Microsoft announced Friday it will stop using China-based engineers to provide technical assistance to the U.S. military as Defense Secretary Pete Hegseth ordered a two-week review of Pentagon cloud deals.
The decisions follow a letter from Sen. Tom Cotton (R-Ark.) to Hegseth, pressing the Department of Defense for information about Microsoft's use of engineers based in China to maintain military cloud computing systems.
In his letter to Hegseth, Cotton said that "the U.S. government recognizes that China's cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains."
He requested a list of contractors using Chinese personnel and information about how digital escorts are trained to detect any suspicious activity. The U.S. military "must guard against all potential threats within its supply chain, including those from subcontractors," he wrote.
Hegseth Orders Review
In a video posted on X Friday, Hegseth said he is initiating a two-week review to ensure China-based engineers were not working on any other cloud services contracts across the Defense Department."I'm announcing that China will no longer have any involvement whatsoever in our cloud services, effective immediately," Hegseth said in the video. "We will continue to monitor and counter all threats to our military infrastructure and online networks."
Microsoft's Response
Microsoft spokesperson Frank Shaw said on X that the company "has made changes" to how it supports U.S. government customers "in response to concerns raised earlier this week ... to assure that no China-based engineering teams are providing technical assistance" for services used by the Pentagon.Digital Escort System
ProPublica's investigation found that Microsoft relies on U.S. citizens with security clearances, known as "digital escorts," to oversee foreign engineers who possess far more advanced technical skills. Such escorts, often former military personnel with little coding experience, are paid barely more than minimum wage for their work.Security Vulnerabilities
The arrangement has been in place for nearly a decade, though its existence is being reported publicly for the first time. The system was critical to Microsoft winning the federal government's cloud computing business, but experts warn it leaves sensitive data vulnerable to hacking from China, which the U.S. intelligence community considers the nation's leading cyber adversary.Expert Concerns
National security and cybersecurity experts said they were both surprised and alarmed upon learning of the arrangement.Harry Coker, a former senior executive at the CIA and National Security Agency who also served as national cyber director during the Biden administration, called it "an avenue for extremely valuable access" for potential operatives, according to the ProPublica report.
"If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that," Coker said, adding that he and his former intelligence community colleagues "would love to have had access like that."
Skills Gap Problem
The investigation revealed a fundamental mismatch between the technical capabilities of U.S. escorts and the Microsoft engineers they supervise. Many escorts are former military personnel hired primarily for their security clearances rather than technical expertise."People are getting these jobs because they are cleared, not because they're software engineers," said an escort who works for contractor Insight Global and spoke anonymously with ProPublica.