Picture this: A software engineer sitting in his remote office in an Austin suburb, fingers hovering over a keyboard. He has root access to the State of Colorado’s entire cloud infrastructure—the systems that manage everything from state employee records to public safety databases. He’s been here for three years on an H-1B visa, working for a contractor that placed him through what insiders call a “body shop” operation. Last week, he received notice that his visa status is under review. His employer, facing fraud allegations, might not survive the investigation. In sixty days, he could be deported. But today, right now, he still has complete access to systems that serve millions of Americans.

This isn’t a hypothetical scenario. It’s happening across America, in every state, at defense contractors, cloud service providers, and IT staffing firms that manage our most sensitive infrastructure. And almost nobody is talking about it.

The Workforce Nobody Sees

When Americans think about national security threats, they imagine foreign hackers breaking through firewalls or sophisticated nation-state cyber operations. What they don’t see is the army of foreign workers—many here through fraudulent visa schemes—who already have the keys to the kingdom. They don’t need to hack in. They’re already inside, managing the cloud infrastructure for state governments, maintaining systems for defense contractors, and administering the networks that run our military equipment.

The numbers tell a disturbing story. According to data from the U.S. Workers Alliance, H-1B visa fraud rates hover around twenty-one percent. That’s not a rounding error—it’s more than one in five visa holders who may be here under false pretenses. Meanwhile, major IT staffing firms and consulting companies have built entire business models around placing foreign workers in critical infrastructure roles. Companies like Tata Consultancy Services, Infosys, Cognizant, and countless smaller “body shops” have become the invisible workforce managing America’s digital backbone.

In Colorado alone, major contractors managing state cloud infrastructure rely heavily on H-1B workers and foreign nationals. CGI, which holds significant federal and state contracts, including cloud integration services for the U.S. Department of the Interior, exemplifies this model. When state governments outsource their IT operations to save money, they often don’t realize they’re handing the keys to their entire digital infrastructure to a workforce in legal limbo, vulnerable to sudden deportation, and, in some cases, placed through fraudulent schemes.

The Fraud Foundation: Built on Lies

The H-1B visa program was designed to bring specialized talent to America when qualified U.S. workers couldn’t be found. In practice, it has become something far different—a pipeline for cheap labor that systematically displaces American workers while creating a shadow workforce with extraordinary access to sensitive systems.

The fraud isn’t subtle. Federal prosecutors have documented case after case of IT staffing companies engaging in systematic visa fraud. In Houston, consulting companies have admitted to conspiracies involving H-1B visa fraud. In Tracy, California, residents have been convicted on multiple counts of visa fraud. In San Jose, the owners of technology staffing firms have been sentenced to prison for visa fraud schemes. The Department of Labor has recovered millions in stolen wages from companies that violated H-1B requirements.

These aren’t isolated incidents. They represent a systemic pattern of abuse that has created a workforce of vulnerable foreign nationals managing critical American infrastructure. The fraud typically works like this: staffing companies create fake job postings, fabricate client letters, place workers on “the bench” (keeping them idle while paying minimal wages), and shuffle them between projects to maintain visa status. Workers are told to lie about their qualifications, their work locations, and their actual job duties. They’re threatened with deportation if they complain about wage theft or working conditions.

The result is a workforce that exists in constant fear, dependent on employers who have already demonstrated their willingness to break the law, and managing systems that require the highest levels of trust and security clearance.

The Access Problem: Keys to the Kingdom

Understanding the security implications requires understanding what these workers actually do. They’re not just writing code or answering help desk tickets. They’re managing cloud infrastructure with root access. They’re administering Active Directory systems that control access to entire networks. They’re maintaining databases containing sensitive government information. They’re working on defense contracts that give them access to classified systems. They’re managing the infrastructure that runs military equipment and weapons systems.

Consider the typical access levels for cloud infrastructure administrators:

They can create, modify, and delete user accounts across entire systems. They can access databases containing sensitive personal information, financial records, and classified data. They can change security settings and disable monitoring systems. They can exfiltrate massive amounts of data without triggering immediate alarms. They can plant backdoors for future access. They can sabotage systems in ways that might not be discovered for months or years.

This isn’t theoretical. The Department of Defense’s own guidance on insider threats acknowledges that individuals with privileged access pose the most significant risk to critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) has repeatedly warned about insider threats to critical infrastructure, noting that trusted insiders with legitimate access can cause more damage than external attackers.

