The Pentagon issued a “letter of concern” to Microsoft documenting a “breach of belief” over the corporate’s use of China-based engineers to keep up delicate authorities laptop methods, Protection Secretary Pete Hegseth introduced this week. On the similar time, the Protection Division is opening an investigation into whether or not any of these staff have compromised nationwide safety.
The actions got here in response to a recent ProPublica investigation that uncovered Microsoft’s “digital escort” system, by which U.S. personnel with safety clearances supervise overseas engineers, together with these in China. ProPublica discovered that the escorts usually lack the experience wanted to successfully supervise engineers with much more superior technical expertise.
The tech large developed the association as a work-around to a Protection Division requirement that folks dealing with delicate knowledge be U.S. residents or everlasting residents.
“This system was designed to adjust to contracting guidelines, but it surely uncovered the division to unacceptable danger,” Hegseth said in a video announcement posted on X. “In the event you’re considering America first and customary sense, this doesn’t go both of these exams.”
The letter serves as a warning to Microsoft, which has mentioned in earnings reports that it receives “substantial income from authorities contracts.” It’s much less severe than a “remedy discover,” which may result in termination of Microsoft contracts if issues will not be fastened. The division didn’t launch the letter publicly, and it didn’t reply to ProPublica’s request for a duplicate of it.
Consultants have mentioned permitting China-based personnel to carry out technical assist and upkeep on U.S. authorities laptop methods poses main safety dangers. Legal guidelines in China grant the nation’s officers broad authority to gather knowledge, and specialists say it’s tough for any Chinese language citizen or firm to meaningfully resist a direct request from safety forces or regulation enforcement.
Hegseth mentioned the newly opened Pentagon investigation into the digital escort program would concentrate on Microsoft’s China-based staff. The probe will “assist us decide the influence of this digital escort workaround,” he mentioned, together with whether or not “they put something within the code that we didn’t learn about.”
Hegseth mentioned in his video announcement that the division can also be requiring a brand new third-party audit of Microsoft’s digital escort program. It’s unclear who will conduct that audit.
Microsoft began utilizing digital escorts a couple of decade in the past, ProPublica discovered, and went on to win federal cloud computing enterprise price billions of {dollars}. Via the Obama, Trump and Biden administrations, the system escaped the discover of Pentagon officers. ProPublica reported final week that Microsoft failed to disclose key details of the arrangement in the security plans it submitted to the Protection Division. The corporate has declined to touch upon these omissions.
“We count on distributors doing enterprise with the Division of Protection to place U.S. nationwide safety forward of revenue maximization,” Hegseth mentioned within the video.
Within the wake of ProPublica’s reporting, Microsoft introduced final month that it had stopped utilizing China-based engineers to assist Protection Division cloud computing methods. In a press release supplied for this story, the corporate mentioned that it “will proceed to collaborate with the US Authorities to make sure we’re assembly their expectations.”
“We stay dedicated to offering probably the most safe providers attainable to the US authorities, together with working with our nationwide safety companions to guage and alter our safety protocols as wanted,” the corporate mentioned within the assertion.
Along with China, Microsoft has operations in India, the European Union and elsewhere throughout the globe, and engineers in these locations additionally work on Protection Division cloud upkeep.
Final month, Hegseth said on X that “overseas engineers — from any nation, together with after all China — ought to NEVER be allowed to keep up or entry DoD methods.” However final week, in response to ProPublica’s questions, the Protection Division left the door open to the continued use of foreign-based engineers with digital escorts, saying that it “could also be deemed a suitable danger,” relying on components that embrace “the nation of origin of the overseas nationwide” being escorted.
In his announcement, Hegseth didn’t point out whether or not the escort program would proceed or say whether or not Microsoft’s reliance on different overseas nationals to keep up the Protection Division’s laptop methods would even be reviewed. The division didn’t reply to questions from ProPublica looking for extra details about the brand new investigations.
ProPublica reported last month that Microsoft has additionally relied on its China-based staff to keep up federal cloud computing methods past the Protection Division, together with these of the departments of Justice, Treasury and Commerce. In response to the reporting, Microsoft has instructed that it might additionally discontinue the usage of China-based engineers for these departments.
On this week’s announcement, Hegseth mentioned the Protection Division was working “with our companions in the remainder of the federal authorities to make sure that all U.S. networks are protected.”
