploited for their benefit
04:45to undermine the United States of America? I would say two things. First, any company
04:53that has valuable intellectual property has to be very careful to protect it from theft,
04:58unless it's IP that they're publishing, and a lot of code is published in open source form.
05:04But you have to think about how to protect it so it doesn't go where it should not. And there are
05:09certain intrusions, especially from, say, a place like the PRC, that are focused on discovering
05:16trade secrets. And knowing that, is Microsoft taking steps to improve
05:22what you're protecting? Absolutely, absolutely. I mean, the other thing just to know is that
05:30the adversaries are constantly changing their tactics. If this were a case of just saying,
05:35gee, this is what was done in like 2022, let's all go fix what was done in 2022, then you'd feel
05:42good. But I guarantee that what is done in 2025 is going to be different from what is being done
05:49in 2024. You constantly have to learn, adapt, and change, which is what we're doing.

Recommended