On Friday, Microsoft made a significant announcement: it will cease allowing engineers based in China to provide technical support for the U.S. Department of Defense (DoD) cloud systems. This decision comes in response to rising concerns about foreign involvement in sensitive Pentagon operations.
Security Review Initiated by Investigative Findings
The change followed a revealing ProPublica report released earlier this week, which raised serious alarms regarding potential cybersecurity risks associated with the company’s overseas workforce. The report disclosed that Microsoft had previously depended on engineers in China to assist with Pentagon cloud systems, albeit with oversight from U.S.-based “digital escorts.”
While these escorts, who are contracted through third parties, possess security clearances, ProPublica reported that they lacked the technical expertise necessary to thoroughly understand or evaluate the work performed by the Chinese engineers, raising significant cybersecurity concerns for the United States.
This arrangement prompted grave concerns from U.S. lawmakers and defense officials. Pete Hegseth, U.S. Secretary of Defense, remarked in a video on X that this practice was “obviously unacceptable,” particularly given the current climate of increased cyber threats.
Hegseth criticized the system as outdated, labeling it “a legacy system created over a decade ago during the Obama administration.” He confirmed that the DoD would conduct a comprehensive internal review to identify any similar practices in its networks. Furthermore, the department has begun assessing other cloud service providers to ensure that comparable outsourcing practices are not being employed elsewhere.
The Defense Secretary also initiated a two-week review of all Pentagon cloud agreements to guarantee that “China will no longer have any involvement whatsoever in our cloud services, effective immediately.” He emphasized, “We will continue to monitor and counter all threats to our military infrastructure and online networks.”
Microsoft Takes Swift Action
In light of the concerns raised, Microsoft quickly updated its internal protocols to address these issues.
“In response to concerns raised earlier this week about U.S.-supervised foreign engineers, Microsoft has implemented changes to our support for U.S. Government customers to ensure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services,” stated Frank Shaw, Microsoft’s Chief Communications Officer, in a post on X.
Wider Implications for U.S. Cloud Security
Microsoft’s decision has a direct impact on its Azure cloud division, which competes with Amazon Web Services (AWS) and Google Cloud, and plays a crucial role in the U.S. government and defense infrastructure. In 2022, Microsoft secured a share of a $9 billion multi-vendor contract awarded by the Defense Department alongside Amazon, Google, and Oracle.
Prior to the ProPublica investigation, Microsoft had asserted that its engineers and contractors adhered to U.S. government regulations at all times, but it now recognizes that growing public concerns necessitate stricter security measures moving forward.
“We remain committed to delivering the most secure services possible to the U.S. government, including collaborating with our national security partners to assess and refine our security protocols as needed,” Shaw concluded.
