Key Points
- Senator Tom Cotton asked the Pentagon to explain Microsoft’s use of Chinese engineers on U.S. military cloud projects.
- Chinese
engineers worked under U.S. “digital escorts” with security clearances but
limited technical skills.
- Escorts
often entered technical commands from engineers into DoD systems without
fully vetting them.
- The
arrangement raises national security and oversight concerns.
- Microsoft
declined to comment on the situation but stated the government was
informed during authorization.
- Senator
Cotton wants details on escort training and a list of contractors
employing Chinese workers.
- Experts
warn oversight is weak, with many escorts lacking expertise and authority.
- Escorts
are paid low wages (about $18/hour), which may affect supervision quality.
Following a story in the investigative journalism magazine ProPublica earlier this week, Senator Tom Cotton, a Republican from Arkansas and the chair of the chamber's intelligence and armed services committees, wrote the letter to Defense Secretary Pete Hegseth. Under the supervision of U.S. "digital escorts" employed through subcontractors who possess security clearances but frequently lack the technical expertise to determine whether the work of the Chinese engineers posed a cybersecurity threat, the report described Microsoft's use of Chinese engineers to work on U.S. military computing systems.
Microsoft refused to comment when contacted by Reuters regarding Cotton's letter and the ProPublica report.
The corporation, a significant U.S. government contractor whose systems have been compromised by Russian and Chinese hackers, told ProPublica that it alerted the U.S. government about its activities during an authorization procedure.
A request for comment was not immediately answered by the Defense Department.
Cotton requested more details on how U.S. "Digital escorts" are taught to identify suspicious activities and a list of all contractors that employ Chinese workers from the U.S. military.
"The U.S. government recognizes that China's cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains,"
Cotton wrote in the letter. The U.S. military
"must guard against all potential threats within its supply chain, including those from subcontractors."
How effective are U.S. "digital escorts" in supervising foreign engineers?
Many digital escorts lack the deep technical skills required to properly evaluate or challenge the advanced work done by Chinese engineers. Some escorts are former military personnel with minimal coding experience, hired primarily for their security clearances rather than software expertise.
Escorts often “trust” that the foreign engineers’ commands are not malicious but acknowledge they have limited ability to verify this. They typically input engineers’ commands directly into DoD systems without fully understanding or vetting the technical details, raising risks of unnoticed malicious actions.
Escorts earn relatively low wages (around $18 per hour) and may not have the strongest incentives or authority to rigorously police security, further weakening supervision.