US cybersec panel to probe cloud computing risks, including Microsoft’s role in China breach

A US cybersecurity advisory panel is set to conduct an investigation into cloud computing risks, which will also examine Microsoft Corp’s involvement in the recent breach of government department email systems by suspected Chinese hackers.

The Cyber Safety Review Board (CSRB) will concentrate on identifying vulnerabilities within cloud computing infrastructure, Reuters reported, citing sources familiar with the matter. Specifically, it will address concerns related to identity and authentication management. This comprehensive assessment will encompass an evaluation of all pertinent cloud service providers.

This initiative follows Oregon Senator Ron Wyden’s call in July for the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency (CISA), and the Justice Department to take action against Microsoft in response to the breach.

Recent revelations have drawn increasing attention to Microsoft’s role. It has been alleged that hackers, purportedly acting on behalf of Beijing, obtained one of the company’s cryptographic keys and exploited a coding vulnerability to gain extensive access to its cloud email platform. This breach facilitated the surveillance of US Commerce Secretary Gina Raimondo and high-ranking diplomats from the State Department.

In a parallel effort, the US House of Representatives Oversight Committee recently announced its intention to initiate an investigation into the suspected involvement of China in the recent breaches of Commerce and State Department email systems.

At present, both Microsoft and CISA have not provided immediate responses to requests for comments on these developments.