In a significant shift in U.S. cyber policy, Defence Secretary Pete Hegseth has ordered the U.S. Cyber Command to halt offensive cyber operations against Russia.
According to a current official and two former officials briefed on the classified instructions, the move is seen as part of a broader diplomatic effort to draw Russian President Vladimir Putin into negotiations over Ukraine and reshape the U.S.-Russia relationship.
While the exact details and scope of Hegseth’s order remain unclear, the decision marks a major change in U.S. cyber strategy. Historically, offensive cyber operations have played a crucial role in countering Russian cyber threats, which include espionage, sabotage, and influence campaigns targeting the U.S. and its allies.
The distinction between offensive and defensive cyber operations is often blurred, making it difficult to assess the full impact of this decision. However, maintaining access to Russian networks for intelligence gathering has long been a priority for U.S. security agencies as they seek to gauge Putin’s stance in negotiations.
It is not uncommon for civilian leaders to pause military operations during sensitive diplomatic engagements to avoid undermining negotiations. Yet, this latest move by the Trump administration represents a significant gamble. By scaling back cyber offensives, the U.S. is effectively banking on Putin reciprocating by easing his own cyber and hybrid warfare operations against Western nations. However, Russia has continued its attempts to penetrate U.S. networks and disrupt American infrastructure through state-sanctioned cybercrime and intelligence-backed sabotage efforts.
Over the past year, ransomware attacks originating from Russia have intensified, targeting hospitals, public infrastructure, and municipal systems across the U.S. In Europe, Russian sabotage operations have also escalated, with suspected attempts to sever critical communication cables, orchestrate assassinations, and carry out unexplained explosions. The U.S. has played a key role in helping its European allies counter these threats, often through covert cyber operations. With the latest order from Hegseth, this vital cooperation may now be at risk, potentially leaving allies to rely more heavily on British and Canadian intelligence efforts.
The Trump administration’s decision to halt cyber operations against Russia comes amid broader shifts in U.S. foreign policy. President Trump has positioned himself as a neutral broker in the Ukraine conflict, though at times he has appeared more aligned with Moscow’s interests. The administration’s reluctance to label Russia as the aggressor in the war, as evidenced by the U.S. abstaining from a United Nations resolution to that effect, has raised concerns among European allies. The decision to scale back cyber operations could be perceived as another concession to Putin.
At the same time, the administration is increasingly focused on countering China, which is regarded as the most advanced cyber adversary facing the U.S. If the shift in cyber operations is intended to allocate resources toward countering Beijing, it may signal a strategic realignment rather than outright disengagement from the Russian cyber threat.
The decision has drawn sharp criticism from lawmakers and former officials. Senate Minority Leader Chuck Schumer condemned the move, arguing that it gives Putin a “free pass” while Russia continues cyberattacks on critical U.S. infrastructure. The order also rolls back efforts by U.S. Cyber Command and intelligence agencies to counter Russian influence operations, particularly in election security.
As the Trump administration took office, officials from the outgoing Biden administration had warned of the necessity of maintaining cyber pressure on Russia. They had briefed incoming officials on the risks posed by Russian cyber units, particularly concerning sabotage efforts and the targeting of undersea communication cables. During Trump’s first term, cyber operations against Russia were ramped up, including an initiative to infiltrate Russia’s power grid as a deterrence measure.
The shift away from these offensive measures represents a significant policy reversal. While the intent may be to facilitate diplomatic talks, it also introduces the risk of emboldening Russian cyber actors. With upcoming elections and ongoing geopolitical tensions, the decision to scale back offensive cyber efforts could have far-reaching consequences for U.S. national security.
