Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
Hiatus Could Embolden Moscow
Reports suggesting that the U.S. federal government is going soft on Russia in cyberspace sent shockwaves through the cybersecurity community, fueling concerns over cybersecurity policy under President Donald Trump.
See Also: OnDemand | North Korea’s Secret IT Army and How to Combat It
The nation’s cyber defense agency was forced to publicly reaffirm that its “mission is to defend against all cyber threats to U.S. critical infrastructure, including from Russia” – a stance unchanged despite reports that agency analysts were recently told to stop tracking Russian cyber threats. The statement came after The Guardian reported that cybersecurity analysts at the Cybersecurity and Infrastructure Security Agency were told to stop reporting on Russian threats.
The Record also reported that Defense Secretary Pete Hegseth ordered Cyber Command “to stand down from all planning against Russia” amid negotiations between Russia and the United States to end the war in Ukraine, likely on terms favorable to Moscow. The report came on the same day of a White House clash between U.S. President Donald Trump and Ukraine President Volodymyr Zelenskyy (see: US Eases Off Russia in Cyberspace).
The Pentagon did not respond to requests for comment, and the full impact of Hegseth’s orders remains unclear, with current and former officials saying the move has sparked confusion despite pauses in cyber operations being a common diplomatic tool to pressure adversaries like Russia. An unnamed Pentagon official told Bloomberg that Hegseth has not canceled or delayed cyber operations against malicious Russian targets.
Department of Homeland Security spokesperson Tricia McLaughlin also rejected The Guardian’s report, stating in an email that “The memo referenced in the Guardian’s ‘reporting’ is not from the Trump administration, which is quite inconvenient to the Guardian’s preferred narrative.”
A former NATO official who requested anonymity told Information Security Media Group that, while the current directives likely allow government agencies to continue ongoing operations against Russia, “any indication to the bad guys that they are more likely to get away with their nefarious activities will likely embolden them to take full advantage of the lull.”
“If we take our eyes off of monitoring and opposing these activities, it would effectively give Russia a much broader capability for success,” the former official said.
Resuming computer network attacks and other exploitation efforts after a pause isn’t as simple as flipping a switch, said Trey Ford, CISO of the crowdsourced cybersecurity platform Bugcrowd. “Pausing any operation, by definition, is an interruption to efforts with mountains of energy, investment and human capital flow halted,” Ford said, adding: “Reconnaissance and operational monitoring is a continuous effort.”
Experts have long warned that Russian threat actors could intensify their global disinformation campaigns and cyberattacks on neighboring countries aligning with the European Union should the U.S. back off of the Kremlin in the cyber domain. Attacks on U.S. critical infrastructure could also become increasingly common if federal defenders are ordered to avoid tracking the Russian threat – particularly as agencies like CISA continue to face threats of steep budget cuts and mass layoffs (see: CISA Cuts Expose US Critical Infrastructure to New Threats).