Bombshell allegations that Microsoft is using Chinese employees inside China to oversee DoD, Federal government cloud infrastructure
WASHINGTON, DC -In September 2023, FBI Director Christopher Wray told a conference that China has a “bigger hacking program” than the competition. He warned that Beijing has a “cyber espionage program so vast that it is bigger than all of its major competitors combined.”
“China already has a bigger hacking program than every other major nation combined,” Wray said at the time. “If each one of the FBI’s cyber agents and intelligence analysts focused on China exclusively, Chinese Hackers would still outnumber our cyber personnel by at least 50 to 1,” Reuters reported.
While the Biden administration has identified white supremacism as the “greatest threat” to the United States, a program begun under the Obama administration and continuing today seems to be an exponential threat to our national security and appears to be making the United States vulnerable to the Chinese communist government. The program gives the Chinese a backdoor into U.S. Government and Department of Defense cloud services, a security expert warns.
Tom Schiller, a senior software developer
with a stellar resume, is the CEO of Next Defense, a consultancy agency
specializing in Virtual Reality and Artificial Intelligence for defense
training. Schiller is a subject matter expert. He reached out to Law Enforcement Today,
and what he told us was chilling. He told us of a program hatched
between Microsoft and the Obama administration that is directly tied to
China and puts our national security in peril.
The information that follows comes from Schiller's expertise in the matter.
The story begins in 2003, when Microsoft agreed with the Chinese government to allow it to inspect Windows source code and, in some cases, insert its own code. This was done to satisfy Chinese concerns that the United States government wasn’t inclusive of back doors for American espionage.
Schiller noted that in his research, he has not found any evidence of Microsoft making such an agreement with the US government. In 2016, he asked this question and was told that the US government “had not thought to ask for it or include it in the agreement.”
Fast-forward to 2008, when Microsoft endorsed Obama for president. Out of nearly $3 million in political contributions made by the Bill Gates-owned company, $2.12 million went to Democrats, with only $844,586 going to Republicans.
What is odd about Microsoft’s endorsement (as well as that of other Silicon Valley big tech companies) is that Obama had pledged to raise taxes on those earning over $250,000 per year. It seems that they would be betting against their self-interest.
After being elected president, Obama appointed Microsoft’s chief research and strategy officer, Craig Mundie, to his 20-member President’s Council of Advisors on Science and Technology.
Mundie was credited with being the key Microsoft executive who was able to speak to the company’s China strategy. He served as Microsoft’s “decision-maker” for that strategy for 13 of the company’s 18 years in the China market (as of December 2010). Under his leadership, Microsoft was one of the few foreign technology firms that gets public support from the Chinese government.
That brings us to Joe Biden. Biden has bragged that he and Xi Jinping of China had traveled over 17,000 miles together and spent over 78 hours in meetings in the years they have known each other. Recall that Biden was Obama’s vice president. Biden spoke of a 2011 meeting with Xi, and although Biden likely exaggerated the number of miles and meetings he spent with Xi, the fact remains that part of his job as vice president was to engage with Xi.
It was during this time that Biden established a relationship with Xi and at the time, predicted that the U.S. and China were on a “positive” trajectory. That relationship is believed to have played a large part in the 2016 deal, which is risking our national security.
In 2012, Mundie was promoted to Senior Advisor to the CEO at Microsoft. After only a few years of serving as Obama’s science and technologies advisor, Mundie received his promotion, which served as a bridge between the administration and Microsoft. Moreover, remember that Mundie was the “decision-maker” for Microsoft’s China strategy for 13 years.
What was the 2016 deal between Microsoft and the Obama administration? It transitioned over 80 percent of our federal government and Department of Defense physical infrastructure and services to Microsoft and transitioned over 98 percent of the support for IT infrastructure and services overseas, with over 90 percent of that transitioned to China.
Going back to 2014, Microsoft launched Microsoft Azure China, the first international public cloud provider to bring that technology to China.
That same year, Mundie retired from Microsoft and became Obama’s full-time science advisor. When Microsoft launched Azure, Chinese regulatory requirements mandated that regions operated in China were physically separated from Microsoft’s global cloud; however, they use the same cloud technology as other regions operated by Microsoft worldwide. In other words, China used the same cloud-based technology and infrastructure as the U.S. Government and the Department of Defense. Schiller alleges that the Chinese learned how to exploit it. With that being the case, why didn’t the U.S. government halt the program since it clearly violated our national security interests?
