Last week, Microsoft announced that no longer would use Chinese Engineering Groups to support cloud computing systems A PROPBLICA PROPBLICA studyWhat cybersecurity experts can undergo hacking and espionage.
But, it turns out, the Pentagon was not the only part of the government that faces such a threat. For many years, Microsoft has also used its global labor, including staff based in China to maintain cloud systems of other federal agencies, including parts of justice, Treasury and CommercePROPUBLICA found.
This work is that it is known as a governmental cloud that is not classified for information but is nevertheless sensitive. The Federal Risk Management and Authorization Program, the US government accreditation organization, approved the GCC to process “moderate” information on impact “where the loss of confidentiality, integrity and availability will lead to a serious adverse effect on operations, assets or individuals of the agency.”
Department of the Antimonopoly Department of the Ministry of Justice used According to the 2022 report, GCC to support its criminal and civil investigation and court cases. Piece Environmental Protection Agency and Department of Education Also used GCC.
Microsoft says its foreign engineers working in GCC were under the control of staff based in the US, known as “digital support”, similar to the system she had in the Defense Department.
However, cybersecurity experts reported propublica that foreign support for GCC provides an opportunity for espionage and sabotage. “There is a misconception that if the public data is not classified, it cannot harm it,” said Rex Booth, a former federal cybersecurity official, who is now the Chief Director for the SailPoint Information Security Company.
“With so many data stored in cloud services – and the power of II quickly analyzing it – even unclaimed data can reveal an understanding that can harm us interests,” he said.
Harry Cocker, who was the top head of the CIA and the National Security Agency, said foreign special services could use information obtained from GCC systems to “swim up on the current” to more sensitive and even classified. “This is an opportunity that I cannot imagine that the intelligence service does not do,” he said.
Director’s Office of National Intelligence He considered China “the most active and sustainable cyber force for the US government, private sector and critical infrastructure.” The laws there are providing widespread powers to the country’s officials, and experts say that any citizen of China or the company is difficult to resist a direct request for security forces or law enforcement agencies.
Microsoft refused interview requests for this story. In response to questions, the technological giant made a statement that he would stop using China’s support in China for GCC as it was recently for the cloud defense systems.
“Microsoft has taken steps last week to raise the security of our DOD cloud offers. Going forward, we take similar steps for all our government clients who use the government community to ensure the safety of their data,” the statement said. The press -secretary refused to clarify what steps were.
The company also stated that in the next month it “will conduct an overview to evaluate whether additional measures were needed.”
Federal departments and agencies that Propublica found, using GCC did not respond to comment requests.
Recent discoveries about the use of Microsoft to its Chinese workforce to maintain the US Government – and the rapid reaction of the company – can improve rapidly developing fiery storm in WashingtonWhere federal lawmakers and Trump administration question the practice of cybersecurity of the technological giant and try to hold any potential national security falls. “Foreign engineers are from any country, including of course wrote in a message on x Last Friday.
Last week, Propublica showed that Microsoft has relied on foreign workers for decades, including China, for maintaining computer systems of the Ministry of Defense, and the supervision of digital supporters based in the US. But these supporters, as we found, often have no advanced technical examination for foreign police counterparts with much more sophisticated skills, leaving very sensitive information vulnerable. In response to reporting, hegseth launched the review Practice.
Propublica found that Microsoft has developed an accompaniment to satisfy the officers of the Defense Department, which were concerned about the foreign employees of the company, given the requirements of the Department of Citizenship for people who refer to sensitive data. Microsoft continued to win the federal business -calculating business and stated in Reports on income that he gets “significant profit from government contracts”.
While Microsoft said she stopped using technological support in China, she refused to answer the questions about what to replace it, including whether the cloud support from the US engineers will also refuse to say whether it would continue to use digital accompanies.
This week, Microsoft has confirmed Propublica that a similar accompaniment was used in GCC – a dynamics that surprised some former government officials and cybersecurity experts. “In a more complex digital world, cloud products deserve to know how their data is processed and who are processed,” Booth said. “Cybersecurity industry depends on the clarity.”
Microsoft said she had revealed the details of the GCC’s accompanying documentation submitted by the Federal Government as part of the FedramP cloud accreditation process. The company refused to provide Proopublica documents, citing a potential risk of safety publicly disclosing them, and refused to say whether they had the location of its support staff in China.
PROPUBLICA has contacted other major cloud services providers in the federal government to ask if they use support in China. The Web Services Amazon press -secretary said in a statement that “AWS does not use staff in China to support federal contracts.” The Google press secretary said in a statement that “there is no digital support program in Google. Instead, its sensitive systems are supported by a fully trained personnel that meets the location, citizenship and security.” Oracle said “does not use any support for Chinese federal customers.”
