By Raphael Satter
WASHINGTON (Reuters) – Top executives at Texas-based software company SolarWinds Corp, digital giant Microsoft Corp and cybersecurity firms FireEye Inc and CrowdStrike Holdings Inc are expected to defend their companies’ responses to a series of breaches blamed on Russian hackers when they face the U.S. Senate’s Select Committee on Intelligence on Tuesday.
The four are expected to argue for more – or even mandatory – transparency in the national response against cyberespionage, which has long been hobbled by secrecy and a widespread reluctance by organizations to identify publicly as victims of hacking.
The four companies are key players in the response against a spectacular set of intrusions that have allowed alleged Russian spies to run amok across American networks, compromising a total of nine federal agencies and 100 private-sector companies in what Microsoft’s president, Brad Smith, described as the “largest and most sophisticated attack the world has ever seen.”
Smith was among those set to testify on Tuesday. The others were FireEye Chief Executive Kevin Mandia, whose company was the first to discover the hackers, SolarWinds Chief Executive Sudhakar Ramakrishna, whose company’s software was hijacked by the spies to break in to a host of other organizations, and CrowdStrike Chief Executive George Kurtz, whose company is helping SolarWinds recover from the breach.
They and others have hinted that the true scope of the breaches is far wider than is publicly known, in part because embarrassed executives at other companies are trying to keep their role in the cyberespionage campaign a secret.
According to an excerpt of his testimony released in advance, Microsoft’s Smith is expected to say that “too many cyberattack victims keep information to themselves,” adding, “It’s imperative for the nation that we encourage and sometimes even require better information-sharing about cyberattacks.”
SolarWinds’ Ramakrishna is expected to call for lawmakers to provide companies “with the appropriate incentives and liability protections to share more information on attempted or successful breaches” with the government, according to prepared remarks.
(Reporting by Raphael Satter in Washington; Editing by Howard Goller and Matthew Lewis)