Comment America’s cybersecurity chiefs in recent days have been sending mixed messages about the threat posed by Russia in the digital world.
On Friday, reports emerged that Defense Secretary Pete Hegseth ordered US Cyber Command – the part of the military that among other things launches cyber-attacks against adversaries – to pause offensive operations against Russia.
This comes just weeks after security analysts sounded the alarm on Sandworm stealing credentials and data from American organizations. Sandworm is the operations wing of Russia’s Military Intelligence Unit 74455, part of the GRU, that has been blamed for waging cyberwarfare against America’s critical infrastructure.
We highly doubt that particular crew or any other Kremlin goons are going to stop their phishing and espionage campaigns against the States nor other digital intrusions into US networks, not to mention the ransomware crews bleeding hospitals and other victims dry.
The reported retreat by the Pentagon marks a major about-face in American operations against Russia, as America’s military has not only conducted these in the past against President Putin’s regime, but then even spoken publicly about them and how they were used to support Ukraine in its response to Russia’s devastating invasion.
“We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,” former US Cyber Command chief General Paul Nakasone said in 2022.
After the cyber-offensive stand-down is said to have been issued, on Sunday the US govt’s Cybersecurity and Infrastructure Security Agency (CISA) proclaimed on state media “there has been no change in our posture” nor to its “mission is to defend against all cyber threats to US critical infrastructure, including from Russia.”
Treating Russia like an ally on cybersecurity would be a grave mistake that could very well cost American lives
This missive was shared after The Guardian reported that a CISA memo did not mention Russia at all and instead said defending against attacks from China and Iran should be a top priority. The newspaper also cited anonymous sources saying that analysts at the agency were told not to follow or report on Russian threats.
CISA, which is the lead agency tasked with protecting American critical infrastructure from cyberthreats, is overseen by the US Department of Homeland Security, and is separate from the Pentagon and Cyber Command. The agency declined to answer The Register‘s specific questions about Russian cyberthreats, though did address the paper’s story via email – by saying it was wrong.
“The memo referenced in the Guardian’s ‘reporting’ is not from the Trump administration, which is quite inconvenient to the Guardian’s preferred narrative,” Homeland Security spokesperson Tricia McLaughlin said.
McLaughlin also repeated the social media post: “CISA remains committed to addressing all cyber threats to US critical infrastructure, including from Russia. There has been no change in our posture or priority on this front.”
There are fewer CISA employees charged with implementing this cybersecurity posture, however. Homeland Security previously confirmed to The Register that about 130 of CISA’s around 3,000 employees were axed in the ongoing federal worker job cuts.
Putin mouthpiece: US actions ‘largely align with our vision’
The actions coming from the White House, however, do seem to indicate a fall back from pursuing any action against Russia, cyber or otherwise, which has long been considered a top digital threat to America and other Western nations.
Over the past few weeks Trump has repeatedly cozied up to Russian President Vladimir Putin, siding with Moscow in United Nations votes on the third anniversary of the Ukraine invasion, falsely blaming Ukraine for starting the war, and labeling Ukrainian President Volodymyr Zelensky a dictator for not holding elections during wartime.
Trump has been pushing for a peace agreement between Russia and Ukraine, to end the killing and destruction, though largely by giving Putin virtually everything he wants and without much or any consultation with Zelensky, who said Trump was living in a “disinformation space” filled with Russian propaganda. US Secretary of State Marco Rubio and other American officials traveled to Saudi Arabia in February to discuss the future of Ukraine exclusively with Russia.
Then there was the now-infamous Oval Office meeting on Friday between Trump, Zelensky, and US Vice President JD Vance that spiraled into a shouting match, with the two American leaders berating their Ukrainian counterpart on live TV to the world.
We also note President Trump just paused all further military aid to Ukraine. The commander-in-chief has made it clear he wants the conflict to end, with no more help to Ukraine, and that Europe and the UK need to step up and step in to fill in the gaps and details for ensuring future peace.
The message seems clear to us: Russia is all right and doesn’t deserve to be treated as the bad guy quite as much anymore, Ukraine needs to give in and get over it, and Europe and the Brits are expected to take over policing the region from the United States. The pivot toward treating the authoritarian regime of Russia on friendlier terms, smashing decades of foreign policy, is obvious.
While America’s traditional allies have been left scratching their heads, to put it mildly, and that the alliances of old are all but over – as if Vance’s blistering speech in Germany didn’t drop enough hints – the Kremlin praised the sudden shift in US policy.
