“`html

New Law Bans China,russia,and Other Adversaries from Pentagon cloud Systems

A new measure signed into law this month prohibits personnel based in China,Russia,Iran,and North Korea from accessing teh Pentagon’s cloud computing systems,addressing critical national security vulnerabilities. The ban, embedded within a $900 billion defence policy law, stems from revelations that Microsoft utilized China-based engineers to service the defense Department’s computer systems for nearly a decade, potentially exposing sensitive data to cyberattacks.

The issue came to light following an investigation by ProPublica earlier this year,which detailed how the arrangement left the nation’s most sensitive information vulnerable to exploitation by a leading cyber adversary. The investigation revealed a concerning practice where digital escorts – U.S.-based supervisors – were intended to oversee the foreign engineers, but often lacked the technical expertise to effectively monitor their work.

“foreign engineers – from any country, including of course China – should NEVER be allowed to maintain or access DoD systems,” stated Defense Secretary Pete Hegseth in a post on X (formerly Twitter) following the initial reports.

The Pentagon updated its cybersecurity requirements for tech contractors in September, prohibiting the use of China-based personnel on Defense Department computer systems. This new law effectively codifies that change, mandating Secretary Hegseth to formally prohibit individuals from the designated countries from having any level of access to the Pentagon’s cloud infrastructure.

The arrangement with Microsoft raised alarms among cybersecurity and intelligence experts, who pointed to Chinese laws granting broad authority to government officials to collect data. According to one analyst,the potential for data compromise was “significant and unacceptable,” given the geopolitical landscape.

Microsoft initially pledged in July to cease using China-based engineers for Pentagon cloud systems after Secretary Hegseth’s public condemnation.In response to the new law, a company spokesperson stated they would “work with our national security partners to evaluate and adjust our security protocols in light of the new directives.”

Lawmakers on both sides of the aisle have lauded the legislation. Representative Elise Stefanik, a Republican on the House Armed Services Committee, celebrated the law as closing “contractor loopholes… following the revelation that companies like Microsoft exploited” them. Senator Tom Cotton, the GOP chair of the Senate Select Committee on Intelligence, echoed this sentiment, stating the legislation “includes much-needed efforts to protect our nation’s critical infrastructure, which is threatened by Communist China and other foreign adversaries.”

The legislation also strengthens congressional oversight of the Pentagon’s cybersecurity practices. The Defense Secretary is now required to brief congressional defense committees on the changes by June 1,2026,with annual briefings to follow for the next three years. These briefings will include updates on the “effectiveness of controls,security incidents,and recommendations for legislative or administrative action.”

ProPublica’s reporting revealed that Microsoft initially developed the “digital escort” program as a workaround to a Defense Department requirement that personnel handling sensitive data be U.S. citizens or permanent residents. While the company maintains it disclosed the program to the Pentagon and provided escorts with “specific training on protecting sensitive data,” top Pentagon officials have stated they were unaware of the program’s details until ProPublica’s investigation.

A security plan submitted by Microsoft to the Defense Department in 2025 reportedly omitted key details about the escort program, failing to mention its China-based operations or the involvement of foreign engineers.

this summer, Secretary Hegseth announced the department had launched an investigation into whether Microsoft’s China-based engineers had compromised national security and ordered a third-party audit of the digital-escort program. The Pentagon has not yet responded to requests for comment on the status of these inquiries. The new law represents a significant step toward safeguarding sensitive defense data and mitigating the risks posed by potential foreign interference in critical U.S. infrastructure