The Department of Homeland Security is conducting an investigation into the security of cloud computing platforms in response to the July hack of Microsoft Exchange Online.
In response to the government-sponsored hack of Microsoft Exchange Online in July that resulted in the loss of emails from American citizens, the Department of Homeland Security's Cyber Safety Review Board has begun an investigation into the security of cloud computing platforms in the department of State and other governmental organizations.
DHS Secretary Alejandro Mayorkas made the review public, which would look into the Microsoft attack that was attributed to hackers with ties to China.
The investigation will also look into possible actions that the federal government, the commercial sector, or the main cloud service providers could take to improve cloud-based identity management and authentication.
Microsoft announced in July that Storm-0558, a hacking group suspected of being supported by China for espionage, had gained access to roughly 25 different firms, including some government clients, by using fake authentication credentials. During a period of increased tensions between the United States and the People's Republic of China, emails associated with U.S. Commerce Secretary Gina Raimondo, as well as some extremely sensitive communications from the U.S. State Department, were stolen in targeted attacks.
Federal authorities and U.S. lawmakers criticized Microsoft when they discovered the hacks through an examination of security records that were only accessible to Microsoft subscribers who paid extra costs. Following significant backlash, Microsoft decided to provide customers with free access to this data.
