Microsoft’s Use of Chinese Engineers for Pentagon Support Raises Concerns
Microsoft reportedly employs engineers from China to maintain the computer systems of the US Department of Defense, a move that minimizes oversight by American personnel. This arrangement is seen by Microsoft as crucial to competing in the Pentagon’s cloud computing sector, but it potentially exposes sensitive data to risks of espionage and hacking from China.
To mitigate these risks, the company utilizes US workers with security clearances, dubbed “digital escorts,” to supervise the Chinese engineers and guard against malicious activities. However, an investigation by Propublica uncovered that many of these escorts may not possess the necessary technical skills to effectively monitor the more experienced foreign engineers. Some of these escorts have military backgrounds but lack substantial software engineering expertise and often receive low pay.
While Microsoft asserts that it disclosed this escort model to government officials, a former US official noted a lack of awareness regarding the arrangement among authorities. This setup has drawn attention from cybersecurity experts, who see it as an opportunity for Chinese operatives to breach US networks.
The Department of Defense mandates that only US citizens or permanent residents handle its most sensitive data. Microsoft’s digital escort program appears to be an attempt to utilize a global workforce while pursuing Pentagon contracts. Here’s a brief overview of how the process works:
Chinese engineers submit digital maintenance requests or “tickets,” which US-based escorts subsequently pick up. The two parties communicate directly, with engineers instructing escorts on commands to input into federal cloud systems, often without full clarity on the underlying code. This situation presents a potential vulnerability for introducing malicious code without detection.
Microsoft claims to have instituted surveillance measures, but insiders express concerns that the gap in knowledge between engineers and escorts is too significant to effectively manage the risks. Staffing firms like Insight Global are looking for candidates to fill these escort roles, prioritizing security clearance over coding proficiency. One escort mentioned that “what they’re doing is not malicious.”
Concerns about security risks related to this program have been voiced several times over the years, even by some of Microsoft’s own cybersecurity leaders, yet the company has continued to develop the escort initiative. Experts warn that the potential for surveillance of the Pentagon’s networks poses a serious threat, especially in light of escalating tensions with China and its capabilities to compel citizens to aid in intelligence efforts.
