Last week, it was widely reported that Defense Secretary Pete Hegseth ordered a pause on US Cyber Command’s (USCYBERCOM) offensive operations against Russia. The Record initially reported the news, with other media outlets quickly picking it up. AP News reported that an anonymous US official confirmed the pause.
Such an action would mark a major pivot in US cybersecurity strategy. Russia is considered a top cyber threat.
But the Pentagon denied these reports. In a post on X, DOD Rapid Response said: “TO BE CLEAR: @SecDef has neither canceled nor delayed any cyber operations directed against malicious Russian targets and there has been no stand-down order whatsoever from that priority.”
What can we make of this conflicting information? If we do see this kind of cessation of offensive cyber operations against Russia, what could the consequences be?
Russia and Cyber Policy
Questions about the US approach to Russian cyber threats come amidst attempts to broker a peace deal between Russia and Ukraine.
For now, the Pentagon denies any pause in operations. The Cybersecurity and Infrastructure Security Agency (CISA) chimed in to deny any change to its tracking of Russian cyber threats.
“The current reporting situation as it stands at the moment is that sources close to the US secretary of defense are denying all reports,” says Craig Watt, threat Intelligence consultant at cybersecurity company Quorum Cyber.
US Cyber Command is not the only federal agency involved in cybersecurity activities. CISA tracks and reports on cybersecurity risks. The National Security Agency also (NSA) conducts offensive operations, Jared Smith, distinguished engineer at SecurityScorecard, a cybersecurity ratings company, points out.
But if a pause of US Cyber Command activity were to move forward, it could have a significant impact. “If we remove this deterrent, that causes cascading effects,” says Smith. “CISA might lose critical intelligence that they get from these offensive operations to know what to defend against.”
A pause in activity could also give Russian cyber threat groups a leg up. “Any planning that would halt would then allow the Russian government to potentially patch security vulnerabilities, for example. That would then leave the US Cyber Command to be in a weakened position after the planning halt was over,” says Watt.
NATO Allies
Any changes to US cybersecurity policy could ripple beyond its borders. A shift in how the US approaches its cyber policy in relation to Russia could have a potential impact on its NATO allies, who have made cyber pledges.
“NATO countries in particular could interpret any potential situation involving the US Cyber Command as a strategy to get the Republican party to convince the Russian government to accept the peace deal,” says Watt.
Any pause of US Cyber Command activity, if it does occur, could potentially weaken NATO allies’ own abilities.
“They depend a lot on our infrastructure,” says Smith. “I could see there being an … impact on NATO’s ability, the other party states’ [ability] to conduct their offensive operations without the support of our USCYBERCOM.”
Potential Impact on Public and Private Sector Organizations
Public sector organizations and private sector companies are frequent targets of cyber threats.
“One of the functions of the US Cyber Command is to take down or dismantle networks, infrastructure, and any capabilities that are offered by Russian criminal networks,” says Watt. “Theoretically, any temporary relief of disruption of those capabilities of the criminal organizations [would] likely allow them to develop their attacks and almost certainly embolden their efforts against Western companies moving forward.”
Leaders in the public and private spheres will need to remain vigilant. Russian cyber threats will continue to be a concern, whether US Cyber Command stays the course as the Pentagon is stating or not.
Watt recommends “…intelligence sharing between public and private sector and also keeping up-to-date with industry standard recommendations for defensive strategies going forward.”