Yet despite these warnings, the government continues to allow contractors to staff critical infrastructure projects with foreign workers whose visa status is uncertain, whose background checks are minimal, and whose employers have documented histories of fraud.

The Instability Multiplier: When Desperation Meets Access

Here’s where the security threat becomes acute. A worker with stable employment and secure immigration status might be trustworthy. But what happens when that stability evaporates? What happens when visa programs face sudden crackdowns? What happens when employers face fraud investigations? What happens when workers receive deportation notices?

The insider threat literature is clear on this point: financial stress, job insecurity, and personal crises are among the strongest predictors of insider threat behavior. Workers facing deportation experience all three simultaneously. They’re about to lose their jobs, their homes, their children’s schools, and everything they’ve built in America. They’re desperate. And they still have access to the systems.

The Trump administration’s recent moves to crack down on H-1B visa abuse—including proposed fees of $100,000 per visa and increased fraud investigations—are necessary reforms. But they create a dangerous transition period. Thousands of workers who were placed through fraudulent schemes now face the prospect of sudden deportation. Their employers, facing massive fines and criminal prosecution, may collapse overnight. The workers themselves, many of whom were victims of the fraud schemes, find themselves in an impossible situation.

This is the perfect recipe for retaliatory data exfiltration. A worker who knows he’s about to be deported has every incentive to take valuable data with him—either to sell to competitors, to use in his next job overseas, or simply out of anger at the system that exploited and then discarded him. The data he can access might include state government databases, defense contractor intellectual property, healthcare records, financial information, or classified military systems.

And here’s the terrifying part: he doesn’t need to be a spy or a criminal to pose this threat. He needs to be human, desperate, and angry. The security establishment focuses on detecting sophisticated nation-state actors and trained espionage agents. They’re not prepared for the threat posed by thousands of ordinary workers who suddenly find themselves with nothing to lose.

The Perfect Storm: Fraud Plus Access Plus Instability

The convergence of these three factors creates a security nightmare that should keep every CISO and government security official awake at night.

First, you have workers placed through fraudulent schemes. They were recruited by body shops that lied to the government about their qualifications and job duties. They were told to falsify their resumes and lie in visa interviews. They’ve been living in fear of discovery for years. They know their entire presence in America is built on fraud—fraud they may have participated in willingly or been coerced into by unscrupulous employers.

Second, these same workers have extraordinary access to critical infrastructure. They’re not working on isolated systems or non-sensitive projects. They’re managing the cloud infrastructure for state governments. They’re administering networks for defense contractors. They’re maintaining systems that control military equipment. They have root access, administrative privileges, and the ability to exfiltrate massive amounts of sensitive data.

Third, the entire system is now unstable. Visa programs face crackdowns. Employers face fraud investigations. Workers face deportation. The legal and financial foundation that kept this workforce in place is crumbling. And as it crumbles, thousands of workers with access to America’s most sensitive systems are making desperate calculations about their futures.

This isn’t just about individual bad actors. It’s about systemic vulnerability. Even if ninety-nine percent of these workers are honest and would never dream of stealing data or sabotaging systems, the one percent who do pose an enormous threat. And the current system makes it almost impossible to identify who that one percent might be until it’s too late.

The Foreign Influence Factor: Nation-State Opportunities

The security threat becomes even more acute when you consider the activities of foreign intelligence services. China, Russia, and other adversaries have sophisticated operations targeting individuals with access to sensitive U.S. systems. They don’t need to recruit spies or plant agents. They need to identify vulnerable workers who are already inside.

A worker facing deportation is an ideal recruitment target. He’s desperate for money to support his family. He’s angry at the American system that exploited and then discarded him. He has access to valuable data. And he’s about to return to his home country, where foreign intelligence services can approach him with impunity.

The Chinese government has been particularly aggressive in this area. Recent indictments have charged Chinese nationals with state-backed hacking operations targeting U.S. critical infrastructure. The “Salt Typhoon” campaign compromised telecommunications networks. Chinese state-sponsored actors have maintained persistent access to U.S. networks for years. And these are just the operations we know about.

But here’s the thing: these sophisticated hacking operations are expensive and risky. They require significant resources, leave forensic traces, and risk exposure. It’s much easier to approach a desperate H-1B worker who already has access to the systems you want to compromise. Offer him money to copy some databases before he leaves. Promise him a job in his home country if he plants a backdoor. Threaten his family if he refuses to cooperate.

