Pentagon Bans Tech Vendors From Using China-Based Personnel After ProPublica Investigation
Written by admin on September 20, 2025
Credit:
Photo illustration by Andrea Wise/ProPublica. Source images: Getty Images.
Pentagon Bans Tech Vendors From Using China-Based Personnel After ProPublica Investigation
The Defense Department has tightened cybersecurity requirements for its cloud services providers. The changes come after ProPublica revealed how Microsoft’s use of China-based engineers left sensitive government data vulnerable to hacking.
ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as they’re published.
What Happened
The Defense Department has tightened cybersecurity requirements for tech companies that sell cloud computing services to the Pentagon.
The updates, issued this month, ban IT vendors from using China-based personnel to work on department computer systems and require companies to maintain a digital paper trail of maintenance performed by their foreign engineers.
Background
The changes follow a ProPublica investigation that exposed how Microsoft used China-based engineers to maintain government computer systems for nearly a decade — a practice that left some of the country’s most sensitive data vulnerable to hacking from its leading cyber adversary.
U.S.-based supervisors, known as “digital escorts,” were supposed to serve as a check on these foreign employees, but we found they often lacked the expertise needed to effectively supervise engineers with far more advanced technical skills.
What They Said
The Defense Department now says in its “Security Requirements Guide” that only “personnel from non-adversarial countries” may work on its cloud systems and that the escorts supervising those foreign workers “must be technically qualified in the code/system or technology they are providing access to.”
In addition, cloud providers must maintain detailed audit logs, a digital trail of actions in computer systems. The logs “must include identification of the escort and escorted,” including country of origin, as well as details of commands executed and settings changed.
Why It Matters
Until our reporting, top Pentagon officials said they had been unaware of Microsoft’s digital escort system, which the company developed as a work-around to a Defense Department requirement that people handling sensitive data be U.S. citizens or permanent residents.
Cybersecurity and intelligence experts have told ProPublica that the arrangement poses major risks to national security, given that laws in China grant the country’s officials broad authority to collect data. Leading members of Congress, in turn, have called on the Defense Department to strengthen its security requirements while blasting Microsoft for what some Republicans called “a national betrayal.”
The Pentagon is now conducting an investigation into the digital escort program, with a focus on Microsoft’s China-based engineers.
Response
Following ProPublica’s reporting, Microsoft announced in July that it would stop using China-based engineers to service Defense Department cloud systems. In a statement for this article, a spokesperson said the company was committed to implementing the department’s new requirements.
“Our commitment to national security is foundational, and we remain focused on providing the most secure services possible to the US government,” the spokesperson said. “We recently implemented changes to our Department support model, and will continue to work with our national security partners to evaluate and adjust our security protocols in light of the new directives.”
Doris Burke contributed research.
What We’re Watching
During Donald Trump’s second presidency, ProPublica will focus on the areas most in need of scrutiny. Here are some of the issues our reporters will be watching — and how to get in touch with them securely.
Inside the Memphis Chamber of Commerce’s Push for Elon Musk’s xAI Data Center
In the face of intense public opposition, the city’s Chamber of Commerce has gone to unusual lengths to promote Musk’s xAI facility: sending out a mailer, for the first time in recent memory, that includes misleading facts.
by Wendi C. Thomas, MLK50: Justice Through Journalism,
Local Reporting Network
Microsoft Failed to Disclose Key Details About Use of China-Based Engineers in U.S. Defense Work, Record Shows
The tech giant is required to regularly provide U.S. officials with its plan for keeping government data safe from hacking. Yet a copy of Microsoft’s security plan obtained by ProPublica makes no reference to the company’s China-based operations.
by Renee Dudley, with research by Doris Burke,
Microsoft Used China-Based Engineers to Support Product Recently Hacked by China
Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in its popular SharePoint software but didn’t mention that it has long used China-based engineers to maintain the product.
by Renee Dudley,
Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data
Microsoft says it will no longer use China-based engineers to support the Pentagon. But ProPublica found that the tech giant has relied on its global workforce for years to support other federal clients, including the Justice Department.
by Renee Dudley, with research by Doris Burke,
Microsoft’s “Digital Escort” Program Could Leave Sensitive Government Info Vulnerable to Espionage. Here’s What to Know.
A ProPublica investigation found that a Microsoft program could expose Pentagon computers to cyberattacks from China, the nation’s greatest cyber adversary. Here are the biggest takeaways from our reporting.
by ProPublica,
A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
The Pentagon bans foreign citizens from accessing highly sensitive data, but Microsoft bypasses this by using engineers in China and elsewhere to remotely instruct American “escorts” who may lack expertise to identify malicious code.
by Renee Dudley, with research by Doris Burke,
Most Read
How 3M Execs Convinced a Scientist the Forever Chemicals She Found in Human Blood Were Safe
Decades ago, Kris Hansen showed 3M that its PFAS chemicals were in people’s bodies. Her bosses halted her work.
by Sharon Lerner, photography by Haruka Sakaguchi, special to ProPublica,
Amid Rise of RFK Jr., Officials Waver on Drinking Water Fluoridation — Even in the State Where It Started
As federal agencies review their guidance on fluoridation and the nation’s top health official calls fluoride “industrial waste,” state and local governments are pulling back on the practice, upending a decadeslong public health success story.
by Anna Clark,
“Unacceptable”: Prominent U.S. Senators Demand FDA Provide Names of Troubled Foreign Drugmakers Skirting Import Bans
Citing a recent ProPublica investigation, Rick Scott, R-Fla., and Kirsten Gillibrand, D-N.Y., said they had “urgent concerns” about the agency’s oversight of foreign drugmakers and whether medications coming into the U.S. are safe.
by Debbie Cenziper and Megan Rose, ProPublica, and Katherine Dailey, Medill Investigative Lab,
The Militia and the Mole
Outraged by the Jan. 6 Capitol riot, a wilderness survival trainer spent years undercover climbing the ranks of right-wing militias.
He didn’t tell police or the FBI. He didn’t tell family or friends. The one person he told was a ProPublica reporter.
by Joshua Kaplan,
A Florida Home Insurer Was Allowed to Bypass the Courts During Claim Disputes. It Won More Than 90% of the Time.
State legislators and executives at Citizens Property Insurance touted mandatory arbitration as advantageous for both consumers and insurers. In practice, homeowners were left with few avenues for recourse when their claims were denied.
by Mario Ariza,
