Defense Secretary Pete Hegseth said the Pentagon was ‘looking into’ a cloud computing program run by Microsoft utilizing foreign workers from China, which was criticized this week for potentially lacking adequate safeguards, which could provide the CCP easy access to classified defense data and systems.
A ProPublica report released Tuesday accused Microsoft of allowing China-based engineers to assist with Pentagon cloud systems with inadequate guardrails in an effort to scale up its government contracting business.
In response, Sen. Tom Cotton, R-Ark., sent a letter to Hegseth Thursday asking for information and documents about the program, including a list of all Department of Defense (DOD) contractors that hire Chinese personnel to provide maintenance or other services to DOD systems, a list of subcontractors that hire Microsoft’s American-born ‘digital escorts’ required to supervise foreign computer scientists while they work on DOD systems and documents on the training these supervisors receive to identify suspicious activity.
‘In light of recent and concerning reports about Microsoft using engineers in China to maintain DOD systems, I’ve asked the Secretary of Defense to look into the matter,’ Cotton said in a post on X sharing his letter to Hegseth. ‘We must guard against all threats within our military’s supply chain.’
A few hours after Cotton’s X post, Hegseth responded, ‘Spot on senator.’
‘Agree fully,’ Hegseth said in his own X post responding to Cotton. ‘Our team is already looking into this ASAP. Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DOD systems.’
The ProPublica report cited current and former employees and government contractors who worked on a cloud computing program deployed by Microsoft in 2016, which involved a ‘digital escort’ framework. The program, meant to meet federal contracting regulations, used a system of ‘digital escort’ chaperones for global cybersecurity officials, such as those based in China, meant to create a security buffer so that they can work on agency computing systems. DOD guidelines require that people handling sensitive data be U.S. citizens or permanent residents.
According to sources who spoke to ProPublica, including some who had intimate familiarity with the hiring process for the $18-per-hour ‘digital escort’ position, the tech employees being hired to do the supervising lacked the adequate tech expertise to prevent a rogue Chinese employee from hacking the system or turning over classified information to the CCP.
The sources elaborated that the escorts, often former military personnel, were hired for their security clearances more than their technical abilities and often lacked the skills to evaluate code being used by the engineers they were supervising.
In China, people are governed by sweeping laws compelling government cooperation with data collection efforts.
‘If ProPublica’s report turns out to be true, Microsoft has created a national embarrassment that endangers our soldiers, sailors, airmen and marines. Heads should roll, those responsible should go to prison and Congress should hold extensive investigations to uncover the full extent of potential compromise,’ said Michael Lucci. Lucci is the CEO and founder of State Armor Action, a conservative group with a mission to develop and enact state-level solutions to global security threats.
‘Microsoft or any vendor providing China with access to Pentagon secrets verges on treasonous behavior and should be treated as such,’ Lucci added.
A Microsoft spokesperson defended the company’s ‘digital escort’ model Tuesday, saying all personnel and contractors with privileged access must pass federally approved background checks.
‘For some technical requests, Microsoft engages our team of global subject-matter experts to provide support through authorized U.S. personnel, consistent with U.S. government requirements and processes,’ the spokesperson added. ‘In these instances, global support personnel have no direct access to customer data or customer systems.’
The Defense Information Systems Agency’s (DISA) public information office was initially unaware of the program when ProPublica began asking questions about it, but it eventually followed up to point out that ‘digital escorts’ are used ‘in select unclassified environments’ at the Defense Department for ‘advanced problem diagnosis and resolution from industry subject-matter experts.’
In Cotton’s letter to Hegseth, the Republican senator requested answers to his questions by the end of the month.
Microsoft did not immediately respond to Fox News Digital’s requests for comment on this article.