“This largely aligns with our vision,” Putin spokesman Dmitry Peskov told state media.
Who to believe?
All of this calls into question how serious of a cyberthreat the US government actually considers Russia to be, or how much it really cares about whatever Russia gets up to, as the commander-in-chief’s words and actions contradict those coming from CISA and Homeland Security.
“There is no doubt at all that Russia has consistently worked to undermine America’s security and harm our people in every possible arena, particularly when it comes to cybersecurity,” US Senator Ron Wyden (D-Oregon) told The Register on Monday.
“Treating Russia like an ally on cybersecurity would be a grave mistake that could very well cost American lives.”
Russia has consistently worked to undermine America’s security and harm our people in every possible arena
The Pentagon declined to answer The Register‘s specific questions about the scope of the reported offensive cyber-ops pause when it comes to Russia and what this means for its hunt-forward teams.
These cyber-soldiers work with their counterparts in other countries to hunt for foreign agents menacing computer networks and identify vulnerabilities to address. In exchange, US Cyber Command gets to put sensors on these nations’ networks, which gives the American military better visibility of digital threats beyond its border. Previous hunt-forward missions have been deployed to Ukraine, Estonia, and Lithuania, presumably to hunt for Russian cyber-crews.
The Department of Defense did send us this statement: “Due to operational security concerns, we do not comment nor discuss cyber intelligence, plans, or operations … There is no greater priority to Secretary Hegseth than the safety of the warfighter in all operations, to include the cyber domain.”
‘Dark days’ ahead
Deprioritizing Russia as a cyber threat should give anyone who cares about cybersecurity and national security pause, according to some infosec analysts.
“These are dark days,” Tom Kellermann, global fellow for cyber policy at the Wilson Center, told The Register.
“Americans have been pillaged and spied on by Russian cybercrime cartels for decades and only recently did the past administration fight back. This mandate makes zero sense and undermines both economic and national security.”
Americans have been spied on by Russian cybercrime cartels for decades and only recently did the past administration fight back
Kellermann also pointed to the February prisoner swap when the US sent Russian cybercriminal Alexander Vinnik back to Moscow in exchange for American school teacher Marc Fogel.
An earlier prisoner exchange with Putin in August sent at least two Russian cybercriminals back to the motherland.
“The recent prisoner exchanges underscored the Russian priorities — all prolific cyber criminals,” Kellermann said, noting this is “why the majority of the darkweb economy funnels into Russia.”
What could possibly go wrong?
Deepwatch exec Chris Gray told The Register there are two areas of concern that could arise from the Cyber Command order: “Increases in global cyberthreats and a lack of shared confidence in the United States’ reliance as a defensive partner.”
Gray previously served as a US Army captain and now works as VP, field CTO at the managed security operations provider.
“First, let’s take this at face value: The US is no longer considering Russia to be a relevant cyberthreat,” Gray said. “This would be a very large concern.”
Russia has repeatedly shown it has little respect for other nation’s boundaries “and is very willing to use the cyber platform as a relevant weapon of conflict to include influencing public opinion and global business,” he added. “If we take our eyes off of monitoring and opposing these activities, it would effectively give Russia a much broader capability for success.”
There’s also the possibility that the Feds have a cunning ruse in mind, and saying they are moving away from targeting Russia without changing any cyber operations.
“In this case, the effect on us is minor, comparatively speaking, but the loss of confidence globally from less capable nations could be significant,” Gray noted. “The willingness to trust and share critical information might also be degraded given the appearance of the United States’ withdrawal.”
The loss of confidence globally from less capable nations could be significant
Continuing along this spectrum, there’s also the possibility that America is focusing less on Russia to shift cyber resources to other threats.
“The current administration is heavily focused on issues closer to home, including Mexican cartels, the drug trade in general, and other border issues,” Gray said. “In this situation, we would still be affected regarding our nation’s ability to respond to Russian activities, but our visibility and ability to react to these other threats would increase.”
Remember SolarWinds?
One area that would likely suffer in this scenario is supply-chain security, especially considering the global nature of the supply chain — remember the SolarWinds fiasco?
“If the United States does cease operations and intelligence sharing regarding Russia, the opportunity for such attacks to succeed does indeed increase,” Gray said.
“This is a bit of a mutually assured destruction scenario if taken too far, however,” he added. “Significant impediments here would result in global economic impacts that would likely result in an increase in cyber scrutiny and offensive operations.” ®