The US Department of Homeland Security (DHS) has refuted media claims that the Cybersecurity and Infrastructure Security Agency (CISA) has been instructed to stop monitoring Russian cyber threats. The federal executive department maintains that CISA’s mission to protect US critical infrastructure from all cyber threats, including those from Russia, remains unchanged.
“CISA’s mission is to defend against all cyber threats to US Critical Infrastructure, including from Russia,” CISA posted on social media platform X. “There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.”
Alleged shift in cybersecurity focus denied by DHS
These statements respond to a report by The Guardian alleging that the Trump administration no longer considers Russia a cyber threat and that CISA has been directed to prioritise China instead. Tricia McLaughlin, DHS’ Assistant Secretary for Public Affairs, addressed these claims in a statement to BleepingComputer, asserting that the purported memo does not exist. “This is garbage,” said McLaughlin. “The Guardian‘s entire story is based on an alleged memo that the Trump Administration never issued and the [publication] refuses to let us see or provide the date of said memo.”
Adding complexity, The Record reported that Defense Secretary Pete Hegseth had instructed Cyber Command to halt planned offensive operations against Russia. This was corroborated by sources from The New York Times and The Washington Post, indicating this change is temporary during negotiations concerning Russia’s actions in Ukraine.
The Guardian also noted that the Trump administration has signalled both publicly and privately that it does not view Russia as a significant cyber threat. This diverges from previous intelligence assessments and could potentially expose the US to Russian hacking attacks.
Liesyl Franz, Deputy Assistant Secretary for International Cybersecurity at the State Department, recently highlighted concerns about cyber threats from certain states but did not mention Russia in her speech at a United Nations working group on cybersecurity. This omission contrasts with statements from US allies in Europe who continue to emphasize the threat posed by Moscow.
Furthermore, Franz omitted any reference to LockBit, a Russia-based ransomware group. LockBit has been identified by US authorities as one of the most active ransomware operations globally. Previously highlighted in United Nations forums, LockBit has gained notoriety for its sophisticated ransomware-as-a-service model. This operational framework involves the group providing its ransomware software to cybercriminals, who then execute attacks on various targets. In return, LockBit receives a share of the ransom payments collected from these illicit activities. The US Treasury Department last year underscored the threat posed by LockBit, emphasising its role in facilitating widespread cybercrime through this licensing arrangement.
Additionally, The New York Times reported on administrative changes within CISA, noting the reassignment of officials focused on election security. These developments have raised concerns among experts about potential vulnerabilities in US cybersecurity strategy regarding Russian threats.
While specific details of these developments remain uncertain, experts caution that any decision by the US to overlook Russian cyber aggression could have adverse consequences. “Telegraphing who we are and aren’t tracking cyber threats from doesn’t benefit the US in any way,” wrote enterprise risk management expert and former NSA official Jake Williams in a LinkedIn post. “This offers threat actors the opportunity to hide with false flag operations, creates huge logistical problems with threat intelligence, and will create distrust with all cyber attribution.”
In December 2024, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on certain Russian and Iranian entities for their involvement in using sophisticated AI tools and cyber technologies to meddle in the 2024 US presidential election. OFAC reported that the Centre for Geopolitical Expertise employed generative AI to craft and spread disinformation with the intent of swaying American voters. The AI technologies were used to generate deepfake videos and counterfeit news articles, which were then propagated through a network exceeding 100 websites.
Read more: US sanctions Iranian and Russian entities for AI and cyber election interference
