Republican lawmakers on Thursday grilled a Microsoft executive about the company’s operations in China, about a year after Chinese hackers used the tech giant’s systems to launch a devastating hack of federal government networks.

Several members of the House Homeland Security Committee questioned Microsoft President Brad Smith during an hour-long hearing how a major U.S. government contractor like Microsoft could maintain commercial business in China, which Smith said accounted for about 1.4% or 1.5% of the company’s sales.

“Is it really worth it?” asked Rep. Carlos Jimenez, R-Fla.

Smith said Microsoft’s operations in China serve U.S. interests by protecting the trade secrets of Microsoft’s American customers operating in China and learning from developments in other parts of the world.

He also said Microsoft had rejected requests from the Chinese government to hand over sensitive information. “I can tell you that sometimes, Microsoft is approached with questions that come across my desk and I say, ‘No,’ ” he said.

The hearing was held in response to the Department of Homeland Security Cybersecurity Review CommitteeIn MarchA scathing reportThe report details how “a series of security failures at Microsoft” allowed a hacking group called Storm-0558, which the report says is a spy group affiliated with the Chinese government, to penetrate Microsoft’s email systems in May and June of last year.

The report criticized Microsoft for having a “corporate culture that does not prioritize enterprise security investments and rigorous risk management” and said the company’s cybersecurity practices were critical to national security because “Microsoft’s products and services are ubiquitous.”

The report said the breach “should not have happened.” It said Microsoft didn’t even know how the hackers obtained the digital keys. It also accused Microsoft of making inaccurate public statements about the hack last fall.

Smith told the hearing that Microsoft has been scaling back its engineering operations in China and offered last month to relocate 700 or 800 employees who “needed to leave China to keep their jobs.”

Smith pledged urgent security work within Microsoft, which he called “the single largest cybersecurity engineering project in the history of digital technology.”

Despite the harsh language of the report on Microsoft’s security flaws, lawmakers at the hearing refrained from sharply questioning Smith, instead focusing on the ways in which the government and private sector can work together.

“This is not a hearing to capture evidence,” the committee’s ranking Democrat, Rep. Bennie Thompson of Mississippi, said in his opening statement.

Smith stunned lawmakers by describing the scale of the challenges facing the company, saying Microsoft detects more than 300 million attacks against its customers every day.

Smith said the company’s board approved a plan to tie one-third of executives’ individual performance bonuses to cybersecurity, and he said all Microsoft employees would be assessed on cybersecurity in their twice-yearly performance reviews.

Microsoft’s competitors seized on its vulnerability. NetChoice, a trade group whose supporters include Google, Amazon and Meta, released a voter survey criticizing the government’s reliance on Microsoft. NetChoice and several other trade groups backed by competitorsWrite toBiden administration officials called on the governmentDiversify your use of technology vendors.

A public relations firm that counts Google as a client often emails journalists when negative stories about the Microsoft hack emerge, sometimes recommending experts to interview. This week, business software company Salesforce sent a commentary to journalists touting its security culture.

Amazon CEO Andy Jassy told investors in late April that security is of paramount importance as customers choose which AI services to use.

“If you look at what’s happened over the last year or two,” he said, “there’s been a lot of mixed performance from vendor to vendor.”