Egg on Microsoft's Face: Pentagon Pokes Holes in China Cloud Practices

This is your US-China CyberPulse: Defense Updates podcast.

Listeners, Ting here—your favorite cyber detective, slicing through the smog of hype and hacks to bring you the CyberPulse you crave. Forget what you heard on the rumor wires; this week in U.S.-China cyber, reality’s way stranger than phishing emails from your “bank manager.”

Let’s start with Microsoft, whose recent dance with the Defense Department has left more egg on faces than a Beijing street breakfast. ProPublica just dropped the scoop that Microsoft neglected to tell Pentagon officials key details about using engineers based in China—the U.S.’s “most active and persistent” cyber adversary—for support on military cloud systems. Even worse, that practice involved so-called digital escorts: U.S.-cleared personnel supervised these overseas engineers while they poked around DoD cloud infrastructure. John Sherman, the former defense CIO, called the whole thing “crazy”—and I gotta agree. After this digital circus came to light, Microsoft claims it finally stopped using China-based workers on Pentagon contracts. Maybe next time we ask the perfect questions, right?

Now, for the private sector hustle. Microsoft hasn’t just been tap dancing for the feds; it also slammed the doors on Chinese firms’ early access to vulnerability notifications after suspicions surfaced that Chinese MAPP—Microsoft Active Protections Program—partners might have been the leak behind a series of hacks, including one nuking the National Nuclear Security Administration. Dakota Cary of SentinelOne dubbed this a “fantastic change,” and I’m with Dakota. If your partner might be moonlighting as a backdoor artist for Beijing, maybe keep the zero-days to yourself.

On the government policy front, Washington is flexing everything it has—CFIUS, or the Committee on Foreign Investment in the United States, just released their 2024 report. They’re hyper-focused on blocking Chinese investments that might give Beijing the keys to the next-gen AI, space comms, and biotech vaults. But CFIUS reviews are still described as a “black box.” Congress is screaming for transparency, but don’t hold your breath; as it stands, the only thing more opaque might be my grandma’s firewall settings.

Meanwhile, the infrastructure showdown heats up. The FCC just rolled out new submarine cable rules, requiring applicants to certify both physical and cyber security. Adam Chan from the FCC is making it crystal clear: limiting Chinese influence on U.S.-linked undersea cables isn’t a suggestion; it’s the new reality. With cables being literal arteries for AI and financial data, plugging up vulnerabilities is national security, not paranoia.

Tech-wise, U.S. allies are charging ahead with critical infrastructure hardening and smarter AI-driven threat detection, a move the Hudson Institute says is way overdue. Washington’s pushing for deeper coordination—think Five Eyes on Red Alert, plus expanded NATO cyber war games.

And on the global chessboard, China’s busy forging alliances—see their latest CELAC pact in Latin America—while the U.S. tries to keep the global South on Team Blue. Everywhere you look, the cyber frontlines are morphing, alliances are shifting, and only the paranoid will survive.

Whew, that’s your CyberPulse download. Thanks for tuning in, listeners! Don’t forget to subscribe and catch more behind-the-firewall intrigue. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta