Security Update News
Update Information
| Title | Another Supply Chain Vulnerability |
|---|---|
| Update ID | SCHNEIER:09A7C26EF18755366C5BFA2D2CDEAA8A |
| Type | schneier |
| Published | 2025-07-21T11:04:59 |
| Last Updated | 2025-07-19T20:07:08 |
Security Impact
| Severity | NONE |
|---|
AI Analysis
| AI Description | Microsoft outsourced maintenance of Defense Department systems to engineers in China with minimal US supervision, potentially exposing sensitive data to hacking risks. |
|---|---|
| AI Severity | High |
| AI Vendor | Microsoft Corporation |
| AI Product | Microsoft’s Defense Department Systems |
| AI Version | Not specified |
Update Details
> Microsoft is using engineers in China to help maintain the Defense Department’s computer systems–with minimal supervision by U.S. personnel–leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.
>
> The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
>
> But these workers, known as “digital escorts,” often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.
This sounds bad, but it’s the way the digital world works. Everything we do is international, deeply international. Making anything US-only is hard, and often infeasible.
EDITED TO ADD: Microsoft has stopped the practice.