To make matters worse, the United States began to migrate infrastructure and services into the same Microsoft cloud environment as the Chinese setup. Why would the U.S. government compromise our national security in that way?
Things went from bad to worse in July 2014, when four Microsoft offices in China were raided by the government’s antitrust regulator, the State Administration for Industry and Commerce in response to an alleged “compatibility issue” with older versions of Windows software. The timing was, Schiller alleges, suspicious.
The presence of an American tech company, Microsoft, in China raises many more questions than it answers. With the federal government and Department of Defense so reliant on Microsoft products and services, why take the risk of having that company with offices in what is clearly the number one international threat to the United States, especially when they can raid their facilities and help themselves to whatever they want? Unlike the United States, the Chinese don’t have a constitution to abide by. Schiller asks why Microsoft wasn’t ordered to pull out of China then.
After the raid, a China-based Microsoft spokesperson emailed, “We’re serious about complying with China’s laws and committed to SAIC’s questions and concerns. "
That statement contradicts the Microsoft president's statement before the House Homeland Security Committee in June 2014, when he said that the Chinese government had previously ordered the company to comply with their laws and probes. He said the Chinese were told that he “was not allowed that and will not.” Schiller also noted that Microsoft has shared source code with China and let them insert their own source code into Microsoft’s proprietary source code. That is a direct contradiction to the Microsoft president’s statement to Congress.
In response to the raid, Microsoft sent its Deputy General Counsel, Mary Snapp, to Beijing to meet with the SAIC in July 2014. The regulator warned Snapp “not to obstruct the probe,” a veiled threat not to interfere with their “investigation.”
That same month, SAIC revealed they had sent over 100 officials on unannounced visits to Microsoft’s offices in China, seeking information on the company’s security features and how it bundles software.
That same piece noted that Chinese officials spoke to senior Microsoft employees and copied data, contracts, and financial reports, giving them “intimate knowledge of all operations, all activities, and all development work Microsoft is conducting in China,” Schiller said. CNET confirmed Chinese officials had also raided the offices of Accenture, an IT consulting firm and one of Microsoft’s partners in China.
In December 2014, Microsoft announced the availability of Microsoft Azure Government, the same month that Mundie retired from the company and went to work as Obama’s science advisor. Coincidence?
Only months later, in April 2015, Obama issued Executive Order 13694, declaring a “national emergency” to deal with the “unusual and extraordinary threat to the national security, foreign policy and economy of the United States constituted by the increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States.”
Why, then, did the Obama administration allow Microsoft to use staff in hostile countries to support U.S. Government and DoD infrastructure?
In September 2015, now-Chinese President Xi Jinping made his first state visit to the United States. His first stop was Seattle, home of Microsoft, where he toured facilities and met with executives from 28 tech companies. He then traveled to Washington, D.C., in part to meet with Obama to work out a new cybersecurity agreement.
Seems like a bit of a suspicious itinerary: His first stop in the U.S. as Chinese president is at Microsoft, and then he goes directly to the White House to “hammer out” a new cybersecurity deal. Given what occurred after this trip, the timing is suspicious indeed.
Rewind to 2013 when Obama urged XI to develop “common rules of the road” to prevent digital theft. An agreement was reached in 2015 that the two countries would “mitigate” cyberattacks and investigate cyber crimes originating within their borders. Schiller believes this agreement may have served as a prerequisite to allowing China to continue raiding Microsoft facilities in that country under the guise of it being official U.S. policy.
All of this sets the background for what happened in Obama’s last year in office, 2016. Obama authorized Microsoft to begin using uncleared foreign national staff to manage the U.S. Sovereign Cloud, working together with a cleared security escort team,” Schiller, who has personal knowledge of the agreement, said. According to Schiller, those foreign nationals accounted for 98 percent of the total, with over 90 percent being out of China. What is the U.S. Sovereign Cloud? It consists of ALL of the U.S. Government and DoD Microsoft cloud environments.
“Why would President Obama have signed off on something that essentially gives total authority of the U.S. government’s and DoD’s physical cloud infrastructure to Chinese nationals in China, Schiller asks, “as well as something that gives total trust to Chinese nationals in China?”
