President Donald Trump signed into legislation this month a measure that prohibits anybody based mostly in China and different adversarial nations from accessing the Pentagon’s cloud computing techniques.
The ban, which is tucked contained in the $900 billion protection coverage legislation, was enacted in response to a ProPublica investigation this yr that uncovered how Microsoft used China-based engineers to service the Protection Division’s laptop techniques for almost a decade — a follow that left a few of the nation’s most delicate information susceptible to hacking from its main cyber adversary.
U.S.-based supervisors, referred to as “digital escorts,” had been speculated to function a test on these international staff, however we discovered they usually lacked the experience wanted to successfully supervise engineers with way more superior technical expertise.
Within the wake of the reporting, main members of Congress known as on the Protection Division to strengthen its safety necessities whereas blasting Microsoft for what some Republicans known as “a nationwide betrayal.” Cybersecurity and intelligence specialists have instructed ProPublica that the association posed main dangers to nationwide safety, provided that legal guidelines in China grant the nation’s officers broad authority to gather information.
Microsoft pledged in July to cease utilizing China-based engineers to service Pentagon cloud techniques after Protection Secretary Pete Hegseth publicly condemned the follow. “International engineers — from any nation, together with in fact China — ought to NEVER be allowed to take care of or entry DoD techniques,” Hegseth wrote on X.
In September, the Pentagon up to date its cybersecurity necessities for tech contractors, banning IT distributors from utilizing China-based personnel to work on Protection Division laptop techniques. The brand new legislation successfully codifies that change, requiring Hegseth to ban people from China, Russia, Iran and North Korea from having direct or oblique entry to Protection Division cloud computing techniques.
Microsoft declined to touch upon the brand new legislation. Following the sooner adjustments, a spokesperson stated the corporate would “work with our nationwide safety companions to guage and alter our safety protocols in mild of the brand new directives.”
Rep. Elise Stefanik, a Republican who serves on the Home Armed Service Committee, celebrated the event, saying it “closes contractor loopholes … following the invention that firms like Microsoft exploited” them. Sen. Tom Cotton, the GOP chair of the Senate Choose Committee on Intelligence who has been crucial of the tech large, additionally heralded the laws, saying it “consists of much-needed efforts to guard our nation’s crucial infrastructure, which is threatened by Communist China and different international adversaries.”
The laws additionally bolsters congressional oversight of the Pentagon’s cybersecurity practices, mandating that the secretary transient the congressional protection committees on the adjustments no later than June 1, 2026. After that, such briefings will happen yearly for the subsequent three years, together with updates on the “effectiveness of controls, safety incidents, and proposals for legislative or administrative motion.”
As ProPublica reported, Microsoft initially developed the digital escort program as a work-around to a Protection Division requirement that folks dealing with delicate information be U.S. residents or everlasting residents.
The corporate has maintained that it disclosed this system to the Pentagon and that escorts had been offered “particular coaching on defending delicate information” and stopping hurt. However high Pentagon officers have stated they had been unaware of Microsoft’s program till ProPublica’s reporting.
A replica of the safety plan that the corporate submitted to the Protection Division in 2025 confirmed Microsoft ignored key particulars of the escort program, making no reference to its China-based operations or international engineers in any respect.
This summer time, Hegseth introduced that the division had opened an investigation into whether or not any of Microsoft’s China-based engineers had compromised nationwide safety. He additionally ordered a brand new third-party audit of the corporate’s digital-escort program. The Pentagon didn’t reply to a request for touch upon the standing of these inquiries.
