It’d be smart to wait and find out what the scope of the Pentagon’s order to stop any cyber operations against Russia actually is, cyber pros are telling Cybernews. To some, the decision seems short-sighted but others are sure private cybersecurity firms will pick up the tab.
Senior US officials confirmed this week that Pete Hegseth, the US Defense Secretary, has ordered a halt to American cyber operations against Russia a couple of weeks ago – just when the US President Donald Trump announced he was beginning to talk to Moscow about the possible end of war in Ukraine.
The new guidance affects operations by US Cyber Command, a division of the Department of Defense. The Guardian also said that officials at the Cybersecurity and Infrastructure Agency (CISA) were “verbally” ordered to no longer report on Russian threats.
CISA – which is part of the Department of Homeland Security and is responsible for protecting local American systems – has since denied there was any change in its posture.
CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.
undefined Cybersecurity and Infrastructure Security Agency (@CISAgov) March 3, 2025
But the offensive hacking operations have apparently been stopped. Cyber pros who spoke to Cybernews are cautious, though. Some think the decision is an obvious mistake but others are willing to wait and even ridicule the overly alarmist headlines in the media.
Not worth panicking over
On the face of it, it’s pretty bizarre. Only a year ago, the US intelligence community warned that Russia’s Foreign Intelligence Service continues to target US government agencies and critical infrastructure with the help of cyberattacks – cheaper than kinetic warfare, obviously.
But the government has since changed, of course. So while Russia-related hacking groups and ransomware gangs keep attacking targets in the US, Washington is now attempting to normalize relations with Moscow.
The opposition isn’t happy. For instance, Chuck Schumer, the Senate’s Democratic minority leader, called the reported move “a critical strategic mistake.”
Donald Trump is so desperate to earn the affection of a thug like Vladimir Putin he appears to be giving him a free pass as Russia continues to launch cyber operations and ransomware attacks against critical American infrastructure, threatening our economic and national security.…
undefined Chuck Schumer (@SenSchumer) March 2, 2025
However, some professionals in the cybersecurity industry say there’s not much to be so panicky about because, at worst, the ordered pause in arranging cyber ops against Russia is a gambit to get the Kremlin to negotiate over Ukraine.
“It seems like a 'token of faith move' to me for negotiations. I would think that it’s meant to demonstrate some method of deescalation, ahead of a Ukraine agreement. These kinds of things are typical for nation state negotiations,” Lawrence Pingree, a cybersecurity veteran and vice president at Dispersive, a tech company.
To Pingree, the reaction is over the top because the decision doesn’t apply to espionage operations conducted by the National Security Agency (NSA), America’s electronic surveillance agency. Plus, the pause is temporary, with the US hoping for the Russians to reciprocate.
“The headlines are skewed towards the paranoid. But these types of directives can change at any time, and do,” said Pingree.
Rob Hughes, the chief information security officer at RSA, an American computer and network security company, points out that it’s still unclear what motivated the order.
“The headlines are skewed towards the paranoid. But these types of directives can change at any time, and do,”
Lawrence Pingree.
“The best possible outcome of this would be that minimizing US pressure would in turn minimize counterattacks and reduce hostilities overall,” Hughes told Cybernews.
Does the US understand how Russia operates?
On the other hand, “a worse outcome would be that this move weakens America’s stance against Russian threat groups,” Hughes added and said he was a pessimist in this regard.
He pointed out that roughly a fifth of all advanced persistent threat (APT) groups listed on Mitre’s ATT&CK framework, a comprehensive matrix of tactics and techniques used by cyber adversaries, are suspected to have Russian involvement.
They include the Russia-linked APT29 cyberespionage group, also known as Cozy Bear, that launched the SolarWinds breach in 2020, still considered to be one of the most sophisticated hacking attacks ever.
“If the US is pulling back on cyberoffensive operations targeting Russia, then that will likely give those groups more openings to focus on attacks. I expect more attacks and greater risks as a result of this policy. Cybersecurity leaders should prepare,” said Hughes.
The new guidance – even if temporarily applied – could also significantly hamper Cyber Command’s hunt forward operations, a major focus of the military unit, particularly involving Russia and its war in Ukraine.
According to Kurtis Minder, the CEO and lead ransomware negotiator at GroupSense, a US cyber intelligence company, the decision to halt cyber warfare against Russia may be related to an inability to understand Russia’s “methodologies.”
“Russia has long had a history of combining their cyber warfare underneath a larger war effort. They sometimes refer to this strategy as a soft power combined with a hard power,” said Minder.
“The hard power is the military component, and the soft power is the misinformation campaigns and passive aggressive cyber efforts such as ransomware attacks, business email compromise attacks, and other campaigns that are used as a diversified cyberattack strategy.”
Minder suggests that “this approach is perhaps much broader than the US military would look at in terms of a typical cyber warfare campaign.”
That’s perhaps why Ben Colan, co-founder and CEO of Reality Defender and a former cybersecurity lead at Goldman Sachs, thinks that the private sector might have to take over the initiative from the federal government.
“American resilience in the face of evolving threats remains our greatest strength, and America's private sector stands ready to support our national security interests with cutting-edge detection capabilities,” Colman told Cybernews.
Your email address will not be published. Required fields are markedmarked