The Trump administration has ordered a halt to offensive cyber operations against Russia while simultaneously dismantling key components of the nation's cybersecurity infrastructure in a dramatic realignment of national security priorities. These moves come as Trump seeks to “reset” relations with Russian President Vladimir Putin and says he wants to broker an end to the war in Ukraine.

According to exclusive reporting by The Record, Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to cease offensive cyber operations targeting Russia. Concurrently, staffers at the Cybersecurity and Infrastructure Security Agency (CISA) have reportedly been directed to shift focus away from Russian threats, marking a significant reversal in America's cyber defense posture.

These developments represent the latest in a series of actions that have troubled cybersecurity professionals both inside and outside government.

Since January, the administration has terminated approximately 130 CISA employees, placed election security specialists on administrative leave, and reorganized the agency's priorities in ways that appear to diminish its ability to counter foreign cyber threats.

How to secure Google Workspace

Google Workspace is the backbone of modern business communication and collaboration, but its critical role makes it a prime target for cyberattacks.

Despite being the first and last platform employees use, Google’s native security often falls short—lacking advanced threat intelligence, robust data loss prevention, flexible administrative controls, and effective incident response. These gaps leave companies exposed to phishing, malware, insider threats, and cross-platform vulnerabilities.

Material Security fills these critical voids by offering a unified, multi-layered detection and response toolkit for Google Workspace and Microsoft 365. By integrating enhanced email security, data governance, and comprehensive posture management, Material Security ensures your organization’s most important assets are protected from evolving cyber threats.

Boost your cybersecurity strategy with Material Security—the advanced solution designed to secure your digital workplace from every angle.

Learn More

Hacking, but Legal is a Member and Sponsor supported publication.

The Order to Stand Down

On March 1, 2025, The Washington Post reported that Secretary Hegseth had ordered U.S. Cyber Command to "halt offensive cyber and information operations against Russia as President Donald Trump seeks to end President Vladimir Putin's war in Ukraine on terms that are widely seen as favoring Moscow."

According to current and former officials who spoke to the Post on condition of anonymity, the pause is intended to last only as long as negotiations continue. However, cybersecurity experts expressed concern that even a temporary cessation undermines the U.S. strategy of "persistent engagement" with adversaries in cyberspace.

"What's the risk of stopping? You lose track of your adversary," a former senior defense official told the Washington Post. "If the pause is for days or weeks, it's not so serious; if it's for months or permanent—that's serious."

The cyber operations being halted are not aggressive enough to be considered acts of war. They typically include activities such as exposing or disabling malware in Russian networks before it can be used against the United States, blocking Russian hackers from servers they might use for their own operations, or disrupting sites promoting anti-U.S. propaganda.

CISA Under Pressure

Parallel to the operational pause at Cyber Command, reports emerged suggesting that CISA—the Department of Homeland Security's cyber arm—was also being directed to de-emphasize Russian threats.

The Guardian reported that CISA had received new directives that omitted Russia as a threat to monitor, focusing instead on China and the protection of local systems. An anonymous source told the publication that agency analysts were verbally instructed to stop following or reporting on Russian threats, and that a "Russian-related" project had been "nixed."

"Russia and China are our biggest adversaries. With all the cuts being made to different agencies, a lot of cybersecurity personnel have been fired. Our systems are not going to be protected and our adversaries know this," the source said, adding ominously: "People are saying Russia is winning. Putin is on the inside now."

CISA pushed back on these characterizations. On March 3, 2025, the agency posted on social media: "CISA remains committed to addressing all cyber threats to U.S. critical infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security."

Department of Homeland Security spokesperson Tricia McLaughlin similarly disputed the reporting, telling The Washington Post: "CISA remains committed to addressing all cyberthreats to U.S. critical infrastructure, including from Russia. There has been no change in our posture or priority on this front."

A Pattern of Dismantling

The reported shift in focus regarding Russia follows a larger pattern of reorganization at CISA that began shortly after Trump took office in January.

On February 7, Politico reported that "roughly half a dozen employees from the Cybersecurity and Infrastructure Security Agency who once worked in its Election Security and Resilience division were notified Thursday night they were being put on administrative leave." The affected employees had previously worked to combat election-related disinformation from foreign sources like Russia, China, and Iran.

By February 10, the Associated Press reported that 17 CISA employees who had worked with state and local election officials on security assessments and training had been placed on administrative leave pending a review. Ten of those employees were regional election security specialists who had been hired as part of an effort to expand field staff ahead of the 2024 election.

These specialists—all former state or local election officials—had spent the previous year building relationships with election administrators across the country, ensuring they were aware of CISA's cybersecurity and physical security services.

"The most value that we've got from CISA has been the people that they have on the ground in our state that build direct relationships, not just with us but with the individual county clerks," Kentucky Secretary of State Michael Adams, a Republican, told the AP in an interview in late January. "They're teaching them and helping them check their physical security and their cyber hygiene, and that's been extremely popular."

By late February, reports indicated that CISA had laid off approximately 130 employees, including those hired under the Cybersecurity Talent Management System, a program designed to attract top technical talent from the private sector with competitive salaries.

The Russian Threat Context

The apparent de-emphasis of Russian cyber threats comes at a time when Russia continues to be identified as one of the most active and dangerous cyber adversaries facing the United States.

For more than a decade, the Office of the Director of National Intelligence, newly led by Tulsi Gabbard, has consistently named Russia as a major cyberthreat. Russian hackers regularly engage in espionage, deploy state-sanctioned ransomware, and seek to embed themselves in critical infrastructure across American networks.

"Russia continues to be among the top cyberthreats to the United States," James A. Lewis, a former diplomat in the Clinton administration and former U.N. cyber negotiator, told The Washington Post.

