Pentagon Probes Microsoft’s China Cloud Workforce
Cloud Security and Pentagon’s Concerns
The Pentagon is scrutinizing Microsoft after revelations that engineers based in China have helped maintain sensitive U.S. Defense Department computer systems, despite rules barring foreign nationals from directly accessing such data. Microsoft used a system called “digital escorts”—U.S. citizens with security clearances—to supervise the work of these overseas experts, mostly by relaying commands and updates into the federal cloud.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” said a current digital escort who requested anonymity.
Read ProPublica’s coverage.
See Fox News report.
Cloud Security Risks Identified
Security experts and former government officials pointed out that many digital escorts lacked the technical expertise needed for effective oversight. This leaves the systems vulnerable since an escort might copy and paste a malicious code provided by foreign staff, not realizing the risk. The situation is aggravated by the fact that such data, while not classified, is considered highly sensitive and its exposure could have severe national security consequences.
“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious, then [escorts] would have no idea,” said Matthew Erickson, a former Microsoft engineer.
Cloud Security in Practice
Microsoft adopted this digital escort system to comply with federal rules while still tapping its global workforce, including cost-effective overseas staff. Job adverts show that digital escort roles often paid just above minimum wage and required security clearances but little technical skill, focusing more on legal compliance than robust defense. Microsoft, in its statements, maintained that all personnel with privileged access underwent federally approved background checks.
A spokesperson from the Defense Information Systems Agency (DISA) said these escorts operate “in select unclassified environments” and do not have direct hands-on access to government systems but guide authorized administrators.
Pentagon’s Cloud Security Response
Internal Pentagon discussions are underway due to these reports, with many officials expressing surprise at the arrangement. Some compared the practice to allowing adversary oversight without robust checks. Analysts argue this reflects a larger issue in tech-government cooperation, where security sometimes loses out to cost and convenience.
David Mihelcic, former DISA CTO, highlighted, “Here you have one person you really don’t trust because they’re probably in the Chinese intelligence service, and the other person is not really capable”.
Cloud Security Lessons for National Defense
The concerns come amid heightened U.S.-China tensions and frequent reports of Chinese cyber espionage targeting American infrastructure, including Microsoft’s cloud services. Investigations and public scrutiny are pushing for stronger safeguards in cloud security, especially where national defense is involved.
Access WebProNews for more details.
