Biden officials who played key roles in evaluating a Microsoft product breached by Chinese hackers now enjoy senior positions at the technology corporation.
Two high-level Biden administration officials who played key roles in evaluating a Microsoft security product that was breached by Chinese hackers now enjoy senior positions at the technology corporation, according to public social media profiles.
Former Department of Justice chief information officer Melinda Rogers and former Deputy Attorney General Lisa Monaco both played parts in the DOJ’s acceptance and continued use of GCC, a suite of purportedly secure cloud-based services offered by Microsoft, during their tenure in the Biden administration. A recentthat, before Chinese hackers were caught infiltrating GCC, federal officials tasked with auditing the product claimed that Microsoft struggled to prove that its cloud products were secure.Fairfax County ignored 2023 detainer against illegal immigrant now accused of murder, ICE says, who was tapped to be the firm’s global affairs president, took actions that helped GCC obtain and maintain a lucrative foothold within the federal government. It was Rogers who made the decision to deploy a version of GCC within the DOJ in early 2020, after the product suite had been evaluated by third-party assessment organizations as well as an audit from the DOJ itself. The DOJ’s decision to adopt GCC came with a significant financial upside for Microsoft, placing it on the government’s official online marketplace for cloud services. This, according to, amounted to free advertising for the tech giant and an implicit seal of federal approval. Microsoft President Brad Smith addresses a media conference regarding Microsoft’s acquisition of Activision Blizzard and the future of gaming in Brussels, Tuesday, Feb. 21, 2023. | After Rogers’s approval, GCC went through a years-long back-and-forth with federal auditors who claimed Microsoft repeatedly failed to provide crucial information about its security procedures. The auditors also claimed that there was a potential conflict of interest problem with the third-party assessment organizations that initially cleared GCC, seeing as they were paid by Microsoft., rebuffed these allegations by arguing that federal auditors provided them with vague information requests that they were unable to fulfill to their satisfaction and asserting that the independent investigators it retained complied with industry standards. Some of the federal auditors, speaking anonymously, claimed that Microsoft’s secure cloud network was overly exposed to non-secure networks, thus making it ripe for breaches, a concern that the firm failed to assuage. Amid this years-long process, the White House revealed to federal auditors in 2023 that Chinese state-sponsored hackers had infiltrated the system, seizing emails and other data from the secretary of commerce, America’s ambassador to China, and other top-level officials. Following this revelation, federal auditors told Microsoft that they would be ending their process to clear Microsoft’s cloud services and, if Microsoft wanted full authorization, it would need to start the process over. This, naturally, infuriated Microsoft, as it imperiled billions of dollars in possible revenue.that Microsoft’s point-person for government cloud services, John Bergin, pushed the department to “throw around our weight” to secure the authorization for the company’s product. Then, that December, Microsoft secured a meeting with the federal auditors to negotiate a resolution. Early in the meeting, Bergin interrupted one of the auditors, arguing that they “should essentially just accept” GCC’s security bona fides, seeing as the DOJ had already done so. Rogers, reportedly to the shock of those in attendance, backed up Microsoft by criticizing the work of the auditors. Rogers repeatedly pressed auditors to “get this thing over the line,” in reference to GCC, multiple former federal employees toldIt was the “opinion of the staff and the contractors that she simply was not willing to put heat to Microsoft on this” and that the DOJ “was too sympathetic to Microsoft’s claims,” former GSA executive director for cloud strategy Eric Mill said. The U.S. Department of Justice building is seen in Washington, Dec. 7, 2024. Though the team ultimately concluded that “there is a lack of confidence in assessing the system’s overall security posture,” they authorized Microsoft’s cloud services nonetheless. The summary document associated with the decision stated that “not issuing an authorization would impact multiple agencies that are already using GCC-H,” signalling that the DOJ initially getting GCC into the government’s bloodstream proved crucial to its ultimate approval. A Microsoft spokesperson claimed that there was “absolutely no connection” between Rogers receiving an employment offer from Microsoft and her role in the GCC approval process. She and the company, according to the spokesperson, complied with “all rules, regulations, and ethical standards.” Monaco’s role in the GCC approval process was, from what can be gleaned from public reporting, less direct than Rogers’s involvement. After Russian hackers were discovered to have breached government computer systems in late 2020, reportedly exploiting a long-existing weakness in a Microsoft product, Monaco announced an effort to use the False Claims Act to litigate against government contractors who “fail to follow required cybersecurity standards.”found no evidence that Monaco used her position to scrutinize Microsoft GCC, despite its reported security lapses. “There is absolutely no connection between these hirings and any involvement they may have had with the authorization of GCC High,” a Microsoft spokesperson told the, addressing both Monaco and Rogers. “As with the hiring of any former government employee, we comply fully with all rules, regulations, and ethical standards regarding their employment, including recusal requirements for work connected to their previous agencies or relevant subjects during the designated period.”“Before the DOJ authorized GCC High, there were plenty of public reasons to treat Microsoft’s China operations as a serious security concern,” Tech Integrity Project policy director Geoffrey Cain told the. “The company’s Beijing research lab had produced alumni who went on to build China’s sanctioned surveillance companies. Its employees had co-published AI research with a Chinese military university. Also, DOJ’s own cybersecurity rules required US-only personnel for IT maintenance precisely because foreign access to sensitive systems is a known risk. Any one of those facts should have triggered harder questions about putting sensitive law enforcement data on Microsoft’s cloud. Together they should have made GCC High subject to rigorous scrutiny.” “DOJ was the department pushing this product through, and the agency responsible for prosecuting companies that misrepresent their cybersecurity under the False Claims Act,” he added. “That is a structural conflict of interest.”
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
US Ally Says Chinese Warship Locked Radar on Naval VesselThe Philippines also accused Chinese forces of firing flares during a patrol near a contentious militarized reef.
Read more »
South Africa Imposes Hefty Tariffs on Chinese Steel Amid Dumping ConcernsSouth Africa's ITAC has levied substantial tariffs on Chinese steel after an investigation confirmed product dumping. This action aims to protect the domestic steel industry, facing difficulties due to cheaper imports, and will be in effect for up to five years. The move is significant given South Africa and China's membership in the BRICS economic bloc. Tariffs are also imposed on products from Japan and Taiwan, and follow previous actions against Thailand.
Read more »
Chinese automotive giant achieves 11-minute full charge milestone with sodium-ion techChina's BAIC has achieved an 11-minute full charge using sodium-ion battery technology, marking a significant step in the race to develop more cost-efficient alternatives to lithium systems.
Read more »
Microsoft acknowledges that, hey, maybe Notepad didn't need AI integrationMicrosoft has said it intends to remove 'unnecessary'—their word, not ours—Copilot integration from the planet's most simple computer programs.
Read more »
Microsoft Cloud Product Authorized Despite Cybersecurity ConcernsFederal cybersecurity evaluators authorized Microsoft's Government Community Cloud High (GCC High) in late 2024 despite serious security concerns stemming from incomplete documentation and a lack of confidence in assessing the system's security. The authorization followed a five-year review process marked by Microsoft's repeated failure to provide necessary documentation, raising concerns given Microsoft's history with cyberattacks on the US government.
Read more »
Analyst Warns Against Using Microsoft’s Copilot AI on Friday AfternoonsAt Futurism, I focus on the intersection of technology and power — examining the economics, history, and politics behind today’s dystopian headlines. As a writer, I’m interested in topics ranging from AI’s impact on labor to startups nobody asked for. My prior work includes bylines in Jacobin, Verso, and Blue Labyrinths.
Read more »