Defence Secretary Hegseth orders Pentagon to stop offensive cyber operations against Russia
Sign up now: Get ST's newsletters delivered to your inbox
Secretary of Defence Pete Hegseth’s instructions to the US Cyber Command, part of a larger re-evaluation of all operations against Russia, have not been publicly explained.
PHOTO: REUTERS
Julian E. Barnes, David E. Sanger and Helene Cooper
Follow topic:
WASHINGTON – Defence Secretary Pete Hegseth has ordered the US Cyber Command to halt offensive operations against Russia, according to a current official and two former officials briefed on the secret instructions.
The move is apparently part of a broader effort to draw Russian President Vladimir Putin into talks on Ukraine and a new relationship with the United States.
Mr Hegseth’s instructions, part of a larger re-evaluation of all operations against Russia, have not been publicly explained. But they were issued before President Donald Trump’s public blow-up in the Oval Office with Ukrainian President Volodymyr Zelensky
The precise scope and duration of the Defence Department order are not clear, as the line between offensive and defensive cyber operations is often a blurry one.
Still, retaining access to major Russian networks for espionage purposes is crucial to understanding Mr Putin’s intentions as he enters negotiations, and to tracking the arguments within Russia about what conditions to insist upon and what could be given up.
Former officials say it is common for civilian leaders to order pauses in military operations during sensitive diplomatic negotiations to avoid derailing them. Still, for Mr Trump and Mr Hegseth, the retreat from offensive cyber operations against Russian targets represents a huge gamble.
It essentially counts on Mr Putin to reciprocate by letting up on what many call the “shadow war” under way against the US and its traditional allies in Europe. Leading European powers continue to say their support of Ukraine is undiminished even as Mr Trump, who has sought to portray himself as a neutral arbiter in seeking to end the war in Ukraine, has at times sided openly with Mr Putin.
US officials have said Russia has continued to try to penetrate US networks, including in the first weeks of the Trump administration. But that is only part of a broader Russian campaign.
Over the past year, ransomware attacks on US hospitals, infrastructure and cities have ramped up, many emanating from Russia in what intelligence officials have said are largely criminal acts that have been sanctioned, or ignored, by Russian intelligence agencies.
Sabotage efforts in Europe – including suspected Russian attempts to cut communication cables, mysterious explosions and Russian-directed assassination plots, including against the chief executive of Germany’s largest arms maker – have accelerated in the past year. The US has, until now, been central in helping European nations fight back, often in covert cyber operations, but that cooperation could now be in jeopardy.
Many of those operations are run out of Britain’s Government Communications Headquarters – the storied intelligence agency that broke the Enigma codes in World War II – and to some extent by Canada. It is possible they will continue that work, while the US focuses on China, its most sophisticated adversary in cyberspace.
Russia also ran an aggressive influence campaign during the last presidential campaign, according to reports by US intelligence agencies during the Biden administration. In recent election cycles, the US Cyber Command has conducted secret operations to hamper or curtail those influence efforts.
But the Trump administration has begun to dismantle efforts by the Federal Bureau of Investigation and other agencies to warn about Russian propaganda, and the order by the Pentagon will halt, at least for now, any further Cyber Command efforts to interrupt future Russian influence campaigns.
Secretary of State Marco Rubio on March 2 described the urgency of getting Russia to the negotiating table over Ukraine, even while acknowledging that it was unclear whether Mr Putin was ready to make a deal.
“You’re not going to bring them to the table if you’re calling them names, if you’re being antagonistic,” he said on ABC programme This Week. “That’s just the President’s instincts from years and years and years of putting together deals as someone who’s in business.”
Mr Rubio was not asked about the decision to stop the offensive cyber operations, but he grew defensive when pressed on why the US was letting up on pressure on Moscow to the point of removing language from a United Nations resolution that described Russia as the aggressor in the war in Ukraine. Almost all the United States’ traditional allies voted against the resolution, leaving the Trump administration siding with Russia, North Korea, Iran and Belarus, and a handful of other authoritarian states.
“If this was a Democrat that was doing this, everyone would be saying, ‘Well, he’s on his way to the Nobel Peace Prize’,” Mr Rubio said. “This is absurd. We are trying to end a war. You cannot end a war unless both sides come to the table, starting with the Russians, and that is the point the President has made. And we have to do whatever we can to try to bring them to the table to see if it’s even possible.”
The order from Mr Hegseth was first reported by The Record, a cyber-security publication from Recorded Future, which tracks cyber operations. The Pentagon and US Cyber Command declined to comment on the record, but a senior defence official, declining to allow use of her name, said that Mr Hegseth had “no greater priority” than the safety of military members, including in cyber operations.
After the publication of this article, Democratic Senate Minority Leader Chuck Schumer said in a statement that Mr Trump appeared to be giving Mr Putin “a free pass as Russia continues to launch cyber operations and ransomware attacks against critical American infrastructure”.
He called the administration’s move “a critical strategic mistake”.
As the Trump administration prepared to take office, departing Biden administration officials urged Mr Trump’s appointees to keep the pressure on Russia, including by continuing to arm Ukraine and push back on the GRU and the SVR, two Russian intelligence agencies that have been behind some of the most aggressive Russian cyber attacks and espionage operations.
They specifically briefed the Trump officials on suspected Russian efforts to cut communication cables undersea, and the US effort in 2024 to get a message to Mr Putin about the consequences if an effort to put explosives on cargo planes resulted in an air disaster. US intelligence agencies concluded that Russia’s ultimate goal was to send those packages to the US.
During Mr Trump’s first term, US cyber operations against Russia were, if anything, ramped up. The National Security Agency created a “Russia Small Group” after the Russian interference in the 2017 election.
Mr Trump gave the Cyber Command new authorities in his first term to conduct offensive cyber operations without direct presidential approval in a classified document known as National Security Presidential Memorandum 13.
One of those operations was a stepped-up effort to probe Russia’s electric power grid, an effort first disclosed by The New York Times and one likely meant as a warning to Russia not to interfere with crucial US infrastructure. Mr Trump denounced that reporting as “a virtual act of treason”, but his former aides later said he was concerned the revelation would affect his relationship with Mr Putin. NYTIMES
