Microsoft said Friday it will end the use of China-based engineers to support its cloud services for the Defense Department after a ProPublica investigation found that the company was using Chinese personnel monitored by U.S.-based “digital escorts” to help maintain sensitive military systems.
The IT servicing model—where the digital escorts serve as a go-between connecting foreign engineers’ tech fixes to the systems that need patching—could open some of the most sensitive U.S. national security and military secrets to China, according to the report. It cited people aware of the program and former U.S. officials who commented on potential security risks that could arise from it.
The digital escorts are U.S. citizens with security clearances who act as intermediaries between China-based Microsoft engineers and the Pentagon’s cloud infrastructure. The escorts are tasked with manually inputting commands into military systems on behalf of their foreign counterparts, who are barred from direct access.
But many escorts lack the technical expertise to evaluate the code they’re entering, the report said, raising fears that they may unwittingly introduce vulnerabilities or malicious scripts into some of the government’s most sensitive networks.
“In response to concerns raised earlier this week about U.S.-supervised foreign engineers, Microsoft has made changes to our support for U.S. government customers to assure that no China-based engineering teams are providing technical assistance for DOD government cloud and related services,” Microsoft lead spokesperson Frank Shaw said in a Friday X post.
Defense Secretary Pete Hegseth also said Friday he initiated a review to be completed in two weeks or less that would ensure the decade-old system or related programs aren’t in place anywhere in the Defense Department.
“This is obviously unacceptable, especially in today’s digital threat environment,” he said in a video, later adding that China “will no longer have any involvement whatsoever in our cloud services, effective immediately.”
Hegseth did not provide further details about the review but said that “some tech companies” use these models to assist with the department’s cloud services, hinting that other major Pentagon cloud providers may be examined.
It’s also possible the investigation would explore providers certified by the Cybersecurity Maturity Model Certification program, a DOD framework that assesses the cyber posture of defense contractors and subcontractors.
Microsoft has been the subject of past Chinese hacking attempts, including one that pilfered thousands of emails in 2023 from State Department and Commerce Department email inboxes.
The ProPublica reporting drew concerns from Sen. Tom Cotton, R-Ark., who heads the Senate Intelligence Committee.
“The U.S. government recognizes that China’s cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks and supply chains,” Cotton wrote in a letter addressed to Hegseth. “DOD must guard against all potential threats within its supply chain, including those from subcontractors.”
