The US has seemingly suspended cyber operations and planning against Russia, the one country that consistently attacks American institutions and companies in the cyber realm.
Senior US officials have already confirmed that Washington has indeed suspended operations and planning for cyber operations against Russia.
First, Defense Secretary Pete Hegseth ordered the US Cyber Command to shut down ops targeting Russia. Then, according to The Guardian, officials from the Cybersecurity and Infrastructure Security Agency (CISA) were “verbally” told to stop working on anything Russia-related.
To be fair, it's not clear how broad the directives – allegedly issued a fortnight ago – are or whether they’re meant to be followed permanently or temporarily. For instance, CISA said Sunday night on X that “there has been no change in our posture,” which is to defend the country against all cyber threats.
CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.
undefined Cybersecurity and Infrastructure Security Agency (@CISAgov) March 3, 2025
But to many experts, both orders are a cause for major concern. They see yet another sign that the US is no longer characterizing Russia as a cybersecurity threat.
On the other hand, this might be no capitulation at all. The US might be simply pretending to be nice to Moscow because, right now, both countries – at least in public – are trying to find a way to end the war in Ukraine.
Derailing negotiations – assuming they’re real, anyway – wouldn’t be smart, indeed. But observers also say it would be naive for the Donald Trump administration to assume that Vladimir Putin would reciprocate and halt all Russian cyber ops, too.
In this kingdom of crooked mirrors, the US might be attempting to show Russia that they’re friendly, and Russia could respond with similar semi-public assurances. But the real battle would be continuing behind the facade.
The Record was the first outlet to report the orders regarding cyber operations against Russia last Friday.
What does it all mean?
Some experts think the aforementioned scenario is actually unlikely – in the context of Trump warming up to Putin in almost all of his public remarks, they say it’s very likely that the US is no longer characterizing Russia as a cyber threat.
Seeking to help broker the end of Russia’s war on Ukraine and to normalize the bilateral relationship between the two nuclear states, America has been dangling all sorts of carrots to Moscow lately. Halting cyber ops might be one of them.
Plus, Washington has also been signaling quite clearly that the new administration’s priorities, including the cyber ones, simply lie elsewhere. The Record rightly points out that the US Cyber Command has lately been trying to assemble staff for targeting Mexican drug cartels.
But the risks are enormous, experts say. The pause might make the US more vulnerable to cyberattacks from Moscow, which has a formidable capability to disrupt US critical infrastructure with the help of state-sponsored hacking groups.
Seeking to help broker the end of Russia’s war on Ukraine and to normalize the bilateral relationship between the two nuclear states, America has been dangling all sorts of carrots to Moscow lately.
One of those is, of course, LockBit, the Russia-based ransomware group. Over the past couple of years, LockBit’s ransomware attacks on US hospitals, infrastructure, and cities have ramped up, but the US has successfully targeted the gang. Will these operations against Russia-related ransomware actors now end?
Moreover, if the planning of the operations against Russia was also halted, that would mean months of setbacks because organizing cyber operations takes time and research to carry out.
Russia already sees itself as having an asymmetric advantage against the US in cyberspace as it can dig deep into US critical infrastructure and try to influence American elections, according to CNN.
This would especially hurt the US as well as Ukraine. US Cyber Command’s Russian operations have helped Kyiv bolster its cyber defenses against Russian espionage and cyber sabotage operations.
“This is extending unprecedented levels of trust to Russia, given Russia's track record of keeping their promises,” said Aras Nazarovas, an information security researcher at Cybernews.
“It would ultimately be harder for CISA and private companies to gain intelligence into current offensive operations originating from Russia, detect, and react to them in a timely manner. This may lead to an increase in high-profile data breaches and compromise infrastructure.”
Trump authorized offensive ops in 2018
Former National Security Agency (NSA) hacker Jake Williams also pointed out that canceling cyber ops targeting Russia will also lead to fewer instances where the US calls out or attributes major cyber incidents to the Russian government.
“Telegraphing who we are and aren't tracking cyber threats from doesn't benefit the US in any way. This offers threat actors the opportunity to hide with false flag operations, creates huge logistical problems with threat intelligence, and will create distrust with all cyber attribution,” Williams wrote on LinkedIn.
