{"id":14482,"date":"2025-07-22T07:15:47","date_gmt":"2025-07-22T07:15:47","guid":{"rendered":"https:\/\/newestek.com\/?p=14482"},"modified":"2025-07-22T07:15:47","modified_gmt":"2025-07-22T07:15:47","slug":"microsoft-digital-escorts-reveal-crucial-us-counterintelligence-blind-spot","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14482","title":{"rendered":"Microsoft \u2018digital escorts\u2019 reveal crucial US counterintelligence blind spot"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>On July 15, 2025, ProPublica published a sweeping investigation revealing that Microsoft had, for nearly a decade, <a href=\"https:\/\/www.propublica.org\/article\/microsoft-digital-escorts-pentagon-defense-department-china-hackers\">allowed engineers based in China to remotely support sensitive Department of Defense (DoD) cloud systems<\/a>. The degree to which the arrangement was known within federal agencies that relied on a work-around known as the \u201cdigital escort\u201d program, in which US-based personnel with US national security clearances would input commands provided by foreign engineers into Pentagon-linked infrastructure remains in question.<\/p>\n<h2 class=\"wp-block-heading\" id=\"congress-questions-digital-escort-processes-microsoft-reverses-its-policies\">Congress questions digital escort processes \u2014 Microsoft reverses its policies<\/h2>\n<p>Senator Tom Cotton (R-AR) demanded an immediate reckoning. In <a href=\"https:\/\/www.cotton.senate.gov\/download\/250717-hegseth-letter?download=1\">a letter to the Pentagon<\/a>, Cotton called for a list of DoD contractors using Chinese personnel to provide maintenance or support to DoD systems. He questioned the training protocols for digital escorts on how to identify suspicious activity. Cotton also asked for a list of subcontractors that hire digital escorts for Microsoft (or any other entity) and their interview and technical assessment process. \u00a0<\/p>\n<p>Microsoft quickly issued a statement on social networking platform X (formerly Twitter) through Chief Communications Officer Frank X. Shaw, <a href=\"https:\/\/x.com\/fxshaw\/status\/1946299139068965008\">announcing a full policy reversal<\/a>: \u201cMicrosoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services.\u201d The <a href=\"https:\/\/www.propublica.org\/article\/defense-department-pentagon-microsoft-digital-escort-china\">company emphasized its commitment to secure services<\/a> and pledged to work with national security partners to evaluate and adjust its protocols.<\/p>\n<h2 class=\"wp-block-heading\" id=\"what-the-program-was-and-how-it-worked\">What the program was \u2014 and how it worked<\/h2>\n<p>The <a href=\"https:\/\/www.propublica.org\/article\/defense-department-pentagon-microsoft-digital-escort-china\">digital escort model, according to ProPublica<\/a>, was designed to comply with federal contracting rules that prohibit foreign nationals from directly accessing sensitive government systems. Under this framework:<\/p>\n<ul class=\"wp-block-list\">\n<li>China-based engineers would file support tickets for tasks such as firewall updates or bug fixes.<\/li>\n<li>US-based escorts \u2014 often former military personnel hired for their clearances \u2014 would copy and paste the engineers\u2019 commands into DoD cloud environments.<\/li>\n<li>These escorts frequently lacked the technical expertise to vet the code they were executing, creating a security blind spot.<\/li>\n<\/ul>\n<p>Microsoft maintained that global support personnel had <em>\u201c<\/em>no direct access to customer data or systems,\u201d and that escorts were trained to protect sensitive data. However, internal sources and former employees told ProPublica that the system was inherently risky and poorly understood, even by senior officials at the Defense Information Systems Agency (DISA).<\/p>\n<h2 class=\"wp-block-heading\" id=\"identified-risks-and-expert-warnings\">Identified risks and expert warnings<\/h2>\n<p>While I may not be the most technical in the cybersecurity world, it seems these risks were not theoretical. Experts cited multiple vulnerabilities:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Malicious code injection:<\/strong> Escorts could unknowingly execute scripts that compromised system integrity.<\/li>\n<li><strong>Espionage potential:<\/strong> Chinese engineers had visibility into system architecture and workflows, offering a vector for intelligence collection.