The audience: The Tuesday afternoon hearing – the first Congressional public inquiry into the SolarWinds breach – will focus on the role private companies have played in uncovering, analyzing, and sharing information about the breaches, as well as than in solving the underlying problems in their own products.
The list: On Monday, Google offered lawmakers a list of more than a dozen questions that a Senate aide said were intended to examine the security of Microsoft products, such as Windows 10, Azure, and Office 365. The assistant spoke about on condition of anonymity in order to discuss the matter freely.
It is not known whether all lawmakers on the 16-member panel received the list of queries from Google.
The aide said some of the questions, but not all, were directed to Smith, who will appear before the committee Tuesday afternoon alongside executives from SolarWinds and cybersecurity firms FireEye and CrowdStrike. The last two Businesses have been at the forefront of uncovering the scale and scope of the Russian spy operation which officials say specifically targeted nine federal agencies and around 100 companies.
A second Senate aide who also spoke on condition of anonymity called Google’s questions “bad” and that committee members had been urged to be wary of them.
Neither Google nor Microsoft responded to requests for comment.
Understand the role of Microsoft: In a December 14 Filing with the Securities and Exchange CommissionSolarWinds appears to claim that hackers first gained access to its systems through vulnerabilities in Microsoft’s Office 365 service. Microsoft vehemently denied this. In the same FAQ, Microsoft refused a December 17 Reuters report that hackers breached his network and used his products “to pursue attacks against others.”
But Microsoft admitted that hackers have accessed the source code of some of its products and examined the code related to the products which they then exploited to preserve their access to the hacked networks.