Among Microsoft’s cloud computing services are detection tools that could have detected the Chinese email hack. The right tools are only part of the most comprehensive and most expensive subscription. In the US, they want to see things changed.
The Biden administration wonders if Microsoft should not change its cloud computing services. After all, the tech giant places detection tools behind a paywall, which allowed the Chinese e-mail hack to take place undetected.
Also read: ‘Chinese email hack affects Western European governments’
60 percent more expensive
According to CISA, the U.S. federal cybersecurity agency, the Chinese email hack could only be detected with tools from Microsoft’s most expensive subscription, package E5 from the Microsoft 365 offering, which costs about 60 percent more than the package with basic security tools (E3).
The federal agency calls the Biden administration to act: “Any organization using a technology service such as Microsoft 365 should have out-of-the-box access to logging and other security data to reasonably detect dangerous cyber activity.”
A source involved in the matter told The Wall Street Journal that Microsoft is under investigation. The investigation examines whether the tech giant complied with cybersecurity requirements for cloud providers.
At Microsoft, they certainly want to look at the options. “We are evaluating feedback and are open to other models,” a Microsoft spokesman said Thursday.
Delayed response
The email hack has reportedly been active since May. In June, the U.S. State Department detected suspicious activity through detection tools from E5. The department notified Microsoft, which was then able to locate and notify affected organizations.
This waterfall system where information goes from organization to organization naturally creates huge delays in fighting such hacks.