Microsoft said that it no longer allows its China-based engineers to work on U.S. Department of Defense computer systems after a ProPublica investigation revealed the practice. According to Tech Crunch, Redmond’s previous system relied on digital escorts — American employees with proper security clearances — to monitor the foreign engineers working on the systems. However, it’s been noted that some of these U.S. citizens weren’t knowledgeable enough to determine if the person they were monitoring was doing regular work or putting in a backdoor.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” one digital escort told ProPublica. Microsoft claims that it has disclosed this practice to the Federal government, but neither past nor present authorities were aware of the practice. Secretary of Defense Pete Hegseth responded on the news with a post on X (formerly Twitter), saying, “Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems.”
Because of the backlash against the company, Microsoft’s Chief Communications Officer, Frank X. Shaw, posted assurances on X that its China-based personnel no longer work on DoD projects.
“In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services,” says Shaw. “We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed.”
While there is currently no proof that Microsoft China personnel have engaged in espionage, having foreign personnel or contractors working on sensitive government computer systems is ripe for exploitation by intelligence agencies, both friendly and adversarial. And even though there are “digital escorts” that were supposedly looking over the shoulder of the non-cleared staff, the admission of one of the escorts is quite a troubling sign, as both Microsoft and the U.S. government might be unaware that malware, a trojan, or a vulnerability (etc) is being installed in their systems right under their noses.
After this move, the DoD needs to go through the systems that Microsoft’s staff abroad touched to ensure that none of their systems have been compromised. After all, all it takes is one weak link to break the strongest chain.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.