Worse still, Schiller says that “due to an inadequately/poorly written authorization given to Microsoft” by Obama, “uncleared Microsoft staff primarily based out of China did not have to share source-code intended for use in the U.S. Sovereign Cloud with the cleared security escort team. As a result, security provided by cleared U.S. escort personnel is effectively negated and neutralized.”
In a blog dated June 2016 but published in March 2022, Microsoft wrote the following:
Customer support for the US Sovereign Cloud. The US Sovereign Cloud with Azure Government, Microsoft 365 Government (GCC High), and Dynamics 365 Government (GCC High) offer differentiated support staffing, with technical support provided 24x7 by screened US Persons in a US Location. However, these terms do not preclude the use of global support staff in customer support escalations. It is not uncommon for Microsoft customer support to rely on support engineers who specialize in specific services or technologies and are experts in niche areas. These support engineers might be located anywhere in the world and could be introduced to provide subject matter expertise and guidance on a specific customer support ticket. [emphasis added]
As previously highlighted, an overwhelming majority of “global support staff” are located in China.
In September 2016, Microsoft announced a new Beijing Transparency Center:
Just like our Microsoft Transparency Centers in North America and Europe, our new facility in Asia enables government IT experts to test and analyze our products closely and gain confidence that our software will stand up to their security needs when deployed broadly. These facilities are designed to provide deep ability to understand the security we deploy and do so in an environment that ensures our products remain proprietary and protected. Simply put, governments have the ability to review our products and services, both manually and by running tools, but they cannot alter what is delivered to customers.
Schiller called this a “massive conflict of interest,” noting that it gives “China direct access to source code, being able to stress test Microsoft environments and services, and have full access to software developed at Microsoft." Was this part of the cybersecurity deal between Obama and Xi in 2015?”
In January 2017, Microsoft was granted DoD Level 5 PA, the “highest level of authorization for storing and processing Controlled Unclassified Information (CUI), national security systems information, and mission-critical information.”
That same month, Bloomberg reported that Qi Lu, a former Microsoft executive, had been appointed as group president and chief operating officer at Baidu, Inc., a Chinese search agent, giving him “oversight over all aspects of the Chinese search giant’s business from sales to technology development.”
According to the House Oversight Committee, less than two months after he left office in March, Chinese company State Energy HK Limited wired a Biden associate $3 million. The Biden family and their associates received over $8 million from CEFC China Energy and related entities.
It isn’t known what “services” Biden and his associates provided to earn $8 million; however, it might be related to the Microsoft-China deal.
After President Trump took office, China passed the National Intelligence Law. Article 7 requires Chinese “individuals, organizations, and institutions to support national intelligence work.” Article 14 gives the Chinese intelligence agencies the authority to demand such cooperation. This would obligate Microsoft to “support [Chinese] national intelligence work.” A response to Trump’s election? Unknown.
China also passed the PRC CyberSecurity Law of 2016, which requires “businesses operating within China to store business, technological and personal data on servers located within China and allows Chinese authorities to conduct spot-checks on companies’ network operations.”
This codifies what China had already done to Microsoft in 2014 when the government raided the company’s facilities. This law specifies that raids and “spot checks” will be ongoing, and companies such as Microsoft must comply. Schiller again asks why the U.S. government hasn't demanded Microsoft pull out of China.
In May 2019, President Trump issued Executive Order 13873 on Securing the ICT and Services Supply Chain. That order supersedes the previous order between the U.S. and Microsoft, making it illegal for Microsoft to use China-based staff to support the U.S. Sovereign Cloud. Schiller said Microsoft continues to violate that order, with over 90% of its staff still based in China, an apparent violation of the executive order.
The order mandates procedures the Department of Commerce will use to prohibit the use or transaction of “information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary that may pose a risk of sabotage or subversion; 2) catastrophic effects on the Nation’s critical infrastructure or digital economy; or 3) adverse consequences to national security and public safety.”
In 2021, China implemented the “Anti-Foreign Sanctions Law,” which allows Beijing to retaliate against persons or entities “instigating or implementing sanctions against China.” That means any company complying with sanctions imposed by the West (aka the United States) would violate Chinese law and face counter-sanctions and liabilities. The Chinese government could retaliate against spouses, relatives, and co-workers deemed responsible for sanctions.”
Why the U.S. didn’t order Microsoft to pull out of China at this point is anyone’s guess.
