Microsoft Ends China-Based Teams for Pentagon Support
▼ Summary
– Microsoft stopped using China-based teams for Defense Department cloud systems after cybersecurity concerns were raised about potential hacking and espionage risks.
– ProPublica found Microsoft also used China-based personnel to maintain cloud systems for other federal agencies, including Justice, Treasury, and Commerce.
– These systems operate in the Government Community Cloud (GCC), handling sensitive but unclassified data approved for “moderate” impact information.
– Microsoft stated foreign engineers in GCC were supervised by US-based “digital escorts,” similar to its Defense Department oversight.
– Cybersecurity experts warn foreign involvement in GCC poses spying and sabotage risks, as even unclassified data can harm US interests when analyzed with AI.
Microsoft has discontinued using engineering teams based in China to support Pentagon cloud systems following concerns raised by cybersecurity experts about potential vulnerabilities. The decision came after an investigation revealed that this practice could expose sensitive government data to security risks, including hacking and espionage.
However, the Pentagon isn’t the only federal agency affected. For years, Microsoft has relied on its global workforce, including employees in China, to manage cloud infrastructure for multiple U.S. government departments. Agencies such as Justice, Treasury, and Commerce have all utilized these services through the Government Community Cloud (GCC), a platform designed for handling sensitive but unclassified data.
The GCC operates under strict guidelines set by the Federal Risk and Authorization Management Program (FedRAMP), which certifies cloud systems for handling moderate-impact information. A breach in this environment could still have serious consequences, potentially disrupting agency operations or compromising critical assets. Departments like Justice’s Antitrust Division, the Environmental Protection Agency, and the Department of Education have all relied on GCC for essential functions, including investigations and litigation support.
Microsoft maintains that foreign engineers working on GCC projects are supervised by U.S.-based “digital escorts,” mirroring the oversight previously used for Pentagon systems. Despite these safeguards, cybersecurity professionals warn that the arrangement creates unnecessary risks. Rex Booth, a former federal cybersecurity official and current CISO at SailPoint, emphasized that even unclassified data can become dangerous in the wrong hands.
“Cloud storage and AI-driven analysis mean seemingly harmless information can be pieced together to reveal strategic insights,” Booth explained. “Foreign access to these systems, regardless of oversight, presents a clear opportunity for exploitation.” The debate highlights growing concerns about how global tech workforces intersect with national security, especially as cloud computing becomes increasingly central to government operations.
(Source: Ars Technica)
