Stunning, Sudden Developments Lead Microsoft to Change DoD Practices
By Paul Steidler: A series of surprising, fast-moving events over the past week raised national security alarms, leading to an embarrassing situation for Microsoft and prompting the company to change how it supports important U.S. Department of Defense computer systems. Government officials also continue to probe the matter.
On July 15, ProPublica published a lengthy article on an investigation that found, “Microsoft is using engineers in China to help maintain the Defense Department’s computer systems – with minimal supervision by U.S. personnel – leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary.”
ProPublica continued, “The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearance to oversee the work and serve as a barrier against espionage and sabotage. But these workers, known as ‘digital escorts.’ often lack the technical expertise to police foreign engineers with far more advanced skills.”
Senator Tom Cotton (R-AR), Chairman of the Senate Select Committee on Intelligence, took prompt action. In a letter to Secretary of Defense Pete Hegseth on the morning of Friday, July 21, Senator Cotton urged the Department of Defense (DoD) to investigate ProPublica’s charges and to by July 31 provide, among other items, a list of subcontractors that hire digital escorts for Microsoft, or any other entity, and their interview and technical assessment process for candidates.”
Secretary Hegseth promptly and clearly responded to Senator Cotton on X/Twitter at 11:10 a.m. that morning, ordering a review and saying, “Spot on Senator. Agree fully. Our team is already looking into this ASAP. Foreign engineers – from any country, including of course China – should NEVER be allowed to maintain or access DoD systems.”
Later that Friday afternoon, at 4:00 p.m., Frank Shaw, a senior communications executive with Microsoft tweeted, “In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services.”
The positive, rapid response to the ProPublica article, less than 72 hours after its publication is encouraging. In addition to providing the information that Senator Cotton has requested, there should also be a thorough investigation by the DoD and Congress to see the breadth and scope of potential damage and to identify steps so that such practices are never repeated in the future.