The US Department of Defense has taken on the task of cleaning up another mess left behind by the Obama-Biden era. To quote Sec Def Pete Hegseth, “The use of Chinese nationals to service Department of Defense cloud environments? It’s over.”
Chinese nationals, employed by Microsoft, were providing support for work on US DOD cloud software through something called digital escorts. These were US citizens or permanent residents “who had security clearances that authorized them to access sensitive information, to take direction from the overseas experts.“
The engineers might briefly describe the job to be completed — for instance, updating a firewall, installing an update to fix a bug or reviewing logs to troubleshoot a problem. Then the escort copies and pastes the engineer’s commands into the federal cloud.
The problem, ProPublica found, is that digital escorts don’t necessarily have the advanced technical expertise needed to spot problems.
How this was even allowed is just crazy.
Because the U.S.-based escorts are taking direction from foreign engineers, including those based in China, the nation’s greatest cyber adversary, it is possible that an escort could unwittingly insert malicious code into the Defense Department’s computer systems.
A former Microsoft engineer who worked on the system acknowledged this possibility. “If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious, then [escorts] would have no idea,” the engineer, Matthew Erickson, told ProPublica.
Secretary of Defense Pete Hegseth says that now they know they are taking steps.
Hegseth said DOD has issued a formal letter of concern to Microsoft, documenting a breach of trust, and that DOD is requiring a third-party audit of the digital escorts program to pore over the code and submissions made by Chinese nationals.
The audit will be free of charge to U.S. taxpayers, he said.
The secretary also said he’s tasking DOD experts with a separate investigation to determine whether any digital escort employees have negatively impacted the coding of DOD cloud systems, and that all Defense Department software vendors must now identify and terminate any Chinese involvement with DOD cloud systems.
In the meantime, whatever code is in these systems remains until it is determined, if at all, whether it poses a threat to national security.
It seems evident that further investigations are warranted. Whose bright idea was this, why wasn’t there adequate oversight, who signed off on it, and the rest of it. But we’re wandering into investigative fatigue. There is so much wrong that needs to be righted, much like war weariness, how many select committees on this or that can we empanel, empower, and pursue? The correct answer is as many as are required until we’ve cleaned house.
That’s only going to happen if the Trump Administration has the support of Congress, which means Republican majorities for the foreseeable future. Is there enough bad Demcorat behavior to ensure we can convince voters to let them do the work?
Here’s Hegseth’s public announcement on the digital escort issue.
