Pentagon Investigates Microsoft’s Employment of Chinese Coders

The U.S. Department of Defense (DoD) has launched a review of Microsoft’s employment of Chinese nationals to assist in coding for military cloud infrastructure. This scrutiny arises following revelations that inexperienced U.S. personnel were allegedly used to supervise these foreign coders.

Related Reading: Cloud Security in Healthcare: Transitioning from Reactive to Proactive Strategies

Defense Secretary Pete Hegseth confirmed that the Pentagon discovered the foreign coder initiative in July, prompting actions to dismantle the nearly ten-year program. This initiative involved utilizing a global workforce, including personnel based in China, while U.S.-based “digital escorts” were responsible for reviewing their work.

A July exposé by ProPublica highlighted concerns regarding the qualifications of some digital escorts, revealing that a number had little coding experience and that DoD officials were unaware of this oversight.

Secretary Hegseth deemed the program “obviously unacceptable—especially within today’s digital threat landscape.” He instructed departmental leaders to ensure its immediate cessation. This review follows Microsoft’s July statement asserting modifications to their operations to ensure that no teams based in China were providing technical support for DoD cloud services.

There remains uncertainty about whether outsourcing to China may have risked sensitive U.S. data or allowed unauthorized access to military systems. While the escort program was designed for handling information categorized below classified levels, there are indications that Chinese coders could access systems deemed “high impact” under the Federal Risk and Authorization Management Program (FedRAMP). Compromises or failures in such systems are anticipated to have “severe or catastrophic adverse effects” on operations and personnel.

Hegseth stated unequivocally that the practice of utilizing Chinese nationals for servicing DoD cloud environments has ceased. The Pentagon has issued a formal letter to Microsoft, demanding a third-party audit of its digital escorts program due to an alleged “breach of trust” associated with hiring Chinese engineers for U.S. military tasks. As of now, Microsoft has not provided a response to inquiries for comment.

Senator Tom Cotton, R-Ark., who chairs the Senate Select Committee on Intelligence, urged Secretary Hegseth via a July letter to furnish Congress with additional details regarding DoD contractors employing Chinese staff for system maintenance and other services. Cotton stressed the need for the department to safeguard itself against any potential threats originating from its supply chain, including subcontractors.

China has consistently been identified as a significant aggressor in cyberspace, with state-sponsored hackers recently breaching the U.S. sanctions office within the Treasury Department and infiltrating crucial telecom networks. Experts have noted that the U.S. has achieved minimal progress in enhancing its cyber defenses since incidents like the Salt Typhoon hacks.