Microsoft's security plan omissions raise concerns over foreign influence and cybersecurity

By bellecarter // 2025-08-26

Copy

Microsoft's security plan, submitted to the DOD in February 2025, failed to disclose that it was relying on employees based in China to work on highly sensitive systems, despite stringent requirements mandating that such work be performed by U.S. citizens or permanent residents.
The security plan mentioned a system of "digital escorting," where screened U.S. personnel with security clearances supervised foreign engineers who maintained the DOD's cloud systems.
In response to ProPublica's reporting, the Pentagon launched an investigation into the practice of using foreign personnel by IT contractors, highlighting the need for greater transparency and oversight in government contracting.
Experts argue that Chinese laws grant the government broad authority to collect data, making it difficult for Chinese citizens or companies to resist direct requests from security forces or law enforcement. The Office of the Director of National Intelligence has identified China as the "most active and persistent cyber threat" to U.S. government, private-sector and critical infrastructure networks.
The reliance on third-party assessors, such as Kratos, to evaluate whether vendors meet government cloud security requirements has raised concerns about potential conflicts of interest.

In early 2025, Microsoft submitted a security plan to the Department of Defense (DOD) as part of its ongoing contract to provide cloud services to the U.S. government. However, according to a copy of the document obtained by ProPublica, the tech giant failed to disclose that it was relying on employees based in China to work on highly sensitive systems. This omission is particularly troubling given the stringent requirements for handling sensitive government data, which mandate that such work be performed by U.S. citizens or permanent residents. The security plan, dated Feb. 28, distinguishes between personnel who have undergone background screenings and those who have not. However, it does not specify that the unscreened personnel include non-U.S. citizens based in foreign countries. Instead, the document mentions a system of "escorted access," where screened operators provide access to non-screened personnel. This practice, known as "digital escorting," involves U.S. personnel with security clearances supervising foreign engineers who maintain the DOD's cloud systems. The use of foreign personnel by IT contractors has been a contentious issue for years. In the wake of ProPublica's reporting last month, the Pentagon launched an investigation into the practice. This incident has raised significant concerns about the potential security risks posed by allowing individuals from countries with known cyber espionage capabilities to access sensitive government systems. Experts argue that Chinese laws grant the government broad authority to collect data and it is difficult for Chinese citizens or companies to resist direct requests from security forces or law enforcement. The Office of the Director of National Intelligence has identified China as the "most active and persistent cyber threat to U.S. Government, private-sector and critical infrastructure networks." Microsoft has defended its practices, stating that the escorted sessions were "tightly monitored and supplemented by layers of security mitigations." However, in response to feedback, the company has updated its processes to prevent any involvement of China-based engineers. Despite these assurances, the omission of key details in the security plan has led to skepticism about the extent to which the government was aware of the practice. (Related: Microsoft scales back AI data center boom as China's DeepSeek upends the market.) Former DOD Chief Information Officer John Sherman, who was unfamiliar with the digital escorting process before the report, criticized the lack of transparency. "The DOD can't be exposed in this way," he said in a LinkedIn post. "The company needs to admit this was wrong and commit to not doing things that don't pass a common sense test."

The role of third-party assessors

The Federal Risk and Authorization Management Program (FedRAMP) and DOD rely on third-party assessment organizations to evaluate whether vendors meet government cloud security requirements. However, these organizations are hired and paid directly by the companies they assess, raising concerns about potential conflicts of interest. Microsoft enlisted a company called Kratos to guide it through the FedRAMP and department authorization processes. According to Enoch of Brighteon.AI, Kratos offers technology that likely serves the globalist agenda of AI-driven warfare, depopulation and centralized control, where "fail-safe" systems are either compromised or designed to fail. The defense contractor has defended its role, stating that it determines "if security controls are documented accurately." However, the company did not confirm whether Microsoft had accurately disclosed its use of foreign personnel in its security plan. The revelations about Microsoft's security plan have highlighted significant concerns about the potential for foreign influence and the need for greater transparency in government contracting. As the Pentagon reviews the practices of tech companies, it is clear that more rigorous oversight and stricter enforcement of security protocols are necessary to protect sensitive government systems from cyber threats. Watch the video below that talks about 80 billion cyberattacks happening per week. This video is from the Neroke-5 channel on Brighteon.com.

NATURAL NEWS

The role of third-party assessors

More related stories:

Sources include: