Microsoft bars China-based engineers from Pentagon support after US scrutiny

Microsoft said it will no longer allow engineers based in China to provide technical assistance for US military cloud computing systems, following a report that raised concerns over potential cybersecurity threats and prompted a high-level review by the Pentagon.

The move comes after investigative outlet ProPublica published a report detailing how Chinese engineers had been involved in supporting the Pentagon’s cloud infrastructure, under the supervision of American “digital escorts”. These escorts, employed via subcontractors and holding security clearances, were reportedly often not equipped with the technical expertise to detect cybersecurity risks posed by the Chinese engineers’ work.

Microsoft, a key contractor for the US government, has previously experienced high-profile breaches by Chinese and Russian hackers. It told ProPublica that it had disclosed its arrangements with China-based personnel during the government’s authorisation process.

Microsoft spokesperson Frank Shaw said on the social media platform X that the company had modified its procedures “in response to concerns raised earlier this week … to assure that no China-based engineering teams are providing technical assistance” for services supporting the Pentagon.

Review launched, senator raises alarm

Earlier on Friday, Senator Tom Cotton, a Republican from Arkansas and chair of the Senate intelligence committee, sent a letter to Defence Secretary Pete Hegseth demanding clarification on Microsoft’s reported practices. Cotton, who also serves on the armed services committee, requested a list of contractors using Chinese personnel and more detail on how digital escorts are trained to identify suspicious activities.

“The US government recognises that China’s cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains,” Cotton wrote. He added that the military “must guard against all potential threats within its supply chain, including those from subcontractors”.

In a video statement posted on X, Hegseth said he had ordered a two-week review to ensure that no China-based engineers were involved in other Department of Defence cloud contracts.

“I’m announcing that China will no longer have any involvement whatsoever in our cloud services, effective immediately,” Hegseth said. “We will continue to monitor and counter all threats to our military infrastructure and online networks.”