Microsoft announced a series of changes and said it would implement all of the board’s recommendations.
The report triggered a House Homeland Security Committee hearing with Microsoft president Smith last month. Smith said the company was making security its top priority.
He also raised concerns about the board’s conflicts of interest. While Wyden and other experts have criticized the role of federal officials, Smith complained about the board’s private-sector members, including executives from Google and other Microsoft competitors. “I think it’s a mistake to put on the board the competitors of a company that is the subject of a review,” he said. Smith warned that other companies might not be as cooperative with the board as he said Microsoft had been.
Three of the board’s private-sector members—including board Vice Chair Heather Adkins, a Google executive — recused themselves from the Microsoft report, as did two members from the Office of the National Cyber Director and one from the FBI, who were replaced by one colleague from each agency.
A DHS spokesperson declined to say why the public-sector members recused themselves but said board members are required to step aside if a review includes “examinations of their employers’ products or those of competitors” or if a board member has “financial interests relating to matters under consideration.”
Silvers said every board member, including public-sector members, goes through a “rigorous” review of conflicts of interest. He said the current model has proven effective and is less costly than standing up an independent agency.
“Creating an entirely new agency with a professional workforce would be exceedingly expensive, would take many years to do and could cannibalize the scarce cyber talent that we have in the US government as it is,” he said. “In an era of scarce budgets, belt tightening, competition for talent, it’s really a terrific model.”
Still, DHS acknowledges that the board needs more resources and investigative muscle. Last year, the department released proposed legislation to make the board permanent, with dedicated funding, limited subpoena power, and a full-time staff.
Silvers said the bill has the support of the Biden administration, but it has not been introduced and does not have a sponsor.
Wheeler, the cybersecurity executive, said she recognizes how challenging any reforms would be but that she and others will keep advocating for the board to become an independent government agency.
“I am frankly surprised that they got [the board] done at all,” she said. “Now I want them to make it better.”
ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.