In March 2021, Microsoft reported a hack of at least 30,000 customers that allowed outsiders to access the company’s email and calendar service through a software loophole that was previously unknown to the company. Volexity, a cybersecurity firm that initially discovered the Exchange breach, and Microsoft concluded the attacks came from China and appeared to be state-sponsored.
In August 2021, Microsoft Azure Government Top Secret became available for US national security missions, which Schiller said “signifies that all levels of U.S. national security classifications are now compromised.”
“We’ve worked in close collaboration with the US Government to build a cloud portfolio that serves the national security mission and empowers leaders across the Intelligence Community (IC), Department of Defense (DoD), and Federal Civilian agencies to innovate securely wherever the mission requires and at all data classifications, with a continuum of technology from on-premises to cloud to the tactical edge,” Microsoft announced in a release.
“Microsoft does not build from scratch; they clone them, and that means they cloned the already compromised U.S. Sovereign Cloud environment to build this,” Schiller said. “Also, there is no evidence that Microsoft has stopped the practice of using foreign ‘global’ staff to support their U.S. Government environments, so it stands to reason that Chinese nationals in China are in control of this environment as well,” he said.
Schilling also warned, “that there is no evidence of a cleared security team, and the current escort team has no knowledge with how this is supported.”
The federal government also has a requirement, codified as 252-225-7058, that requires companies to disclose those who work in the People’s Republic of China, including the total number of such individuals who work there on covered contracts funded by the DoD and a description of the physical presence, including the street address or addresses in China, as well as where work on the covered contract is performed.
Schiller said there is no evidence that Microsoft has provided the above form to the federal government.
Following Obama's example, Biden also went fishing in the Microsoft pool in February 2023 when he appointed Scott Charnet, Vice President of Security Policy at Microsoft, chair of his National Security Telecommunications Advisory Committee.
In May 2023, in what experts called one of the “largest known cyber espionage campaigns against the US,” Chinese hackers used “stealthy” malware to attack “critical infrastructure” on American military bases in Guam.
In another cyberattack against Microsoft programs, China was blamed for a hack that targeted Microsoft Exchange Online mailboxes, hitting 22 organizations and over 500 individuals worldwide. A scathing report said the hack was “preventable” and “should have never occurred.” One of those targeted was Commerce Secretary Gina Raimondo. Most concerning, Microsoft has “no idea” how the Chinese carried out the attack.
US intelligence agencies said the breach was carried out by China’s top spy service, the Ministry of State Security. The report slammed Microsoft for issuing “inaccurate or misleading” statements suggesting the breach was due to a “crash dump,” otherwise known as leftover data contained in the wake of a system crash.
The above incidents led FBI Director Wray to warn about China’s hacking prowess.
It was later discovered that a Chinese hack of a Microsoft engineer led to the June breach. Microsoft revealed the information in September 2023, saying the Chinese stole data from a Microsoft engineer’s device, allowing them access to the State Department’s email accounts.
In July 2024, Microsoft ordered all its China-based staff to switch to iPhones due to “security threats.” Schiller said, “the principal environments that China broke into were US Government and DoD environments.” He believes the hack took place in China.
“...Given Chinese laws, previous raids, and Microsoft complying with the Chinese government, it is highly likely that the engineer was forced to comply and was directed to unlock the device and allow access,” Schiller said.
In April 2024, Wray warned that Chinese hackers have “infiltrated critical US infrastructure. In a speech at Vanderbilt University, Wray said an ongoing Chinese hacking campaign known as Volt Typhoon has infiltrated numerous American companies in telecommunications, energy, water, and other critical sectors, targeting 23 pipeline operators,” The Guardian reported. Wray warned that the Chinese are waiting “for just the right moment to deal a devastating blow.”
Schiller told LET that he has been sending “reports to the FBI since 2016,” and perhaps that was what Wray was referring to. He noted that the FBI has “not performed due diligence and contacted me for more information.”
On July 1, a new law was enacted in China, allowing security officers to access personal devices such as phones and laptops without warrants. Schiller said that codifies a practice the Chinese have already engaged in. Again, he asks, “Why has Microsoft not been ordered by the U.S. Government to leave China?” Schiller told us that he believes such inspections will focus on collecting personal and commercial data, noting that there is precedent within China of security forces viewing and sometimes downloading content from devices within that country.
