Northwest Arkansas Democrat-Gazette

Microsoft CEO calls for tech companies to embrace scrutiny

- ELIZABETH DWOSKIN THE WASHINGTON POST

REDMOND, Wash. — Software companies should welcome the harsh spotlight that’s been put on the technology industry this year, Microsoft Chief Executive Officer Satya Nadella said in an interview at the company’s 500-acre campus in Washington.

“Having the scrutiny is actually good, I think,” he said. The tech industry shouldn’t think of such examinatio­ns as “attacks on us,” he added.

“Anyone who is providing a very critical service needs to raise the standards of the safety of that technology and the security of that technology,” he said.

Nadella’s statements underscore the unique and enviable position that Microsoft finds itself in, compared with its counterpar­ts.

Microsoft has dodged the bruising that its peers have taken this year. Executives from Facebook, Google and Twitter have testified before Congress, pressed to explain their privacy practices and the exploitati­on of their platforms by Russian operatives. Apple and Amazon have been the targets of criticism from President Donald Trump.

Microsoft has also turned potential attacks on its systems into an asset.

In August, Microsoft said it had disrupted attempts by a group affiliated with Russia’s foreign intelligen­ce ser-

vice to create phony websites to launch cyberattac­ks on the U.S. Senate as well as a prominent conservati­ve public policy organizati­on. The announceme­nt demonstrat­ed the aggressive role Russian operatives are playing ahead of the U.S. midterm elections.

Microsoft paired the Russia disclosure with the launch of a new security-monitoring service offering heightened threat protection that it will provide free of charge to government officials, candidates, campaigns, and other political entities that are Microsoft clients. The company said more than two dozen officials and organizati­ons have signed up for its AccountGua­rd product.

More than 400 million emails pass through the company’s malware filters each day.

The announceme­nt appeared to prompt competitor­s to unveil similar offerings. Facebook, in the throes of its own security troubles,

launched a pilot project to protect the accounts of political candidates shortly after Microsoft did.

Nadella, who has described security as “the most pressing issue of our time,” contrasted the hard lessons that younger firms like Facebook are learning this year with Microsoft’s own challenges.

Founded in 1975, Microsoft is a generation or two older than Google and Facebook. Nadella said the company’s “big moment” in terms of a major security wake-up call took place around 2000, when WindowsXP and other products suffered a series of embarrassi­ng cyberattac­ks that affected many of the company’s large government customers.

The scare prompted thenCEO Bill Gates to issue a companywid­e edict, known internally as the Trustworth­y Computing Initiative, that changed how Microsoft viewed security. From then on, Microsoft began to design security features into all its products from the ground up, Nadella said. For example, the company delayed

the launch of Windows Vista in order to follow new security protocols, such as threat modeling and reducing the number of people who have access to a system.

New threats accompanie­d the explosive growth of the Internet and the rise of smartphone­s, leading to the creation of the Digital Crimes Unit, a division whose goal was to go after botnets, or groups of computers that infect other computers to steal banking and other personal data. Staffed by former prosecutor­s, the unit adopted a novel legal strategy of obtaining secret court warrants that enabled it to seize computers and Web domains affiliated with the botnets.

The unit brought the suits on the grounds that the fake emails used to spread malware violated Microsoft’s trademarks. The secrecy enabled the the unit to shut down domains without spooking or tipping off bad actors.

Since 2016, the Digital Crimes Unit has turned its focus to nation-state actors including Russia, China, North

Korea and Iran, and it is now tracking roughly 70 commercial and nation-state threat groups, according to the company. Each group gets a code name after an element on the periodic table. The Russian intelligen­ce agency, or GRU, is called Strontium. The unit has obtained three secret warrants from U.S. courts to go after Strontium-controlled domains, including six used in the attack Microsoft disrupted in August, according to the company.

Consumer companies are just waking up to a new array of security challenges, Nadella said. But because Microsoft has been responsibl­e for securing the data of large corporatio­ns, “I’ve lived in what I think is high scrutiny all [my] life,” he said.

“It could be that some companies that are predominan­tly consumer companies are realizing that even consumers are going to be very discrimina­te … in terms of their technology use and their demands of technology vendors. … So I say, welcome to the club,” Nadella said.

Newspapers in English

Newspapers from United States