What happened
The Defense Department has strengthened cybersecurity requirements for technology companies that sell cloud computing services.
The updates issued this month prohibit its suppliers from using staff based in China to work in the computer systems and requires companies to maintain a digital paper traine of maintenance conducted by their foreign engineers.
Background
The changes follow from the PROPBLICA investigation that is exposed As Microsoft used China’s based engineers To maintain state computer systems for almost a decade – the practice that has left some of the most sensitive data of the country that are vulnerable to hacking from the leading cyber enemy.
The supervisors based in the US, known as “digital accompaniment”, had to serve checking these foreign employees, but we found that they often lack the experience needed to effectively control the engineers with much more advanced technical skills.
What they said
The Defense Department now says in its “Guide by security requirements“This is just” staff from unverified countries “can work on their cloud systems, and that the accompanying controls control these foreign workers” must be technically qualified in the code/system or technology to which they provide access. “
In addition, clouder suppliers must support detailed audit logs, digital trace of action in computer systems. Magazines “should include identification and escort”, including the country of origin, as well as details of the executed teams and changed settings.
Why is it important
Prior to our reporting, the Pentagon’s main officials said they did not know about the digital Microsoft accompaniment system, which the company developed as a working requirement of the Department of Defense so that people refer to sensitive data that will be US citizens or permanent residents.
Cybersecurity and intelligence experts said propublica that the agreement caused serious risks to national security, given that laws in China are providing wide data collection powers to officials. Leading Congress members in turn What some Republicans called “national treason”.
Now the Pentagon is conducting Investigation of the digital accompaniment programWith a focus on Microsoft’s China Engineers.
Reply
After reporting PROPUBLICA Microsoft announced in July what it is This would stop using Chinese -based engineers Service cloud systems of the defense department. In a statement by this article, the press secretary said the company was seeking to implement new requirements of the department.
“Our commitment to national security is fundamental, and we are still focused on providing the safest services for the US government,” the press secretary said. “We recently implemented changes to the model of support for our department and will continue to work with our national security partners to evaluate and adjust our security protocols in the light of new directives.”
Doris Burke have made research.