Schiller told us that in 2021, China clarified that violating Chinese law would prompt the Chinese government to retaliate against spouses, relatives, and co-workers. Further, why would the U.S. government, DoD, or both allow their cloud environments to be managed and controlled by Chinese personnel in that country? He doesn’t believe this was authorized, but even if it was, he believes “the EO’s and DFARS form supersedes said agreement.”
This past May, Microsoft did ask hundreds of Chinese staff to relocate to the U.S. as tensions rose over technology. Again, why would the U.S. seek to import additional Chinese Microsoft staff into the U.S., with possibly their spouses, children, and co-workers remaining behind in China under threat?
According to the Wall Street Journal, Microsoft has asked 700 to 800 employees involved in machine learning and other work related to cloud computing to consider relocating.
After the Chinese hack in 2023, Microsoft President Brad Smith was called to testify before the House Homeland Security Committee. Politico reported that lawmakers questioned him about the company’s transparency relative to its response to the breach, other security lapses, and continued business in China.
One of those who lashed out at Smith was Rep. Carlos Gimenez (R-FL), who wasn’t buying what Smith was selling.
“I’m sorry, I just, for some reason, I just don’t trust what you’re saying to me,” Gimenez said when he questioned whether Microsoft’s work in China makes it vulnerable to that country’s intelligence services.
The hearing was in response to the report concluding that Microsoft had committed a “cascade” of avoidable errors, making it easier for Chinese hackers to obtain unclassified emails from US officials. After publishing that report, CISA (Cybersecurity and Infrastructure Security Agency) warned that another hack of Microsoft products allowed Russian hackers to obtain more emails from additional US officials.
Smith attempted to calm lawmakers' frustration by accepting responsibility for the errors CISA pointed out in their April report.
“I think the most important thing for me to say, the most important thing for me to write in my written testimony, is that we accept responsibility for each and every finding in the CSRB report,” he said.
Rep. Clay Higgins (R-LA) also pushed Smith to explain why Microsoft was indecisive about correcting information included in a self-reported report on the hack, which CISA later determined to be misleading.
Smith said Microsoft hesitated because it didn’t believe the new information was “actionable,” to which Higgins replied, “That answer does not encourage trust.”
Criticism of Microsoft and Smith wasn’t relegated to only Republicans. Rep. Benny Thompson (D-MS), slammed Microsoft after ProPublica issued a report on an investigation that found Microsoft had “for years” failed to address a design flaw in its cloud computing products. That led to a 2020 hack by Russian operatives as part of a campaign to target nine federal agencies and approximately 100 companies.
“My concerns about whether we can rely on Microsoft to be transparent were heightened this morning when I read a ProPublica article,” Thompson said during his opening statement.
During his testimony, Smith claimed Microsoft’s China business accounted for only a small portion of its revenue and said it helps protect the intellectual property of US companies there, Politico reported. However, Gimenez wasn’t buying it, referring to a 2017 law requiring individuals or businesses operating in China to cooperate with the country’s intelligence agencies.
“You operate in China, and you’re sitting there telling me that you don’t have to comply with the laws of China?” Gimenez asked.
In response to the House hearing, Schiller contacted Rep. Gimenez in a letter.
In the letter, Schiller advised Gimenez that he had alerted the DoD CIO and DISA IG about a possible breach in the US cloud infrastructure.
“In my expert opinion, the breach has significantly compromised all U.S. Government and DoD cloud services, posing a grave ongoing and present danger to our nation’s security and the safety of the American people.”
He continued to explain to Gimenez Microsoft’s use of “un-cleared Chinese nationals based in China to conduct and control over 90% of the work and support for the Microsoft U.S. Government and DoD cloud environments,” explaining that the “authorization agreement…was inadequately written, leaving things open-ended and unclarified.” He told GImenez that “Microsoft has taken full advantage of this and has in turn used to essentially hand over control of the U.S. Sovereign Cloud to China,” adding that this had “actively been going on since around 2016.”
Schiller told Gimenez he has “three additional senior-level whistleblowers from the Microsoft U.S. Government and DoD contract who are prepared to testify.” Schiller asked Gimenez to contact him so a complete briefing of facts could take place.
In looking into the Microsoft program in China, Schiller identified many “red flags.” They included:
- Uncleared personnel are given full control of government-certified computers with full access to U.S. government and military environments
- Uncleared personnel are given access to and conduct work within U.S. government and military environments requiring multiple security clearances.
