
Senate Intelligence Committee Chair Tom Cotton, R-Ark., has called on Defense Secretary Pete Hegseth to immediately prohibit non-U.S. citizens from accessing Department of Defense (DoD) systems, citing escalating cybersecurity concerns.
In a letter sent this week, Sen. Cotton pressed Hegseth to enact an immediate policy change, arguing that current practices expose sensitive national security infrastructure to unnecessary risks.
The letter follows recent scrutiny triggered by a July ProPublica investigation revealing that Microsoft employed China-based engineers to assist with maintaining DoD systems.
Though those engineers did not directly access the systems, they operated through so-called “digital escorts” – U.S. citizens with security clearances who input commands on their behalf. The investigation raised concerns that these escorts often lacked the technical expertise to detect or prevent malicious activity.
In response to public backlash, Microsoft has since announced it will stop using China-based engineers on DoD projects. Hegseth also launched a two-week review aimed at identifying and eliminating the use of foreign engineers by vendors involved in DoD contracts.
Sen. Cotton, however, is now urging a more permanent solution.
“Foreign persons should never be allowed to access DoD systems, regardless of whether a U.S. citizen is supervising,” Sen. Cotton wrote. “The department, particularly the Under Secretary of Defense for Intelligence and Security, has the authority to immediately make these policy changes. I urge you to do so now.”
In addition to the policy change, the senator requested a full briefing from the department by Sept. 5 regarding any discovered vulnerabilities in the DoD’s cloud and software services, along with actions taken to mitigate those risks.
While acknowledging the department’s ongoing actions to end the use of Chinese engineers and identify other “digital escort” programs, Sen. Cotton signaled he plans to go further. He pledged to work in Congress to codify a permanent ban into law.
“Congress must prohibit non-U.S. citizens from accessing DoD systems under any circumstances and mandate DoD to revise its policies to comply with this prohibition,” he wrote.
The push may garner bipartisan support. Sen. Jeanne Shaheen, D-N.H., the top Democrat on the Senate Foreign Relations Committee, is also pressing Hegseth for answers. In her own letter, Sen. Shaheen requested a detailed explanation of how the DoD plans to address any cybersecurity gaps and prevent similar risks in the future.