Unqualified Microsoft supervisors allegedly overseeing DOD technology support, claims a recent report
In a recent report published by ProPublica, it has been revealed that Microsoft employs a system known as "digital escorts" to supervise Chinese engineers who maintain critical U.S. Department of Defense (DoD) cloud systems. This arrangement, which is widely considered a significant security risk, has raised urgent concerns about potential cyber espionage, sabotage, and severe compromise of U.S. defense data integrity.
The digital escort program involves U.S. personnel with security clearances supervising foreign engineers to comply with DoD rules requiring access only by cleared U.S. persons. However, many escorts lack the advanced technical skills needed to properly evaluate, understand, or detect malicious activity in the engineers' work. Some escorts, often former military, are hired primarily for clearance status rather than technical qualifications.
The use of these unqualified supervisors has been criticised as a vulnerability that could be exploited by the Chinese engineers to introduce backdoors, exfiltrate sensitive information, or sabotage systems. The escorts' inability to effectively monitor code or changes leaves the Pentagon's systems exposed to adversaries.
The practice undermines DoD security protocols intended to protect critical government data from foreign adversaries, especially given China's status as a leading cyber adversary of the U.S. It raises urgent concerns about safeguarding data involving protection of lives, financial information, and operational secrets.
National security experts and legislators demand thorough government investigation into Microsoft's practices, seeking stricter controls and transparency. Microsoft claims compliance with U.S. government requirements, but critics highlight the insufficient safeguards currently in place.
The Defense Information Systems Agency explains that escorts under supervision do not have direct, hands-on access to government systems, but rather offer guidance and recommendations to authorized administrators who perform tasks. A Microsoft spokesperson also states that only authorized US persons with the appropriate clearances and training have direct access to customer systems and their data.
The supervisors are mainly responsible for ensuring employees do not accidentally or intentionally view sensitive information like passwords, customer data, or personally identifiable information. They also receive specific training on protecting sensitive data, preventing harm, and using commands/controls within the environment.
However, the supervisors hired by Microsoft may not have the skills to effectively protect against threats. An anonymous supervisor expressed concerns about the "escort system" potentially presenting opportunities for hacking in a country recognised as a cyber threat by the U.S.
The DOD did not return TNND's request for comment, but the DOD office reportedly told ProPublica that escorts are used in "select unclassified environments." The report was published on Tuesday.
In light of these concerns, it is crucial that the U.S. government takes immediate action to address this security risk and ensure the protection of sensitive data in the hands of Microsoft and its contractors.
Technology and finance intersect due to the sensitivity of the data involved, as national security experts demand a thorough investigation into Microsoft's practices concerning the supervision of foreign engineers working on critical U.S. Defense Department cloud systems. The lack of proper technical qualifications among the supervisors, termed "digital escorts," could create vulnerabilities that facilitate cyber espionage, data breaches, and undermine general-news-related matters such as the protection of financial information and operational secrets.