The current system makes this kind of recruitment trivially easy. We’ve created a workforce of vulnerable foreign nationals with access to critical systems, minimal background checks, no continuous monitoring, and no support system when their visa status becomes uncertain. From a foreign intelligence perspective, it’s a target-rich environment.

The State of Colorado Case Study: A Microcosm of National Vulnerability

Let’s return to Colorado, where this threat isn’t theoretical—it’s operational. The state has outsourced significant portions of its IT infrastructure to contractors who rely heavily on H-1B workers and foreign nationals. CGI, one of the major contractors, manages cloud services for multiple government agencies. Other contractors provide IT staffing and support services across the state government.

These workers have access to systems containing:

Personal information for millions of Colorado residents, including Social Security numbers, addresses, and financial data. State employee records, including background checks, security clearances, and personnel files. Public safety databases used by law enforcement agencies. Healthcare information from state-run programs. Financial systems managing billions in state funds. Infrastructure control systems for utilities and transportation.

Now imagine what happens when visa programs face sudden crackdowns. Workers who have been managing these systems for years suddenly face deportation. Their employers, facing fraud investigations, may not survive. The workers themselves, many of whom were victims of the fraud schemes, find themselves desperate and angry.

How many of these workers might decide to copy databases before they leave? How many might plant backdoors for future access? How many might be approached by foreign intelligence services offering money or jobs in exchange for data? How many might sabotage systems out of anger at the system that exploited them?

We don’t know. And that’s the problem. The state has no visibility into this threat. The contractors aren’t required to report changes in visa status or to participate in fraud investigations. There’s no continuous monitoring of workers with privileged access. There’s no plan for what happens when workers face sudden deportation. The entire system operates on trust—trust repeatedly violated by documented fraud.

Colorado isn’t unique. Every state faces similar vulnerabilities. Every state has outsourced critical infrastructure to contractors who rely on H-1B workers. Every state has workers with privileged access whose visa status is uncertain. Every state is vulnerable to the perfect storm of fraud, access, and instability.

Defense Contractors: The Military Dimension

The threat extends beyond state governments to defense contractors managing military systems. The Department of Defense has implemented the Cybersecurity Maturity Model Certification (CMMC) program to protect sensitive defense information. But CMMC focuses primarily on technical controls—firewalls, encryption, and access logs. It doesn’t adequately address the insider threat posed by foreign workers with uncertain visa status.

Defense contractors face the same pressures as other employers. They want to reduce costs. They rely on IT staffing firms to provide workers. Those staffing firms, in turn, rely heavily on H-1B workers. The result is that foreign nationals, many recruited through fraudulent schemes, gain access to defense systems and classified information.

The security clearance process is supposed to prevent this. But security clearances take months or years to obtain. In the meantime, contractors need workers. So they use foreign nationals for unclassified work—work that still involves access to sensitive systems, proprietary technology, and information that could be valuable to foreign adversaries.

Even when security clearances are required, the process has significant gaps. Background checks are point-in-time assessments. They don’t account for changes in circumstances—like sudden visa instability or employer fraud investigations. Continuous monitoring programs exist, but are often inadequate. And the entire system assumes that workers will report security concerns—an assumption that breaks down when workers fear deportation.

The result is that defense contractors managing military equipment, weapons systems, and classified networks rely on a workforce whose loyalty and reliability cannot be assured. When visa programs face crackdowns, these workers face the same desperate calculations as their counterparts in civilian infrastructure. And the data they can access—military technology, weapons specifications, operational plans—is even more valuable to foreign adversaries.

The Policy Failure: A System Designed to Fail

How did we get here? How did America end up with a critical infrastructure workforce built on fraud, managed by contractors with minimal oversight, and vulnerable to sudden collapse?

The answer lies in a series of policy failures that have accumulated over decades.

First, the H-1B visa program itself is fundamentally broken. It was designed to bring specialized talent to America, but has been hijacked by staffing companies using it as a cheap labor pipeline. The fraud rate of twenty-one percent isn’t a bug—it’s a feature of a system that incentivizes fraud and provides minimal enforcement.

Second, government agencies have failed to enforce existing laws. The Department of Labor has documented widespread wage theft and visa violations, but lacks the resources to prosecute more than a tiny fraction of cases. The Department of Homeland Security has identified thousands of fraudulent visa applications, but allows most violators to remain in the country. The result is a system where fraud is rational—the benefits far outweigh the minimal risk of prosecution.