<\/li>\n<li><strong>Compliance laundering:<\/strong> The escort model allowed Microsoft to technically meet federal requirements while sidestepping their intent.<\/li>\n<\/ul>\n<p>Harry Coker, former CIA and NSA executive, called the program a \u201cnatural opportunity for spies.\u201d Jeremy Daum of Yale Law School emphasized that Chinese law makes it difficult for citizens or companies to resist government data requests, \u201cThat\u2019s the risk baked into cross-border support.\u201d<\/p>\n<p>As a long-in-the-tooth former HUMINT officer myself, I\u2019ll say it plainly: If I had created a channel where trusted insiders piped code into systems of interest, I\u2019d have created an intelligence superhighway, one so efficient and self-sustaining, it would rival the infamous self-licking ice cream cone. Elegance is the cover: plausible cyber administrative or compliance tasks. \u00a0<\/p>\n<p>In Microsoft\u2019s defense and based on the broad lack of knowledge within the DoD, there doesn\u2019t seem to have been any guardrails to prevent this from occurring as former DoD CIO John Sherman during the Biden administration told ProPublica, \u201cI probably should have known about this.\u201d He opined that the system is a major security risk for the department and called for a \u201cthorough review by DISA, Cyber Command, and other stakeholders.\u201d<\/p>\n<p>DISA for its part apparently focused on the level of access afforded the foreign engineers and stepped right through the intent of the digital escort. DISA noted, \u201cExperts under escort supervision have no direct, hands-on access to government systems; but rather offer guidance and recommendations to authorized administrators who perform tasks.\u201d Which leaves one scratching one\u2019s head, if, as ProPublica presents, those same escorts lacked the technical chops to discern potential threats being provided to them to insert into the DoD systems.<\/p>\n<h2 class=\"wp-block-heading\" id=\"department-of-defense-responds\">Department of Defense responds<\/h2>\n<p>The wagons have circles and fingers are pointing. Defense Secretary Pete Hegseth condemned the practice, stating: \u201cForeign engineers, from any country, including of course China, should NEVER be allowed to maintain or access DoD systems.\u201d He ordered a two-week audit of all cloud contracts to identify similar vulnerabilities.<\/p>\n<p>While Microsoft is the focus, other cloud vendors \u2014 Amazon Web Services, Google Cloud, or Oracle \u2014\u00a0haven\u2019t said whether they use digital escorts and foreign engineers in support of sensitive government programs. <a href=\"https:\/\/www.propublica.org\/article\/defense-department-pentagon-microsoft-digital-escort-china\">ProPublica notes that these vendors either didn\u2019t answer or had no comment<\/a> on whether they use similar arrangements.<\/p>\n<p>As of July 21, 2025, this audit is under way, and its findings are pending. The results may reveal whether the digital escort-style systems exist elsewhere, and whether federal oversight has kept pace with the globalization of technical support.<\/p>\n<h2 class=\"wp-block-heading\" id=\"what-comes-next\">What comes next<\/h2>\n<p>It appears the DoD was relying on common sense by vendors, such as Microsoft, to maintain system integrity and security. While the digital escort may have technically met federal contracting criteria, the use of foreign engineers seemed to fly in the face of basic counterintelligence doctrine and intent, to prevent foreign access and potential espionage.<\/p>\n<p>As the Pentagon\u2019s audit unfolds, the question isn\u2019t just whether Microsoft crossed a line, it\u2019s whether the line itself was clearly drawn.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>On July 15, 2025, ProPublica published a sweeping investigation revealing that Microsoft had, for nearly a decade, allowed engineers based in China to remotely support sensitive Department of Defense (DoD) cloud systems. The degree to which the arrangement was known within federal agencies that relied on a work-around known as the \u201cdigital escort\u201d program, in which US-based personnel with US national security clearances would input&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=14482\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14482","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14482"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14482\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}