Senator Tom Cotton is demanding answers from the Department of Defense on why computer engineers based in China are allowed access to computer systems containing information that is not classified and maintain those systems with only cursory oversight by U.S. citizens.
According to a blockbuster report in ProPublica, the maintenance of DOD non-classified computer systems is performed mainly by Chinese engineers based in Communist China. Microsoft uses so-called "digital escorts," which are U.S. citizens with security clearances, to allegedly monitor the work done by Chinese engineers; however, in reality, they may not be competent to prevent the insertion of spyware and malware into the system.
The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
But these workers, known as “digital escorts,” often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” said one current escort who agreed to speak on condition of anonymity, fearing professional repercussions.
This is how the system works.
When technical support is needed, an engineer in China files a ticket to take on the work. A U.S.-based "escort" with a security clearance, often a former military member with minimal coding experience being paid as little as $18 an hour, connects with the engineer via Microsoft Teams. The Chinese engineer sends commands, which the escort then inputs into Defense Department systems without necessarily understanding what those commands do.
The key criteria to becoming a "digital escort" is having a current Defense security clearance; coding knowledge is a plus but optional. A recent job listing for an "escort" position has "Programming/Scripting experience: C#, PowerShell" listed as a "nice to have" skill.
In July 2024, this atrocity was reported to the DOD Inspector General after an investigation of the penetration of email accounts belonging to "22 organizations and over 500 individuals around the world," and lifted in excess of 60,000 emails. The report specifically faulted Microsoft for its lack of security and for relying on client organizations to detect unauthorized access rather than taking action itself. There is no evidence that anyone at DOD took action based on the report. The fact that key members of Congress and senators had to learn about this through a press report is rather disturbing.
Today, a year after the report to Defense and nearly a decade after Microsoft took over DOD cloud services, there may be accountability.
In light of recent and concerning reports about Microsoft using engineers in China to maintain DoD systems, I’ve asked @SecDef to look into the matter.
— Tom Cotton (@SenTomCotton) July 18, 2025
We must guard against all threats within our military’s supply chain. pic.twitter.com/Q8KZk5itz1
The letter reads:
I write concerning a report that Microsoft is currently employing engineers in China to maintain Department of Defense (DoD) systems, potentially exposing our nation’s most sensitive data to a foreign adversary.
Chinese state-sponsored hacking campaigns have long targeted U.S. officials through Microsoft systems. Now Microsoft is allegedly relying on U.S. citizens serving as “digital escorts” to supervise these Chinese engineers’ activities on DoD systems. While this arrangement technically meets the requirement that U.S. citizens handle sensitive data, digital escorts often do not have the technical training or expertise needed to catch malicious code or suspicious behavior.
The U.S. government recognizes that China’s cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains. DoD must guard against all potential threats within its supply chain, including those from subcontractors.
I respectfully request the following information by July 31, 2025.
- A list of DoD contractors that hire Chinese personnel to provide maintenance or other services on DoD systems
- A list of subcontractors that hire digital escorts for Microsoft, or any other entity, and their interview and technical assessment process for candidates
- The training contractors or subcontractors provide to digital escorts on how to identify suspicious activity
- Any recommendations for closing existing loopholes in FedRAMP requirements
Thank you for your attention to this matter.
Secretary of Defense Pete Hegseth responded on X with this message:
Spot on Senator. Agree fully. Our team is already looking into this ASAP. Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems.
I'd go one further. Anyone involved in this system inside DOD should lose their job, and those who made the decision should spend some time in prison.
RedState is your leading source for news and views on administration, politics, culture, and conservatism. If you like our reporting and commentary, please become a member and support our efforts. Use promo code FIGHT to get 60% off your membership.
Join the conversation as a VIP Member