A source who had worked on highly classified U.S. joint task forces to monitor and combat Russian cyber threats told The Guardian that recent developments were "truly shocking."

"There are thousands of US government employees and military working daily on the massive threat Russia poses as possibly the most significant nation state threat actor," the source said. "Not to diminish the significance of China, Iran or North Korea, but Russia is at least on par with China as the most significant cyber threat."

The source added: "There are dozens of discrete Russia state-sponsored hacker teams dedicated to either producing damage to US government, infrastructure and commercial interests or conducting information theft with a key goal of maintaining persistent access to computer systems."

A Shift in Priorities

The Trump administration has signaled a very different set of priorities for cybersecurity than its predecessor. In a January interview with Breitbart News before Trump was inaugurated, incoming national security adviser Michael Waltz said: "On cyber, we've been playing a lot of defense," adding that it was time to "do better on offense."

Waltz specifically identified China and Iran as threats, while his reference to Russia was contextualized as "undoing the damage of the Biden years" and returning "to what's working." He emphasized a desire to reestablish a "return to deterrence" in U.S.-Russia relations. However, the administration's subsequent actions have not reflected said deterrence strategy—quite the opposite. Instead of strengthening America's cyber posture against Russia, the administration has apparently withdrawn from meaningful engagement, creating what many security experts, including myself, view as a dangerous vulnerability.

At a United Nations cyber meeting in New York in late February, a State Department official discussed foreign adversaries targeting U.S. critical infrastructure but made no mention of Russia—an omission that was "very notable," according to a former senior State Department official.

"We've never pulled punches on Russia before in U.N. cyber discussions," the former official said.

The administration has also begun dismantling organizations set up in the wake of 2016 to combat foreign interference in U.S. elections. Attorney General Pam Bondi dissolved an FBI task force that worked to uncover efforts by Russia, China, Iran, and other adversaries to manipulate U.S. voters.

These actions align with statements made by DHS Secretary Kristi Noem during her Senate confirmation hearing, where she said CISA had strayed "far off mission" and pledged to work with senators "should you wish to rein them in."

Concerns About Vulnerabilities

The rollback of cyber operations against Russia and the reorganization of CISA have raised serious concerns among cybersecurity professionals about potential vulnerabilities in U.S. systems.

"It would ultimately be harder for CISA and private companies to gain intelligence into current offensive operations originating from Russia, detect, and react to them in a timely manner. This may lead to an increase in high-profile data breaches and compromise infrastructure," said Aras Nazarovas, an information security researcher at Cybernews.

Jake Williams, a former National Security Agency employee, warned that canceling cyber operations targeting Russia would lead to fewer instances where the U.S. calls out or attributes major cyber incidents to the Russian government.

"Telegraphing who we are and aren't tracking cyber threats from doesn't benefit the US in any way," Williams wrote on LinkedIn. "This offers threat actors the opportunity to hide with false flag operations, creates huge logistical problems with threat intelligence, and will create distrust with all cyber attribution."

Some analysts have suggested the administration may be attempting to show Russia goodwill in hopes that Moscow will reciprocate by restraining its own cyber operations against the United States. However, others view this as naïve.

Brian Krebs, an independent investigative journalist focusing on cybercrime, pointed out that Russian ransomware groups typically don't attack countries friendly to the Kremlin. With the U.S. now appearing to be in that category, Krebs suggested Russian threat actors might redirect their efforts toward the European Union, which remains firmly supportive of Ukraine.

"If we were serious about pushing Moscow to make any concessions in a cessation to its aggression in Ukraine, we would INCREASE by 10x or more the offensive actions against cybercrime operations that are Russian state-sponsored or state-tolerated," Krebs argued on LinkedIn.

Implications for Allies

The U.S. shift in cyber posture may have ripple effects among America's traditional allies, particularly in Europe and within NATO.

David Shipley, CEO of Beauceron Security, told CSO Online that the dismissals of CISA staff "will raise questions of and put further strains on alliances. How much trusted information sharing will allies be willing to do with CISA going forward?"

Krebs suggested that "Anyone with intel training 101 will conclude that the US cannot be a trusted intel sharing partner anymore," raising the possibility that American allies might exclude the U.S. from intelligence-sharing agreements.

French Foreign Affairs Minister Jean-Noel Barrot has already expressed confusion over reports about Hegseth's order to Cyber Command, per Cybernews.

The Road Ahead

As the Trump administration continues to reshape America's cyber strategy, questions remain about the long-term implications for national security.

Evan Dornbush, another former NSA cybersecurity expert, wrote in an opinion piece in SC Media saying that while the adjustments to CISA's programming "are not apocalyptic," they do "represent a calculated shift in priorities, and do create the subtle erosion of our defense and response capacity."

"In a domain where attackers now have a perpetual and unfair advantage, even incremental reductions can leave us increasingly vulnerable," Dornbush wrote. "The long-term implications for our national cybersecurity posture are undeniable."

Meanwhile, the administration continues to fill key cybersecurity positions. Karen Evans, a federal IT and cyber government veteran, was recently appointed as the executive assistant director for cybersecurity at CISA—one of the most prominent cyber jobs in the federal government.

However, President Trump has yet to select an overall leader for CISA, although Sean Plankey has reportedly been considered for the Senate-confirmed role.

As the U.S. navigates this shift in cyber strategy and relationships with adversaries like Russia, the central question remains: Can America maintain its digital defenses while pursuing diplomatic rapprochement with Moscow?

For cybersecurity professionals, the answer appears increasingly uncertain and trending steadily towards a resounding "No".

Author’s Note: An update to this story was published on March 4, 2025.