Key Points
- Senator
Tom Cotton asked the Pentagon to explain Microsoft’s use of Chinese
engineers on U.S. military cloud projects. - Chinese
engineers worked under U.S. “digital escorts” with security clearances but
limited technical skills. - Escorts
often entered technical commands from engineers into DoD systems without
fully vetting them. - The
arrangement raises national security and oversight concerns.
- Microsoft
declined to comment on the situation but stated the government was
informed during authorization. - Senator
Cotton wants details on escort training and a list of contractors
employing Chinese workers. - Experts
warn oversight is weak, with many escorts lacking expertise and authority.
- Escorts
are paid low wages (about $18/hour), which may affect supervision quality.
Following a story in the investigative journalism magazine
ProPublica earlier this week, Senator Tom Cotton, a Republican from Arkansas
and the chair of the chamber’s intelligence and armed services committees,
wrote the letter to Defense Secretary Pete Hegseth. Under the supervision of
U.S. “digital escorts” employed through subcontractors who possess
security clearances but frequently lack the technical expertise to determine
whether the work of the Chinese engineers posed a cybersecurity threat, the
report described Microsoft’s use of Chinese engineers to work on U.S. military
computing systems.
Microsoft refused to comment when contacted by Reuters
regarding Cotton’s letter and the ProPublica report.
The corporation, a significant U.S. government contractor
whose systems have been compromised
by Russian and Chinese hackers, told ProPublica that it alerted the U.S.
government about its activities during an authorization procedure.
A request for comment was not immediately answered by the
Defense Department.
Cotton requested more details on how U.S. “Digital
escorts” are taught to identify suspicious activities and a list of all
contractors that employ Chinese workers from the U.S. military.
“The U.S. government recognizes that China’s cyber
capabilities pose one of the most aggressive and dangerous threats to the
United States, as evidenced by infiltration of our critical infrastructure,
telecommunications networks, and supply chains,”
Cotton wrote in the
letter. The U.S. military
“must guard against all potential threats
within its supply chain, including those from subcontractors.”
How effective are U.S. “digital escorts” in
supervising foreign engineers?
Many digital escorts lack the deep technical skills required
to properly evaluate or challenge the advanced work done by Chinese engineers.
Some escorts are former military personnel with minimal coding experience,
hired primarily for their security clearances rather than software expertise.
Escorts often “trust” that the foreign engineers’ commands
are not malicious but acknowledge they have limited ability to verify this.
They typically input engineers’ commands directly into DoD systems without
fully understanding or vetting the technical details, raising risks of
unnoticed malicious actions.
Escorts earn relatively low wages (around $18 per hour) and
may not have the strongest incentives or authority to rigorously police
security, further weakening supervision.
