Security concerns raised over US cyber operations halt on Russia

US risks losing critical cyber capabilities, say analysts

The Trump administration has reportedly halted offensive cyber operations against Russia, sparking concerns over national security and intelligence gathering capabilities.

According to CBS, the directive, issued by Defence Secretary Pete Hegseth to the US Cyber Command (CYBERCOM), is seen as part of a broader diplomatic push to negotiate an end to the war in Ukraine. However, cybersecurity experts warn that the decision could weaken the United States' strategic cyber deterrence.

Dr. Jared Smith, distinguished engineer, R&D strategy for SecurityScorecard, shared his concerns over the order’s implications. He said: “Legally, the only US military entity with the law-given ability to conduct offensive military cyber operations is CYBERCOM. The DOD Secretary’s order is concerning, depending on how the directive is interpreted.

“On one hand, military forces could take the order as saying, 'no more implants/backdoors allowed to be maintained in Russian networks' as an 'offensive' approach. This would be bad, because it completely removes our existing ability to operate our implants for reconnaissance and information gathering efforts from within their networks.

“On the other hand, it could be taken as 'no more new implants allowed to be positioned in their networks'. While this isn’t as bad as the first implementation, it does mean as Russia finds the existing ones and purges them, we will slowly lose access to the existing access points into critical Russian entities where we get strategic intelligence about their operations, both kinetic and in cyber.”

Dr. Smith pointed out that the directive does not appear to affect other department’s operations like the NSA’s, which was responsible for developing STUXNET to disrupt Iran’s nuclear programme. The US Cybersecurity and Infrastructure Security Agency (CISA) said it “remains committed to addressing all cyber threats to US critical infrastructure, including from Russia. There has been no change in our posture or priority on this front.”

The softly-softly approach

Since returning to office, Trump has markedly softened Washington’s stance on Russia, echoing some of Moscow’s justifications for the war and moving to engage directly with President Vladimir Putin.

The US has also aligned with Russia in recent UN votes related to the conflict, and excluded Ukraine from diplomatic talks in Saudi Arabia.

The decision to pause cyber operations has also raised alarms among lawmakers and security analysts. Critics like Smith argue that while the US may be stepping back from offensive cyber actions, Russian state-backed cybercriminal groups remain active and undeterred.

While the Trump administration’s directive may deter direct Russian state aggression, the country “will certainly continue to allow the criminal groups...to target our entities here, both public and private, and continue to not arrest or entertain global law enforcement operations to stop ransomware groups and other state-supported threat actors operating within their borders.”

And while the move might signal a diplomatic shift, it does not offer any reciprocal assurance from Russia regarding its own cyber activities.

"Realistically, the US isn’t any safer with this order. If anything, we’ve just removed a deterrent from our arsenal. It would be like the US telling Russia during the Cold War that we are deactivating our submarine-based component of the nuclear triad. We’ve effectively communicated, 'we won’t attack you or try to gain more footholds in the cyber space' without even asking for a direct in-kind action from Russia.”

Continued Russian cyber aggression

The shift in cybersecurity posture comes as Western nations have reported continued Russian cyber aggression, including election interference, ransomware attacks and attempts to disrupt critical infrastructure.

The decision to curb offensive cyber activities without a clear public rationale has drawn criticism from both sides of the political aisle. Senate Minority Leader Chuck Schumer has called the move a “critical strategic mistake,” arguing that it hands Putin a free pass while Russia continues to target American infrastructure.

Republicans, meanwhile, were thrown for a loop on hearing about the policy, with Congressman Carlos Gimenez (R-Florida) saying, “I don’t know why he’s doing that.”

“The Russians are attacking us every single day, the Chinese are attacking us every single day; I don’t think you signal to the Russians that, hey, we’re gonna unilaterally withdraw from this space,” he said on Fox News.

“If they can keep attacking us, and they do every single day, they should be fearful of our capacity to inflict damage on them. So I really don’t understand where that’s coming from.”

The full extent of the order’s impact remains unclear, but reports suggest it could affect thousands of personnel involved in cyber operations, including efforts to strengthen Ukraine’s digital defences.

National Security Adviser Mike Waltz has downplayed the shift, insisting that “all kinds of carrots and sticks” are being considered to bring the war to an end. However, cybersecurity experts remain sceptical, warning that the decision could have lasting implications for US national security.

Want to know more? Computing 's Cybersecurity Festival returns to London in May, where senior IT decision makers can learn about modern challenges, compare strategies with peers, and source solutions. Click here to register for free.