Pentagon Bans Tech Vendors From Using China-Based Personnel After ProPublica Investigation

The Defense Department has taken significant steps to tighten its cybersecurity requirements for tech companies that sell cloud computing services, following a shocking revelation from ProPublica about Microsoft's use of China-based engineers. The changes come as a result of an investigation by the nonprofit newsroom that exposed how Microsoft had been using Chinese personnel to maintain sensitive government data, leaving it vulnerable to hacking.

According to the Defense Department's new "Security Requirements Guide," only "personnel from non-adversarial countries" may work on its cloud systems. This means that China-based engineers are no longer allowed to provide maintenance services for the Pentagon's computer systems. Instead, U.S.-based supervisors, known as "digital escorts," must supervise foreign workers and ensure that they do not pose a risk to national security.

But how did this arrangement become so vulnerable to hacking? ProPublica's investigation found that top Pentagon officials were unaware of Microsoft's digital escort system, which the company had developed as a work-around to a Defense Department requirement. The system allowed Chinese engineers to work on sensitive government data without meeting the department's standards for handling such information.

Cybersecurity and intelligence experts have warned that this arrangement poses major risks to national security. Laws in China grant officials broad authority to collect data, which can be used against the United States or its allies. By using Chinese engineers, Microsoft was essentially putting sensitive government data at risk of being compromised by foreign adversaries.

Leading members of Congress have called on the Defense Department to strengthen its security requirements and blast Microsoft for what some Republicans called "a national betrayal." The company has since announced that it would stop using China-based engineers to service Defense Department cloud systems. However, this change may not come soon enough for the Pentagon, which is now conducting an investigation into the digital escort program with a focus on Microsoft's China-based engineers.

"Our commitment to national security is foundational, and we remain focused on providing the most secure services possible to the US government," said a Microsoft spokesperson in a statement. "We recently implemented changes to our Department support model, and will continue to work with our national security partners to evaluate and adjust our security protocols in light of the new directives."

The Defense Department's new security requirements are a significant step forward in protecting sensitive government data. However, experts warn that this is just the beginning, and more needs to be done to address the ongoing threat of cyber attacks from foreign adversaries.