Microsoft Says It Has Stopped Using China-Based Engineers to Support Defense Department Computer Systems
In a significant shift, Microsoft has announced that it will no longer use China-based engineers to support Defense Department cloud computing systems, following a ProPublica investigation that revealed the practice was leaving sensitive government data vulnerable to cyberattacks.
The Investigation Reveals A Vulnerability In The System
ProPublica's investigation found that Microsoft uses foreign-based engineers, including those from China, to help maintain the Defense Department's computer systems with minimal supervision by U.S. personnel. This arrangement relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
However, these workers, known as "digital escorts," often lack the technical expertise to police the work of foreign engineers with far more advanced skills, leaving some of the nation's most sensitive data vulnerable to hacking or spying from leading cyber adversaries.
A Response From Microsoft
In response to concerns raised earlier this week about U.S.-supervised foreign engineers, Microsoft has made changes to its support for U.S. Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services.
Defense Secretary Pete Hegseth Weighs In
Dear colleague, FOREIGN ENGINEERS — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems. I will be looking into this matter further," wrote Defense Secretary Pete Hegseth in a post on X Friday.
The Importance Of The Change
The change announced by Microsoft is significant, as it underscores the importance of ensuring that personnel working with sensitive federal data are U.S. citizens or permanent residents. This requirement was established for cloud computing companies like Microsoft in 2011, but the company's reliance on a vast global workforce has created challenges.
How It Works
In its investigation, ProPublica detailed how Microsoft uses engineers in China to help maintain the Defense Department's computer systems. The arrangement relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
An engineer might briefly describe the job to be completed — for instance, updating a firewall, installing an update to fix a bug or reviewing logs to troubleshoot a problem. Then, with little review, an escort would copy and paste the engineer's commands into the federal cloud," said one digital escort in ProPublica.
The Role Of Digital Escorts
Digital escorts have a crucial role to play in maintaining the security of sensitive data. They are provided with specific training on protecting sensitive data, preventing harm, and using the specific commands/controls within the environment," said Microsoft.
Insight Global — a contractor that provides digital escorts to Microsoft — said it "evaluates the technical capabilities of each resource throughout the interview process to ensure they possess the technical skills required" for the job and provides training."
The Implications
The arrangement between Microsoft and the Defense Department has raised concerns about the vulnerability of sensitive data to cyberattacks. The change announced by Microsoft is a significant step towards addressing these concerns and ensuring that personnel working with sensitive federal data are U.S. citizens or permanent residents," said ProPublica.