- Cleared personnel are not authorized to access or validate the larger packaged code that the launchpad scripts launch in the environments.
- Over 98% of uncleared personnel are based overseas
- Over 90% of uncleared personnel based overseas are based in China
- Laptops and equipment are kept in the possession of the cleared personnel, including when they travel or are at home
- Uncleared personnel primarily work from home
- No secured government-certified facilities assigned to cleared personnel to work from
- The big tech companies are actively advocating eliminating the cleared escort teams and allowing uncleared personnel direct access to said environments
- Leadership at the big tech companies have been actively establishing partnerships with Chinese agencies, including spy and surveillance agencies
- The big tech companies have been aggressively establishing offices in China, with more and more of their workload and jobs being sent to China.
- Leadership at the big tech companies have been overly friendly with the president of China, making deals that are in the interests of China and do not align with U.S. interests
Schiller told us that he has sent numerous reports to key US agencies, including the FBI, NSA, US Air Force, OSI, and US Navy NCIS. Likewise, reports have been “submitted to multiple senators, members of Congress, and military commanders.” He also told LET that the Director of NSA, who concurrently serves as the commander of USCYBERCOM, was also included as a recipient of these reports. The following methods were used:
- Sending emails to individuals
- Utilizing electronic forms available on websites to submit reports and establish contact with personnel
- Leaving voicemail messages
- Sending reports via fzx
- Leaving messages with office assistants
- Dispatching letters through the mail
As of 2024, NO RESPONSES were received addressing Schiller’s concerns. Below are some of those Schiller attempted to contact:
Rep. Matt Gaetz (R-FL)- Schiller contacted Gaetz’s office over several weeks, several times per week. Most of the calls went to voicemail, but he did have occasion to speak with one of his interns, Amanda. She shared her email with Schiller and said she would forward his report to Gaetz and help schedule a meeting. Since that first attempt, all further attempts have proved fruitless.
Rep. Lauren Boebert (R-CO)—Schiller was able to speak to someone in Boebert’s office and, through her scheduler, get his report directly to Boebert and her senior staff. She declined a meeting to discuss the issues with Schiller and decided to “defer” the matter to Gaetz and other committees, such as the Armed Services Committee. Schiller was assured his report had been forwarded to Gaetz and others, but again, Schiller has not heard back.
Rep. Marjorie Taylor-Greene (R-GA)- Most calls went to voicemail, but I was able to speak to her scheduler, who shared his email and assured Schiller’s report would be forwarded to Greene and he would help schedule a meeting. After several attempts to reach the scheduler or anyone else in Greene’s office to confirm receipt of the report, no one has been reachable.
Rep. Jim Jordan (R-OH)- All calls to Jordan’s office went to voicemail; no calls have been returned.
Rep. Thomas Massie (R-KY)- Schiller was able to contact Massie’s office, however the official response has been, “Congressman Massie will not be available for a meeting. I have been asked to refer you to the Armed Services Committee: 202-225-4151.” Schiller told Massie’s office that the matter is also of concern to a committee Massie does sit on, the Weaponization of the Federal Government committee, and he sent a letter to Massie’s legislative counsel to that effect. No response has been received.
Sen. Tim Scott (R-SC)- Scott’s office has answered the phone and responded. Scott’s office said the senator has received and is tracking the report. He also had his national security advisor, Kate Hunter, meet with Schiller to get a full debrief on the issue. Hunter expressed “alarm” and agreed it is a “serious situation” however told Schiller Scott’s office “doesn't have the power” to investigate. She forwarded the matter to other committees and offices she felt might be interested, as well as to the Texas delegation. She promised to brief Sen. Scott on their meeting and Schiller's letter.
Sen. Ted Cruz (R-TX)- Called Cruz’s office several times, made contact with an intern once, who assured she would forward Schiller’s report and meeting request to “the right people.” All calls to his office have gone to voicemail; no response has been received.
Sen. Josh Hawley (R-MO)- Schiller contacted Hawley’s Defense Policy Advisor, Austin Dahmer, and arranged a meeting. Dahmer also expressed “alarm” and asked what follow-up steps he (Schiller) would recommend. He suggested reaching out to the other whistleblowers and briefing Hawley immediately, and Hawley should touch base with Sen. Scott and possibly partner up.