Third, contractor oversight is virtually non-existent. When government agencies outsource IT operations, they rarely ask about the visa status of the workers who will have access to their systems. They don’t require background checks beyond the minimum. They don’t demand continuous monitoring. They don’t have plans for what happens when workers face deportation. They trust that contractors will handle security appropriately—a trust repeatedly violated.

Fourth, the security clearance system is inadequate for the modern threat environment. It was designed for a world in which U.S. citizens performed sensitive work in secure facilities. It hasn’t adapted to a world where critical infrastructure is managed by foreign nationals working remotely, where cloud systems can be accessed from anywhere, and where visa status can change overnight.

Fifth, there’s no coordination between immigration enforcement and security operations. When ICE launches a crackdown on visa fraud, nobody alerts the security teams at the agencies whose systems might be compromised by desperate workers facing deportation. When the Department of Labor investigates wage theft, nobody considers the security implications of workers who have been exploited and might seek revenge. The left hand doesn’t know what the right hand is doing, and critical infrastructure security falls through the gap.

Real-World Implications: What’s at Stake

The consequences of this vulnerability extend far beyond abstract security concerns. Real systems, serving real people, are at risk.

State government systems contain personal information for hundreds of millions of Americans. A single disgruntled worker with database access could exfiltrate Social Security numbers, addresses, financial records, and healthcare information for entire states. This data could be sold on dark web markets, used for identity theft, or weaponized for blackmail and extortion.

Military systems developed by defense contractors include specifications for weapons systems, operational plans, and classified information on capabilities and vulnerabilities. A worker facing deportation could copy this information and sell it to foreign governments, giving adversaries insights into American military technology that could take decades and billions of dollars to develop independently.

Healthcare systems managed by contractors contain medical records, insurance information, and personal health data for millions of Americans. This information is valuable not just for identity theft but for targeted influence operations. Foreign intelligence services could use healthcare data to identify individuals with medical conditions that make them vulnerable to recruitment or blackmail.

Financial systems managed by IT contractors control billions of dollars in transactions. A worker with access to these systems could manipulate transactions, steal funds, or sabotage the systems to create chaos. The 2008 financial crisis demonstrated how quickly financial system failures can cascade into broader economic disasters.

Infrastructure control systems for utilities, transportation, and communications are increasingly managed through cloud platforms administered by contractors. A worker with access to these systems could potentially disrupt power grids, transportation networks, or communications infrastructure. These aren’t hypothetical scenarios—they’re capabilities that exist today in the hands of workers whose visa status is uncertain.

The Human Element: Workers as Victims and Threats

It’s essential to recognize that many of the workers in this system are themselves victims. They were recruited by unscrupulous staffing companies that promised them the American dream. They were told to lie on their visa applications and falsify their qualifications. They were paid below-market wages and threatened with deportation if they complained. They’ve lived in fear for years, knowing that their entire presence in America is built on fraud.

These workers aren’t criminals or spies. They’re ordinary people trying to build better lives for themselves and their families. They took jobs they were offered, signed contracts they were given, and did the work they were assigned. Many of them didn’t fully understand the fraud they were participating in until it was too late.

But victimhood doesn’t eliminate the security threat. A desperate victim with access to sensitive systems is still a security risk. A worker who has been exploited and faces deportation is still capable of retaliatory data exfiltration. Understanding the human dimension of this problem is vital for crafting solutions, but it doesn’t change the fundamental security calculus.

The current system creates a lose-lose situation. Workers are exploited and live in fear. American workers are displaced by cheaper foreign labor. Government agencies and contractors get unreliable security. And the American people are left vulnerable to data breaches, system sabotage, and foreign espionage.

Solutions: A Path Forward

Addressing this threat requires comprehensive reform across multiple dimensions.

First, immediate security measures must be implemented for critical infrastructure. Any worker with privileged access to sensitive systems should undergo continuous monitoring, not just point-in-time background checks. Visa status should be tracked in real-time, with automatic alerts when workers face deportation or their employers face fraud investigations. Access should be immediately revoked when visa status becomes uncertain. And there should be mandatory transition plans for when workers leave, ensuring that access is terminated and systems are secured.

Second, the H-1B visa program needs fundamental reform. The fraud rate of twenty-one percent is unacceptable. Enforcement must be dramatically increased, with mandatory prison sentences for visa fraud and immediate deportation for workers placed through fraudulent schemes. But enforcement alone isn’t enough—the program itself must be restructured to eliminate the incentives for fraud. This means higher wages for H-1B workers (eliminating the cheap-labor incentive), direct hiring rather than staffing company placement (eliminating the body-shop model), and portable visas that aren’t tied to specific employers (eliminating the coercive power that makes workers vulnerable).

