FOR IMMEDIATE RELEASE
Contact: Caroline Tabler or Patrick McCann (202) 224-2353
July 24, 2025

Chairman Cotton to Hegseth: Current DoD Agreements and Practices Fail to Account for Threat of China

Washington, D.C. — Senator Tom Cotton (R-Arkansas), Chairman of the Senate Select Committee on Intelligence, today sent a letter to Secretary of Defense Pete Hegseth requesting additional information about agreements and practices that currently fail to account for the growing threat of Communist China. This letter follows one sent by Senator Cotton last week about reports of China-based contractors for Microsoft potentially having access to sensitive military data.

In part, Senator Cotton wrote:

“While I applaud your actions, I am concerned that the Department is hampered by agreements and practices unwisely adopted by your predecessors, including contracts and oversight processes that fail to account for the growing Chinese threat.”

Full text of the letter may be found here and below.

The Honorable Pete Hegseth
Secretary of Defense
U.S. Department of Defense
1000 Defense Pentagon
Washington, DC 20301

Dear Secretary Hegseth:

I write to commend the Department’s prompt response to last week’s inquiry about Microsoft’s use of Chinese engineers to provide services for Department of Defense (DoD) systems. Your vow that “China will no longer have any involvement in our cloud services, effective immediately” and plans for a two-week review of current cloud contracts underscore the urgency required to address this security risk.

While I applaud your actions, I am concerned that the Department is hampered by agreements and practices unwisely adopted by your predecessors, including contracts and oversight processes that fail to account for the growing Chinese threat. As we learn more about these “digital escorts” and other unwise—and outrageous—practices used by some DoD partners, it is clear the Department and Congress will need to take further action. We must put in place the protocols and processes to adopt innovative technology quickly, effectively, and safely.

To inform Congress as we work with you to close the vulnerabilities in the DoD supply chain, I respectfully request the following information by August 15, 2025.

  1. The results of the two-week review, including but not limited to:
    • Details on what services Chinese engineers provided
    • What information or data was shared with Chinese engineers
    • Mechanisms Chinese engineers used to access, maintain, or service DoD systems, such as screen sharing, remote management, or instructions to run scripts
    • What information, if any, was recorded or documented by DoD when Chinese engineers were working with DoD systems
    • How often Microsoft or other providers that utilized this digital escort model conducted self-audits and the results of all such self-audits
    • Any discovery of potential security incidents or malicious events that have already occurred or are likely to occur
  2. All security classification guides provided to Microsoft or other contractors under the Joint Warfighting Cloud Capability (JWCC) program
  3. Any plans to implement a DoD-wide review of contracting practices and DoD guidance to prevent a contractor from leveraging loopholes that place DoD systems at risk

I look forward to working with you on this important matter.

Sincerely,

Tom Cotton

United States Senator

 

###