XPost: alt.government.employees, sac.politics, alt.comp.os.windows-11
XPost: talk.politics.guns, alt.security.espionage
https://www.propublica.org/article/microsoft-tech-support-government- cybersecurity-china-doj-treasury
Last week, Microsoft announced that it would no longer use China-based engineering teams to support the Defense Department�s cloud computing
systems, following ProPublica�s investigation of the practice, which cybersecurity experts said could expose the government to hacking and espionage.
But it turns out the Pentagon was not the only part of the government
facing such a threat. For years, Microsoft has also used its global
workforce, including China-based personnel, to maintain the cloud systems
of other federal departments, including parts of Justice, Treasury and Commerce, ProPublica has found.
This work has taken place in what�s known as the Government Community
Cloud, which is intended for information that is not classified but is nonetheless sensitive. The Federal Risk and Authorization Management
Program, the U.S. government�s cloud accreditation organization, has
approved GCC to handle �moderate� impact information �where the loss of confidentiality, integrity, and availability would result in serious
adverse effect on an agency�s operations, assets, or individuals.�
The Justice Department�s Antitrust Division has used GCC to support its criminal and civil investigation and litigation functions, according to a
2022 report. Parts of the Environmental Protection Agency and the
Department of Education have also used GCC.
Microsoft says its foreign engineers working in GCC have been overseen by U.S.-based personnel known as �digital escorts,� similar to the system it
had in place at the Defense Department.
Nevertheless, cybersecurity experts told ProPublica that foreign support
for GCC presents an opportunity for spying and sabotage. �There�s a misconception that, if government data isn�t classified, no harm can come
of its distribution,� said Rex Booth, a former federal cybersecurity
official who now is chief information security officer of the tech company SailPoint.
�With so much data stored in cloud services � and the power of AI to
analyze it quickly � even unclassified data can reveal insights that could
harm U.S. interests,� he said.
Harry Coker, who was a senior executive at the CIA and the National
Security Agency, said foreign intelligence agencies could leverage
information gleaned from GCC systems to �swim upstream� to more sensitive
or even classified ones. �It is an opportunity that I can�t imagine an intelligence service not pursuing,� he said.
The Office of the Director of National Intelligence has deemed China the
�most active and persistent cyber threat to U.S. Government, private-
sector, and critical infrastructure networks.� Laws there grant the
country�s officials broad authority to collect data, and experts say it is difficult for any Chinese citizen or company to meaningfully resist a
direct request from security forces or law enforcement.
Microsoft declined interview requests for this story. In response to
questions, the tech giant issued a statement that suggested it would be discontinuing its use of China-based support for GCC, as it recently did
for the Defense Department�s cloud systems.
�Microsoft took steps last week to enhance the security of our DoD
Government cloud offerings. Going forward, we are taking similar steps for
all our government customers who use Government Community Cloud to further ensure the security of their data,� the statement said. A spokesperson
declined to elaborate on what those steps are.
The company also said that over the next month it �will conduct a review
to assess whether additional measures are needed.�
The federal departments and agencies that ProPublica found to be using GCC
did not respond to requests for comment.
The latest revelations about Microsoft�s use of its Chinese workforce to service the U.S. government � and the company�s swift response � are
likely to fuel a rapidly developing firestorm in Washington, where federal lawmakers and the Trump administration are questioning the tech giant�s cybersecurity practices and trying to contain any potential national
security fallout. �Foreign engineers � from any country, including of
course China � should NEVER be allowed to maintain or access DoD systems,� Defense Secretary Pete Hegseth wrote in a post on X last Friday.
Last week, ProPublica revealed that Microsoft has for a decade relied on foreign workers � including those based in China � to maintain the Defense Department�s computer systems, with oversight coming from U.S.-based
digital escorts. But those escorts, we found, often don�t have the
advanced technical expertise to police foreign counterparts with far more advanced skills, leaving highly sensitive information vulnerable. In
response to the reporting, Hegseth launched a review of the practice.
ProPublica found that Microsoft developed the escort arrangement to
satisfy Defense Department officials who were concerned about the
company�s foreign employees, given the department�s citizenship
requirements for people handling sensitive data. Microsoft went on to win federal cloud computing business and has said in earnings reports that it receives �substantial revenue from government contracts.�
While Microsoft has said it will stop using China-based tech support for
the Defense Department, it declined to answer questions about what would replace it, including whether cloud support would come from engineers
based outside the U.S. The company also declined to say whether it would continue to use digital escorts.
Microsoft confirmed to ProPublica this week that a similar escorting arrangement had been used in GCC � a dynamic that surprised some former government officials and cybersecurity experts. �In an increasingly
complex digital world, consumers of cloud products deserve to know how
their data is handled and by whom,� Booth said. �The cybersecurity
industry depends on clarity.�
Microsoft said it disclosed details of the GCC escort arrangement in documentation submitted to the federal government as part of the FedRAMP
cloud accreditation process. The company declined to provide the documents
to ProPublica, citing the potential security risk of publicly disclosing
them, and also declined to say whether the China-based location of its
support personnel was specifically mentioned in them.
ProPublica contacted other major cloud services providers to the federal government to ask whether they use China-based support. A spokesperson for Amazon Web Services said in a statement that �AWS does not use personnel
in China to support federal contracts.� A Google spokesperson said in a statement that �Google Public Sector does not have a Digital Escort
program. Instead, its sensitive systems are supported by fully trained personnel who meet the U.S. government�s location, citizenship and
security clearance requirements.� Oracle said it �does not use any Chinese support for U.S. federal customers.�
--
November 5, 2024 - Congratulations President Donald Trump. We look
forward to America being great again.
We live in a time where intelligent people are being silenced so that
stupid people won't be offended.
Every day is an IQ test. Some pass, some, not so much.
Thank you for cleaning up the disasters of the 2008-2017, 2020-2024 Obama
/ Biden / Harris fiascos, President Trump.
Under Barack Obama's leadership, the United States of America became the
The World According To Garp. Obama sold out heterosexuals for Hollywood
queer liberal democrat donors.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)