Microsoft said it would change its technical support practices after a report detailed how it used China-based engineers to service US military accounts.
The report by investigative journalism group ProPublica caused US senator Tom Cotton to ask questions about Microsoft’s practices and defense secretary Pete Hegseth said the Pentagon was looking into the matter.
ProPublica’s report detailed how Microsoft used engineers based in China to work on US military computer systems under the supervision of US “digital escorts” hired through subcontractors.
‘Digital escorts’
These “escorts” have security clearances but often lack the technical skills to determine whether the Chinese engineers’ work could pose a security threat, the report said.
Microsoft, a major US military contractor, told ProPublica it disclosed its practices to the US government during an authorisation process.
The company said in a Friday social media post that it was changing how it supports US government customers in response to “concerns raised earlier this week”.
It said it would ensure that “no China-based engineering teams are providing technical assistance” to Pentagon computer systems.
Earlier on Friday, senator Tom Cotton, who chairs the Senate’s intelligence committee and serves on its armed services committee, sent a letter to Hegseth questioning Microsoft’s practices.
He asked Hegseth for a list of US military contractors that use Chinese personnel and for more information on how US “digital escorts” are trained to detect suspicious activity.
Cyber-infiltration
He said Chinese cyber-espionage groups had infiltrated “our critical infrastructure, telecommunications networks and supply chains” and urged the military to “guard against all potential threats within its supply chain, including those from subcontractors”.
Hegseth said in a social media post that Cotton’s points were “spot on” and that the Defence Department is looking into the matter.
“Foreign engineers – from any country, including of course China – should NEVER be allowed to maintain or access (Defence Department) systems,” Hegseth wrote.
Singapore’s national security minister said on Friday that the country is dealing with ongoing attacks from a Chinese state-backed attack group that is targeting critical infrastructure.