The irony, Asha Rangappa, lawyer, former FBI agent, and senior lecturer at Yale University's Jackson Institute for Global Affairs says, is that Trump himself authorized offensive cyber operations against Russia back in 2018.
Hegseth has ordered the Pentagon to STOP offensive cyber operations against Russia. This is insane. Russia is actively targeting the U.S., and the ability to conduct offensive operations (which was authorized by Trump in 2018!*) was at least one deterrent. Not anymore www.nytimes.com/2025/03/02/u...
undefined Asha Rangappa (@asharangappa.bsky.social) March 2, 2025 at 10:06 PM
[image or embed]
Indeed, Trump gave Cyber Command new authorities in his first term to conduct offensive cyberoperations without direct presidential approval in a classified document known as National Security Presidential Memorandum 13.
Brian Krebs, an independent investigative journalist focusing on cybercrime, has also pointed out that Russian ransomware groups don’t attack countries that are friendly to the Kremlin – and the US seems to be one of them right now.
That means that Russian threat actors could indeed double down on their efforts to sow chaos in the European Union, firmly supportive of Ukraine.
The US has until now been helping European nations to fight back but that partnership is now in jeopardy. Jean-Noel Barrot, the French foreign affairs minister, has already voiced his confusion over reports about Hegseth’s order.
“If we were serious about pushing Moscow to make any concessions in a cessation to its aggression in Ukraine, we would INCREASE by 10x or more the offensive actions against cybercrime operations that are Russian state-sponsored or state-tolerated,” Krebs also said.
The analyst is worried that because of the orders to scale back cyber ops against Russia, American allies might decide to cut out the US from intelligence sharing agreements: “Anyone with intel training 101 will conclude that the US cannot be a trusted intel sharing partner anymore.”
Capabilities still there
It’s highly doubtful that all this might be a fuss about nothing, of course – the experts are too serious to not take their concerns seriously. But the picture painted might be too dark, some officials also say.
Retired Lt. Gen. Charlie “Tuna” Moore, former deputy commander of US Cyber Command, told The Washington Post that it wasn’t unusual for one country to stop operations that could be deemed hostile during talks with another country, the presumed target of such operations.
“It’s fairly common to pause anything that could potentially derail the talks,” said Moore, while another official pointed out that the pause is meant to last only as long as negotiations continue.
Besides, it’s not like espionage efforts are stopping altogether. The NSA, America’s electronic surveillance agency, will still be conducting such operations – for the US, whoever’s in charge, it’s still important to know if the other side is lying or not.
“The way I understand it, the US would still be able to hack the Russian government for cyber espionage but would abstain from hacking infrastructure for the purpose of prepositioning backdoors to conduct destructive cyber attacks in a future conflict, much like Volt Typhoon is assessed to do to US infrastructure,” said Mattias Wåhlén, a threat intelligence expert at Truesec.
That could indeed mean that the Trump administration was stopping offensive cyber operations and focusing on protecting the US government first and foremost. According to Wåhlén, the administration might simply want to stop publicly blaming Russian actors for attacks.
Finally, a Republican member of the House, Mike Turner, has, in fact, disputed the reporting by The Record. Known as one of the most hawkish right-wingers in Congress, he told CBS News he was perfectly aware of what Russia was currently doing against the US.
CBS News has confirmed Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to temporarily halt cyber operations and planning against Russia. Rep. Mike Turner disputes the reporting, telling @margbrennan: undefinedConsidering what I know what Russia is currently doing against… pic.twitter.com/dtOAfECFtF
undefined Face The Nation (@FaceTheNation) March 2, 2025
On the other hand, Turner was removed as chair of the House Intelligence Committee by Speaker of the House Mike Johnson in mid-January, ahead of Trump's second presidential term. This may mean Turner doesn’t really know what’s going on.
Turner himself said that Johnson cited “concerns from Mar-a-Lago,” Trump’s resort in Florida, when removing him.
Your email address will not be published. Required fields are markedmarked