Microsoft recently published that it too, as with Facebook and Apple, was the victim of a hacking incursion. The company stated that it was “infected by malicious software using techniques similar to those documented by other organizations.”
As TNW reported after the facts were initially aired by Microsoft, “[a] previously unknown Java vulnerability that was patched on Mac computers by Apple after the hacking was uncovered was used in all cases.” Given the sheer quantity of public airing of the specific weakness and vector in question, security is likely to be tightened.
This apparently targeted and successful breach of security at key American technology companies is part of the larger discussion concerning cybersecurity in the United States, a topic that recently hit a new plane after the New York Times reported that it had been compromised. The publication later reported that the Chinese army was directly infiltrating US companies at will, findings based on an explosive report by Mandiant, a security company.
Legislation regarding cybersecurity has been a rough patch for Congress in the past legislative cycle, and hasn’t shown much in the way of fresh legs in the new session. The President, as long threatened, enacted an executive order, but given the limited purview of that dictum, it is universally agreed upon that action from Congress will be required to address the issue.
We are grazing the lower slopes of what could be a key legislative battle in the coming months concerning mandatory cybersecurity standards for critical infrastructure elements, and how to share information between the public and private sectors.
To that end, enter the Cyber Intelligence Sharing and Protection Act (CISPA). Reintroduced in the House exactly as it was, the controversial bill is back from the dead. Previously, it was ignored by the Senate and stuck with a threatened veto.
Microsoft was in favor of it. This is not to single out the company, but merely to frame the upcoming discussion, one that the company directly joined this morning by publishing the findings of its own hacking assault.
This time around, however, Microsoft has softened its tone slightly on the issue. Here is the company, last year, reaffirming its support for the bill:
“Microsoft’s position remains unchanged. We supported the work done to pass cybersecurity bills last week in the House of Representatives and look forward to continuing to work with all stakeholders as the Senate takes up cybersecurity legislation.”
At the request of TNW, Microsoft has provided a fresh statement regarding CISPA, which strikes a slightly different note:
“Microsoft believes that any proposed legislation should facilitate the voluntary sharing of cyber threat information in a manner that allows us to honor the privacy and security promises we make to our customers. Legislation introduced in mid-February reflects important changes resulting from an active, constructive dialogue about a prior version of the bill, and that dialogue must continue. We look forward to continuing to work with policymakers and others to improve cyber security while protecting consumer privacy.”
For those in favor of detail, the second statement is attributable to Scott Charney, Microsoft’s Corporate Vice President of its Trustworthy Computing unit.
Parsing the statement, Microsoft demands that the “dialogue must continue,” falling short of supporting the bill as it stands, citing the need to honor “the privacy and security promises we make to our customers.” Good. This is progress.
Microsoft showed good conscience coming out against SOPA, following earlier positions that placed the company at odds with many of its supporters; Microsoft in fact has been on the right side of other modern issues, such as gay marriage.
By removing its full support for CISPA, the bill has lost an ally that could have been used as a prop by legislative actors intent on bullying something through the lower chamber of Congress yet again.
Again, I do not wish to point a finger at Microsoft in this case more than any other firm; the company however is a bellwether and key technology player. Thus, its views are more than relevant to the discussion of cybersecurity, most especially after its recent disclosures.
Gear up, dear readers, this is an issue that will take months to ravel.
Top Image Credit: Robert Scoble