FOR IMMEDIATE RELEASE
Contact: Caroline Tabler or Patrick McCann (202) 224-2353
July 18, 2025

Chairman Cotton to Hegseth: DoD Cannot Allow China to Infiltrate its Critical Infrastructure 

Washington, D.C. — Senator Tom Cotton (R-Arkansas), Chairman of the Senate Select Committee on Intelligence, today sent a letter to Secretary of Defense Pete Hegseth, requesting information about Department of Defense contractors that hire Chinese personnel to provide maintenance and services to department systems. This letter follows a report about Microsoft currently employing engineers in China to maintain Department of Defense systems.

In part, Senator Cotton wrote:

“The U.S. government recognizes that China’s cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains. DoD must guard against all potential threats within its supply chain, including those from subcontractors.”

Full text of the letter may be found here and below.

The Honorable Pete Hegseth
Secretary of Defense
U.S. Department of Defense
1000 Defense Pentagon
Washington, DC 20301

Dear Secretary Hegseth:

I write concerning a report that Microsoft is currently employing engineers in China to maintain Department of Defense (DoD) systems, potentially exposing our nation’s most sensitive data to a foreign adversary.[1]

Chinese state-sponsored hacking campaigns have long targeted U.S. officials through Microsoft systems. Now Microsoft is allegedly relying on U.S. citizens serving as “digital escorts” to supervise these Chinese engineers’ activities on DoD systems. While this arrangement technically meets the requirement that U.S. citizens handle sensitive data, digital escorts often do not have the technical training or expertise needed to catch malicious code or suspicious behavior.

The U.S. government recognizes that China’s cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains. DoD must guard against all potential threats within its supply chain, including those from subcontractors.

I respectfully request the following information by July 31, 2025.

  1. A list of DoD contractors that hire Chinese personnel to provide maintenance or other services on DoD systems
  2. A list of subcontractors that hire digital escorts for Microsoft, or any other entity, and their interview and technical assessment process for candidates
  3. The training contractors or subcontractors provide to digital escorts on how to identify suspicious activity
  4. Any recommendations for closing existing loopholes in FedRAMP requirements

Thank you for your attention to this matter.

Sincerely,

Tom Cotton

United States Senator

 

###