> MS let foreign employees service DoD systems?

Yes, and they will do it again, because it earns them a little more profit, and that is the only thing that counts for corporations of that size. May may hide the outsourcing a little better next time for PR reasons, like adding another layer of "domestic person A being the contractor, but relaying everything to/from N cheaper employees abroad".

From [1]ProPublica [propublica.org]:

> The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

> But these workers, known as “digital escorts,” often lack the technical expertise to police the work of foreign engineers with far more advanced skills, ProPublica found.

So there was a loophole in the rules. And of course they're doing this to save money, so the Americans they hired weren't highly technical and probably can't identify attempts at subterfuge.

I mean even if someone very technical was there the perform the supervision, it would still be hard to defend against a persistent attacker.

[1] https://www.propublica.org/article/defense-department-pentagon-microsoft-digital-escort-china

The bar really has been lowered for fucking up.

> "ProPublica investigation this year that exposed how Microsoft used China-based engineers to service the Defense Department's computer systems for nearly a decade"

> MS let foreign employees service DoD systems? I can't even begin to fathom how this is even remotely possible. Is there a CCP mule leading services at MS? If not, there should be a congressional hearing on this, because this level of incompetence is really inexcusable.

NIST 800-53 pre-dates NIST 800-171 pre-dates CMMC. And I'd have to believe that Controlled Unclassified Information (CUI) is the bare minimum standard when talking about "Pentagon" related InfoSec guardrails.

Microsoft's GC Cloud mandating US citizen based support has been around for years now. I have no idea why the hell the Pentagon of all places would be skimping on these mandates, but I can tell you that skimping is quite rampant among defense contractors. Two years after implementing 800-171, a stud

The good news is there's no actual security risk there.

The bad news is that the reason there is no security risk is the modern ruling class is a global class and they're all working together to fuck you in the ass. So there isn't any actual risk among major countries because they're all in the same club together.

You are not in that club. Statistically you probably believe that you are. And even if intellectually you know you're not you probably vote like you are. Again statistically.

> But Russia's OK.

I know Fortune 500 companies that are outspoken against Russia's war against Ukraine in public, and at the same time hire cheap Russians that reached western countries mere months ago (and they are certainly not "fugitives"). Virtue signaling is cheap, but there is money to save on wages, morals and security be damned.

Apparently many in the government were also surprised.