Hearing: Tuesday afternoon’s hearing, Congress’s first public inquiry into the SolarWinds breach, will focus on the role private companies have played in uncovering, analyzing, and sharing information about the breaches, as well as fixing any underlying issues in their own products.
The list: On Monday, Google offered lawmakers a list of more than a dozen questions that, according to a Senate aide, were aimed at examining the security of Microsoft products, such as Windows 10, Azure, and Office 365. The aide spoke under condition of anonymity to discuss the matter freely.
It’s unclear whether all lawmakers on the 16-member panel received Google’s query list.
The aide said some of the questions, but not all, are directed at Smith, who will appear before the committee Tuesday afternoon along with executives from SolarWinds and cybersecurity firms FireEye and CrowdStrike. The two last The companies have been at the forefront of uncovering the breadth and scope of the likely Russian spy operation that officials believe targeted nine federal agencies and roughly 100 companies specifically.
A second Senate aide who also spoke on condition of anonymity described the Google questions as “bad” and that committee members had been told to be careful with them.
Neither Google nor Microsoft responded to requests for comment.
Discovering the role of Microsoft: On a December 14 Presentation of the Securities and Exchange CommissionSolarWinds appeared to claim that hackers first accessed their systems through flaws in Microsoft’s Office 365 service. Microsoft vehemently denied that. In the same FAQ, Microsoft denied a December 17 Reuters report that hackers breached their network and used their products “to promote attacks on others.”
But Microsoft has admitted that hackers accessed the source code of some of their products and reviewed the code related to the products that they later exploited to preserve their access to the breached networks.