How an off-the-books Microsoft programme gave China a glimpse into Pentagon’s digital nerve centre

Microsoft has been quietly allowing engineers in China to provide support for US Defence Department cloud systems, according to a detailed investigation by ProPublica. For nearly ten years, this arrangement has involved American employees acting as “digital escorts” to input instructions from foreign tech workers into military networks.

These escorts, though cleared for access to government systems, often lack the expertise to detect whether the code they’re running could be malicious.

“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” one current escort told ProPublica, speaking anonymously to avoid professional consequences.

ET has not been able to independently verify this information.

Sensitive military data in foreign hands

The escorts work with data labelled “Impact Level 4 and 5” — information considered highly sensitive but not officially classified. It includes content directly supporting military operations, along with other data whose compromise, according to Pentagon guidelines, “could be expected to have a severe or catastrophic adverse effect” on national security.

Live Events

Despite the risk, Microsoft has relied on foreign engineers — including those based in China — to handle support tasks for these systems. Under the digital escort framework, foreign engineers submit instructions, and US citizens input them into the government systems. Many of these escorts are former military personnel hired primarily for their security clearances, not their technical skill.“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” said Matthew Erickson, a former Microsoft engineer who worked on the programme.

Lawmakers and intelligence veterans demand answers

The programme has now drawn sharp criticism from Capitol Hill. Senator Tom Cotton, who chairs the Senate Intelligence Committee, has formally asked Defence Secretary Pete Hegseth for a full list of contractors using foreign personnel, along with information on how digital escorts are trained.

John Sherman, the former Chief Information Officer for the Defence Department, admitted he was unaware of the escort model until reporters contacted him.

“I probably should have known about this,” Sherman told ProPublica, adding that the situation warrants “a thorough review by [the Defence Information Systems Agency], Cyber Command and other stakeholders.”

According to the ProPublica report, Harry Coker, former senior executive at the CIA and NSA, described the escort setup bluntly: “If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that.”

A workaround for US restrictions

The escort system exists to satisfy federal rules requiring only US citizens or permanent residents to access sensitive defence data. Microsoft, which has large engineering operations in China, India and Europe, set up the escort model to navigate this restriction while scaling up its government cloud business.

Digital escorts have been used since at least 2016, when Microsoft launched its programme for handling Pentagon cloud contracts. According to those familiar with its development, early concerns were raised. One former Microsoft cybersecurity strategist said they opposed the idea from the beginning, warning that the approach was too risky.

Recruitment was handled in part by Lockheed Martin. At the time, one project manager said they told Microsoft that the escorts being hired “would not have the right eyes” for the job due to low pay and lack of specialised experience.

Microsoft defends the system

Microsoft insists that the escort model meets government standards. A company spokesperson told Fox News Digital, “For some technical requests, Microsoft engages our team of global subject matter experts to provide support through authorised U.S. personnel, consistent with U.S. government requirements and processes.”

“All personnel and contractors with privileged access must pass federally approved background checks,” the spokesperson said. “Global support personnel have no direct access to customer data or customer systems.”

Microsoft also claims to use multiple layers of security, including approval workflows and automated code reviews, to prevent threats. “This production system support model is approved and regularly audited by the US government,” the company added.

Insight Global, a contractor that provides Microsoft with digital escorts, said it screens candidates to ensure they have the technical capabilities and provides additional training.

Disconnect between Microsoft and the defence department

Despite Microsoft’s claims, several officials within the US government said they were unaware of the escort system. When ProPublica contacted the Defence Information Systems Agency (DISA), even its public information office had not heard of the model.

Later, DISA confirmed the escorts are used “in select unclassified environments” and emphasised that experts under escort “have no direct, hands-on access to government systems,” but instead “offer guidance and recommendations.”

Former Microsoft executive Pradeep Nair, who said he helped design the escort framework, argued that audit trails and other controls keep the system secure. “Because these controls are stringent, residual risk is minimal,” he said.

Broader concerns about Chinese cyber access

Critics point to broader issues beyond Microsoft’s processes. Chinese law gives authorities sweeping powers to compel companies and individuals to cooperate with state data collection.

“It would be difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement,” said Jeremy Daum, a senior research fellow at Yale Law School.

Michael Sobolik, a senior fellow at the Hudson Institute, was blunt: “This is like asking the fox to guard the henhouse and arming the chickens with sticks in case the fox gets mad. It beggars belief.”

And Michael Lucci, CEO of State Armor Action, said, “If ProPublica’s report turns out to be true, Microsoft has created a national embarrassment that endangers our soldiers, sailors, airmen and marines. Heads should roll, those responsible should go to prison and Congress should hold extensive investigations to uncover the full extent of potential compromise.”

He added, “Microsoft or any vendor providing China with access to Pentagon secrets verges on treasonous behaviour and should be treated as such.”

Past breaches and unanswered questions

The digital escort model has not been directly linked to any breaches. But in 2023, Chinese hackers broke into Microsoft’s cloud servers and stole thousands of emails from senior US officials, including the commerce secretary and the US ambassador to China.

A government review by the now-disbanded Cyber Safety Review Board blamed Microsoft’s security failures, but made no mention of the escort system.

Still, critics say the bigger issue is trust. “If these [ProPublica] allegations are credible, the federal government should never again rely on Microsoft to protect the data that keeps our men and women in uniform safe,” said Lucci. “Our military cannot operate in security and secrecy if a vendor repeatedly and intentionally invites the enemy into the camp.”

ProPublica reached out to other major cloud providers to ask whether they use similar escort models. Amazon Web Services and Google Cloud declined to comment. Oracle did not respond.

That silence has raised further questions about industry-wide practices and transparency in how foreign tech expertise is used in sensitive government work.

As scrutiny intensifies, one thing is clear: what began as a workaround is now at the centre of a growing national security debate.

(With inputs from TOI)

_{Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.}