How an off-the-books Microsoft programme gave China a glimpse into Pentagon’s digital nerve centre
Although these escorts are cleaned for access to government systems, they often lack the expertise to determine whether the code they run is malicious.
Uz We believe that what you do is not malicious, but we really can’t say, ”he said anonymously talking to an anonymous to avoid professional results.
The meat did not confirm this information independently.
Sensitive military data in foreign hands
Escorts work with data labeled “impact level 4 and 5” – the information is considered extremely precise, but is not officially classified. According to the Pentagon guidelines, the reconciliation includes the content that directly supports military operations as well as other data, as well as “serious or disastrous negative impact on national security.
Despite the risk, Microsoft rely on foreign engineers, including Chinese -based ones to fulfill their support tasks for these systems. Under the digital escort framework, foreign engineers send instructions and US citizens enter the government systems. Many of these escorts are not for technical skills, but primarily for the former military personnel hired for security gaps. [escorts] He wouldn’t have any idea, Mat Matthew, a former Microsoft engineer working in the program, said.
MPs and Intelligence Veterans demand answers
The program has now received a sharp criticism from Capitol Hill. Senator Tom Cotton, who chaired the Senate Intelligence Committee, officially asked a full list of contractors using foreign personnel with information on how to train digital escorts.
John Sherman, former Chief Information Officer of the Ministry of Defense, admitted that journalists were unaware of the escort model until he contacted him.
Im I probably had to know that, Sherman Sherman said, said the situation to Propublica as a “comprehensive examination”. [the Defence Information Systems Agency]Cyber command and other stakeholders. “
According to the Propublica report, Harry Coke, the former senior manager of the CIA and the NSA, clearly explained the escort installation: “If I were an operator, I would look at it as a way for extremely valuable access. We must be very worried about this.”
A solution for US restrictions
The escort system is available only to meet federal rules that require only US citizens or permanent inhabitants to access sensitive defense data. Microsoft, which has major engineering operations in China, India and Europe, has established the escort model to navigate this restriction while the government scaled cloud business.
Digital escorts have been used since 2016, when Microsoft launched the program to deal with Pentagon cloud contracts. According to those familiar with their development, early concerns increased. An old Microsoft Cyber Security Strategist said that the approach was very risky, saying they were against this idea.
Recruitment was partially made by Lockheed Martin. At that time, a project manager told Microsoft that they told Microsoft that they would “have the right eyes” for the work because of low wages and lack of special experience.
Microsoft defends the system
Microsoft insists that the escort model meets government standards. “For some technical demands, Microsoft deals with our team of global issues to provide support through US government needs and processes to provide support through authorized US personnel for some technical demands.”
“All personnel and contractors with privileged access must exceed federally approved background controls,” he said. “Global support personnel do not have direct access to customer data or customer systems.”
Microsoft also claims to use multiple security layers, including approval workflows and automatic code reviews to prevent threats. “This production system support model was approved by the US government and regularly inspected,” the company said.
Insight Global, a contractor that provides digital escort to Microsoft, said that he scanned the candidates to ensure that they have technical features and provided additional training.
Cutting the connection between Microsoft and the Ministry of Defense
Despite Microsoft’s allegations, the US government said they were unaware of several authorized escort systems within the government. When he contacted the Propublica Defense Information Systems Agency (DISA), he had not even heard the Public Information Office.
Later, he confirmed that escorts were used in olmadan un -classified environments ve and emphasized that the experts under escort do not have directly, practical access to government systems ”, and instead of“ guidance and suggestions ”.
Former Microsoft Executive Preteep Nair, who said that the escort framework helps to design, argued that the traces of control and other controls kept the system safe. “Remove risk is minimal because these controls are solid.”
Wider concerns about Chinese cyber access
Critics point to wider issues beyond Microsoft’s processes. The Chinese law gives authorities the powers of forcing companies and individuals to cooperate with state data collection.
Jere, a senior research assistant in Yale Law Faculty, said, “It would be difficult for any Chinese citizen or company to resist a direct request from the security forces or law enforcement officers,” Jeremy Daum said.
Michael Sobolik, a senior man at the Hudson Institute, said, “This is like asking him to protect Henhouse from his fox and to arm the chickens with rods if the fox is crazy.”
Michael Lucci, State Armor Action CEO, said, “If the report of Propublica is correct, Microsoft has created a national shame that endangered our soldiers, sailors, aviators and sailors. Presidents should go to jail and make comprehensive investigations to reveal the full scope of the potential compromise.”
“Any seller who provides access to the secrets of Pentagon to Microsoft or China matches on betrayal behaviors and should be handled in this way.”
Past violations and unanswered questions
The digital escort model was not directly linked to any violation. However, in 2023, Chinese computer pirates entered Microsoft’s cloud servers and stole thousands of senior US authorities, including the trade secretary and the US ambassador.
Currently, a government investigation by the Band Cyber Security Investigation Board blamed Microsoft’s security failures, but did not mention the escort system.
Nevertheless, critics say that the bigger problem is confidence. “These [ProPublica] The allegations are reliable, and the federal government should never trust Microsoft again to protect the data that keeps our men and women safe in uniform, Lu Lucci said.
Propublica has reached other large cloud providers to ask if they use similar escort models. Amazon avoided commenting web services and Google Cloud. Oracle didn’t answer.
This silence has raised more questions about how foreign technology expertise is used in sensitive government studies.
As the investigation intensifies, something is clear: what begins as a temporary solution is now at the center of a growing national security debate.
(With toI inputs)