General Timothy Haugh- USCYBERCOM Commander/Director of the NSA- After sending the report to Haugh via email, a special agent from Haugh’s office reached out, verified Schiller’s credentials, and assured the agency would “look into this.” No response was received for several weeks, however another special agent from Haugh’s office eventually reached out and asked Schiller “not to contact his office” anymore. He suggested Schiller take the matter to the local Air Force OSI or Navy NCIS office. Schiller informed him that he had been trying that for nine years, and the lack of concern was alarming. The special agent promised to establish contact between Schiller and the local NCIS office to get things moving. No connection was established, and no call back was received for three weeks, whereupon he apologized and directed Schiller to DCSA.
General Michael Minihan- USAF AMC Commander- Minihan was briefed on the situation, where he replied, “I am tracking and banging the drum.” Schiller kept him up to date on what he was doing and who he was contacting, and he asked for assistance in reaching out, but he never received a response. That was until Minihan contacted him after Schiller had copied Rep. Gaetz on an email; Minihan said he was upset that Gaetz was copied on an email “without his permission,” and he no longer wanted to be involved or track the situation.
The implications to national security are frightening:
- Big tech companies are authorized to have U.S. Government and military cloud environments ranging all the way up to Top Secret IL6+, and actively adding more and more in the interests of China creates a massive conflict of interest for the United States
- Big tech has transferred over 90% of the workload for the U.S. Government and military cloud environments over to Chinese personnel in China while also being partnered with Chinese spy and surveillance agencies, leaving our national security at its highest risk, perhaps in history.
- Due to over 90% of these environments, China possibly knows more about those environments than we do, putting us in dangerous territory if war with China ever breaks out.
- By transferring cloud or standard business to Chinese personnel in China, big tech is reducing the number of trained and knowledgeable U.S. workers and boosting those in China, which is against our national interest while promoting China.
- The economic and military impact cannot be measured. By outsourcing cloud environments to being under Chinese control, that country has " gained expert knowledge and experience in how to compromise and attack our critical cyber infrastructure.” That has led US agencies and DoD departments to address those threats, which strains taxpayers and, in turn, our national debt. Funds for training personnel have been diverted to combating cyber threats, which has resulted in “a decline in the overall effectiveness of our armed forces.”
What, then, should the US response be? Schiller has several suggestions:
- Establish and enforce a law prohibiting any U.S.-based entity working with the U.S. Government from outsourcing personnel outside the country.
- Establish and enforce a law that makes it unlawful for any entity to conduct business with the U.S. Government if they have relations with nations regarded as unfriendly or hostile to the U.S. or allied nations and vice versa.
- Establish and enforce a law that makes it unlawful for uncleared individuals to access any U.S. Government and Military cyberinfrastructure, cloud, or otherwise.
- Collaborate with allied nations and international organizations to adopt identical laws and regulations to effectively address this issue and tackle the global threat Chinese companies present in cybersecurity.
Finally, “it is imperative to promptly establish new cloud infrastructure exclusively owned and operated by the U.S. Government and Military, bringing in cleared contractors as needed, and to phase out civilian-owned U.S. Government and Military environments."
The United States is facing its greatest
threat since World War II. While some focus on the boogyemen of “white
supremacy” or “climate change” as being the most significant national
security threats we face, make no mistake about it. China, Russia, Iran,
North Korea, and other rogue nations are an existential threat to our
survival as a nation.
The fact that the greatest enemy we face is ourselves, and our failure
to recognize those threats facing us from those who seek to destroy us
and our way of life is unacceptable.
Unfortunately, the Inspector General's Office for the Defense
Information Systems Agency (DISA) is not interested in Schiller's
concerns. In a letter dated August 29, 2024, the Assistant Inspector
General for Inspections, Jo Ann T. Geoghan wrote:
You contacted the
DOD OIG on 19 July 2024, alleging security concerns involving uncleared
foreign nationals and the Microsoft Azure platform. We conducted a
preliminary analysis into the complaint and determined this matter is
not within the avenue of redress by DISA IG and is best addressed by the
appropriate DISA management. We have referred the information you
provided to management and will contact you if clarifying or additional
information is needed.
We consider this case closed and will take no further action.
It is time to wake up before it is too late.
No comments:
Post a Comment