The audience: The Tuesday afternoon hearing – the Congress’ first public investigation into the SolarWinds breach – will focus on the role that private companies have played in discovering, analyzing and sharing information about the breaches, as well as in correcting any underlying problems in their own products.
The list: On Monday, Google offered lawmakers a list of more than a dozen questions that a Senate aide said aimed at examining the security of Microsoft products, such as Windows 10, Azure and Office 365. The aide spoke on condition of anonymity in order to discuss the matter freely.
It is not clear whether all lawmakers on the 16-member panel received the list of queries from Google.
The aide said some, but not all, of the questions were addressed to Smith, who will appear on the committee on Tuesday afternoon alongside executives from SolarWinds and cyber security firms FireEye and CrowdStrike. The last two companies have been at the forefront in discovering the breadth and scope of the likely Russian espionage operation that officials believe to target nine federal agencies and about 100 companies.
A second Senate aide, who also spoke on condition of anonymity, described Google’s questions as “bad” and that committee members were advised to be cautious about them.
Neither Google nor Microsoft responded to requests for comment.
Discover Microsoft’s role: On December 14 Securities and Exchange Commission file, SolarWinds appeared to claim that hackers first accessed their systems through flaws in Microsoft’s Office 365 service. Microsoft vehemently denied what. In the same FAQ, Microsoft denied a December 17 Reuters report that hackers breached their network and used their products “to promote attacks on others”.
But Microsoft admitted that hackers accessed the source code for some of their products and reviewed the code related to the products they later exploited to preserve their access to breached networks.