Third, contractor oversight must be strengthened. Government agencies that outsource IT operations should be required to know who has access to their systems, what their visa status is, and what happens when that status changes. Contractors should be required to report changes in visa status, fraud investigations, and any circumstances that might affect a worker’s reliability. And there should be financial penalties for contractors who fail to maintain adequate security.

Fourth, the security clearance system must be modernized for the cloud era. Point-in-time background checks are insufficient when circumstances can change overnight. Continuous vetting programs should be expanded to cover all workers with privileged access to critical systems, not just those with formal security clearances. And there should be better coordination between immigration enforcement and security operations, ensuring that security teams are alerted when workers face visa uncertainty.

Fifth, there must be a path forward for workers who were victims of fraud schemes. Many of these workers were recruited through deceptive practices and didn’t fully understand the fraud they were participating in. Simply deporting them all creates the maximum security risk—thousands of desperate workers with access to sensitive systems and nothing to lose. Instead, there should be a process for workers to come forward, report the fraud they experienced, and potentially obtain legal status in exchange for cooperation. This reduces the security threat while also providing justice for workers who were exploited.

Sixth, American workers must be protected and prioritized. The displacement of American workers by cheaper foreign labor isn’t just an economic issue—it’s a security issue. American workers with stable employment and no visa uncertainty pose far less security risk than foreign workers in legal limbo. Reforms should include more vigorous enforcement of the requirement to recruit American workers first, higher wages for H-1B positions (eliminating the cost advantage), and support for American workers to develop the skills needed for critical infrastructure roles.

The Urgency of Action

This isn’t a problem we can afford to ignore or defer. Every day that passes, thousands of workers with uncertain visa status maintain access to America’s most critical systems. Every day, more fraud is committed, more workers are placed in vulnerable positions, and more security risks accumulate. Every day, foreign intelligence services have opportunities to recruit desperate workers with access to sensitive data.

The recent moves to crack down on H-1B visa abuse are necessary and overdue. But they must be accompanied by immediate security measures to address the transition period. We cannot simply deport thousands of workers with access to critical systems without first securing those systems and ensuring that access is terminated correctly.

The stakes are enormous. We’re talking about the security of state government systems serving hundreds of millions of Americans. We’re talking about defense contractors managing military equipment and weapons systems. We’re talking about healthcare data, financial systems, and infrastructure control systems. We’re talking about the digital backbone of American society.

The current system is a time bomb. It’s built on fraud, managed by contractors with minimal oversight, and vulnerable to sudden collapse. The question isn’t whether this vulnerability will be exploited—it’s when, and how much damage will be done before we act.

Conclusion: Protecting Workers and National Security

The intersection of immigration policy and national security creates complex challenges that don’t have simple solutions. But the current situation is untenable. We cannot continue to build our critical infrastructure on a foundation of fraud, exploitation, and legal uncertainty.

The path forward requires recognizing that protecting American workers and protecting national security are not competing goals—they’re complementary. A workforce of American citizens with stable employment and no visa uncertainty is inherently more secure than a workforce of foreign nationals in legal limbo. Reforms that prioritize American workers also enhance security.

Similarly, protecting foreign workers from exploitation isn’t just a matter of justice—it’s a security imperative. Workers who are treated fairly, appropriately paid, and have stable legal status are far less likely to pose security threats than workers who are exploited, underpaid, and face deportation.

The reforms outlined above would create a system that is more secure, more just, and more sustainable. They would protect American workers from displacement, foreign workers from exploitation, and critical infrastructure from the insider threats created by the current broken system.

But reform requires political will. It requires acknowledging that the current system has failed. It requires standing up to powerful corporate interests that profit from cheap foreign labor. It requires coordination across multiple government agencies that currently operate in silos. And it requires acting with urgency, before the time bomb explodes.

The invisible workforce managing America’s critical infrastructure won’t remain invisible forever. The question is whether we’ll address this vulnerability proactively through comprehensive reform or reactively after a catastrophic breach forces us to confront the consequences of our policy failures.

The choice is ours. But the clock is ticking.

---

Randell S. Hynes is a 33-year technology veteran, U.S. Army Veteran, senior, and founder of the U.S. Workers Alliance. After being laid off at 63 and forced to train his foreign replacement, he has dedicated himself to exposing the exploitation of American workers while advocating for reforms that protect coworkers’ rights to negotiate with their employers without fear of retaliation.