Experts are demanding that the government investigate Microsoft‘s alleged use of Chinese engineers to maintain the Pentagon‘s computer systems.
A ProPublica investigation revealed that the company is not only using Chinese engineers but also monitoring them with “digital escorts” who have security clearances but often lack the qualifications to fully understand what the engineers are doing.
Recommended Stories
- White House AI czar says US must outcompete China in technology innovation
- Trump reverses restrictions on Nvidia selling chips to China
- Federal court blocks 'click-to-cancel' rule. What does this mean for subscribers?
The practice has alarmed cybersecurity experts, who are worried the arrangement could lead to the engineers sneaking malicious code into the Defense Department’s systems.
“If ProPublica’s report turns out to be true, Microsoft has created a national embarrassment that endangers our soldiers, sailors, airmen, and marines. Heads should roll, those responsible should go to prison, and Congress should hold extensive investigations to uncover the full extent of potential compromise,” said Michael Lucci, CEO and founder of State Armor Action, a conservative group aiming to develop and enact state-level solutions to global security threats.
“Microsoft or any vendor providing China with access to Pentagon secrets verges on treasonous behavior and should be treated as such,” he added.
China is one of the United States’s top cybersecurity foes. In January, Chinese hackers breached the Committee on Foreign Investment in the U.S., which reviews foreign investments for national security risks.
The Office of the Director of National Intelligence called China the “most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.”
Michael Sobolik, a Hudson Institute foreign policy senior fellow, said the practice of using “digital escorts” is like asking a “fox to guard the henhouse.”
“This is like asking the fox to guard the henhouse and arming the chickens with sticks in case the fox gets mad,” Sobolik said. “It beggars belief.”
One escort admitted to ProPublica that they can’t “really tell” what the Chinese engineers are doing.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” the digital escort said.
Microsoft uses the escort system to handle government information that is below classified status but still sensitive and includes “data that involves the protection of life and financial ruin,” ProPublica reported.
Microsoft said the personnel and contractors act “consistent with US Government requirements and processes,” adding that the digital escorts are provided additional training “on protecting sensitive data, preventing harm, and using the specific commands/controls within the environment.”
The company also said it has a system called “Lockbox” to “make sure the request is deemed safe or has any cause for concern.”
The Defense Information Systems Agency told ProPublica that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists.” A spokesperson for the agency initially said that “no one seems to know anything” about the digital escorts.
John Sherman, chief information officer for the DOD during the Biden administration, said he “probably should have known” about the Microsoft findings.
He added that the situation warrants a “thorough review by DISA, Cyber Command, and other stakeholders that are involved in this.”
MICROSOFT APPLIED TO FILL THOUSANDS OF FOREIGN WORKER POSITIONS IN MONTHS BEFORE MASS LAYOFFS
Harry Coker, who was a senior executive at the CIA and the National Security Agency, said the cybersecurity vulnerability could give countries such as China “extremely valuable” access.
“If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,” he said.