Microsoft's Cloud Security Flaws and Key Theft Incidents

The Cyber Safety Review Board’s (CSRB) report on the Summer 2023 Microsoft Exchange online intrusion sheds light on how a series of flaws in Microsoft’s cloud infrastructure and security processes allowed a hacking group associated with the People’s Republic of China (PRC) to strike the “equivalent of gold” in accessing the official email accounts of many of the most senior U.S. government officials managing the U.S. government’s relationship with the PRC. Lawfare Senior Editor Stephanie Pell sat down Maia Hamin, Associate Director with the Atlantic Council’s Cyber Statecraft Initiative; Trey Herr, Assistant Professor of cybersecurity and policy at American University’s School of International Service and Director of the Cyber Statecraft Initiative at the Atlantic Council; and Marc Rogers, Co-Founder and Chief Technology Officer for the AI observability startup nbhd.ai, to discuss their recent Lawfare piece about the CSRB’s report and the lagging state of cloud security policy. They talked about ways to improve cloud service provider transparency, other investigative and regulatory tools that could facilitate better cloud security, and their thoughts on Microsoft’s response to the CSRB’s report. 

To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.

Support this show http://supporter.acast.com/lawfare.

Hosted on Acast. See acast.com/privacy for more information.