The Department of Defense (DoD) has launched a two-week review to investigate and eliminate the possible use of China-based engineers by vendors in any DoD systems contracts.
“This is obviously unacceptable in today’s digital threat environment,” Defense Secretary Pete Hegseth said in a video posted on X. “We have to ensure that our systems here at DoD are iron-clad and impenetrable […] China will no longer have any involvement whatsoever in our cloud services, effective immediately.”
The review was prompted by a ProPublica investigation revealing that Microsoft used China-based engineers to assist with patching DoD systems. Although the engineers had no direct access to the systems, they worked through “digital escorts” – U.S. citizens with security clearances who manually input commands on their behalf. The report raised concerns that these escorts often lacked the technical skills to detect malicious activity, despite meeting security requirements.
The report quickly drew attention on Capitol Hill. Sen. Tom Cotton, R-Ark., sent a letter to Hegseth requesting detailed information on contractors using China-based personnel and the selection and training process for digital escorts.
“While this arrangement technically meets the requirement that U.S. citizens handle sensitive data, digital escorts often do not have the technical training or expertise needed to catch malicious code or suspicious behavior,” Cotton wrote. He called on Hegseth to deliver a list of DoD contractors employing Chinese workers, subcontractors providing digital escorts, their training protocols, and recommendations for tightening Federal cloud security standards.
In response to the backlash, Microsoft announced it is discontinuing the use of China-based engineers on DoD projects.
“In response to concerns raised earlier this week about U.S.-supervised foreign engineers, Microsoft has made changes to our support for U.S. government customers to assure that no China-based engineering teams are providing technical assistance for DoD government cloud and related services,” Microsoft spokesperson Frank Shaw, posted on X.
“We remain committed to providing the most secure services possible to the U.S. government, including working with our national security partners to evaluate and adjust our security protocols as needed,” he added.
Hegseth said the department’s review would focus on ensuring that similar arrangements are not in place across other DoD cloud contracts. “We will continue to monitor and counter all threats to our military infrastructure and online networks,” he said.