Pentagon terminates use of China-based engineers to support cloud systems
Secretary of Defense Pete Hegseth announced Wednesday that the Pentagon has ended a Microsoft program that allowed Chinese engineers to maintain the department’s sensitive cloud systems, and that it expects all DOD contractors to do the same.
The decade-old IT servicing model was brought to light in July following a ProPublica investigation, which found that Microsoft was using U.S.-based “digital escorts” that would take direction on how to fix issues with the Defense Department’s cloud systems from experts based overseas. While the digital escorts had necessary security clearances to work on the Pentagon’s networks, foreign engineers — many of which were based in China — did not.
Many of the digital escorts didn’t have the technical expertise to prevent Chinese engineers from inserting malicious code into the Pentagon’s classified networks, according to the report. As a result, Microsoft’s program could have unwittingly exposed the DOD to cybersecurity risks, Hegseth said in a video posted on X.
“The use of Chinese nationals to service Department of Defense cloud environments — it’s over,” he said. “We’ve issued a formal letter of concern to Microsoft, documenting this breach of trust, and we’re requiring a third-party audit of Microsoft’s digital escort program, including the code and submissions by Chinese nationals.”
Separately, Hegseth has directed another investigation into Microsoft’s digital escorts and the China-based engineers involved to determine whether there were any negative impacts to the Pentagon’s cloud systems as a result of the program.
“Did they put anything in the code that we didn’t know about? We’re going to find out,” he said.
Microsoft is one of the Defense Department’s key vendors for information technology and cloud systems. For example, the company is one of four primary contractors for the $9 billion Joint Warfighting Cloud Capability (JWCC) led by the Defense Information Systems Agency, and provides a number of services related to software and IT across other contracts.
Three days after ProPublica’s investigation was published, Microsoft spokesperson Frank Shaw said in a post on X that the company has made changes to its programs with the Pentagon to ensure it no longer leverages engineers based in China to provide technical assistance.
“Microsoft has terminated the use of any China-based engineering teams for DoD cloud systems and we will continue to collaborate with the US Government to ensure we are meeting their expectations,” a Microsoft spokesperson told DefenseScoop on Thursday. “We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed.”
Moving forward, the department will require all software vendors to identify and terminate any involvement from Chinese engineers with the Pentagon’s cloud capabilities, Hegseth said.
“We expect vendors doing business with the Department of Defense to put U.S. national security ahead of profit maximization,” he said.
