In a move that has sent ripples across the cybersecurity and national security communities, U.S. Defense Secretary Pete Hegseth has ordered U.S. Cyber Command (CYBERCOM) to halt all planning against Russia, including offensive cyber operations. According to an exclusive report from The Record, the directive was delivered to CYBERCOM chief Gen. Timothy Haugh, who then informed Marine Corps Maj. Gen. Ryan Heritage, the outgoing director of operations.
While the full scope of the order remains unclear, it appears to be part of a broader effort by the White House to normalize relations with Moscow. This follows a series of controversial statements from President Donald Trump regarding the war in Ukraine and a tense Oval Office meeting with Ukrainian President Volodymyr Zelenskyy over a proposed U.S. deal to access Ukraine's mineral resources. According to sources cited by The Record, the stand-down directive is expected to remain in place "for the foreseeable future."
The decision has sparked significant debate among cybersecurity professionals, many of whom warn of the potential consequences of pausing cyber operations against a well-known digital adversary.
Trey Ford, Bugcrowd's Chief Information Security Officer, pointed out that pausing cyber operations is more than just an administrative decision—it disrupts ongoing intelligence gathering efforts. "Pausing any operation, by definition, is an interruption to efforts with mountains of energy, investment, and human capital flow halted," Ford said. "Reconnaissance and operational monitoring is a continuous effort—where missed changes can have varying levels of impact to the mission."
Ford also suggested that this may be a diplomatic move, hoping for reciprocal restraint from Russia: "Any cessation of CNA (Computer Network Attack) and CNE (Computer Network Exploitation) efforts is to be expected while diplomatic efforts are underway in the public sphere, and the hope is that those paused attack and exploitation efforts will be mirrored by our Russian counterparts."
However, cybersecurity professionals remain skeptical about whether Russia will reduce its cyber operations in response to this move.
Chris Gray, Field CTO at Deepwatch, raised concerns about how the decision might affect global confidence in U.S. cybersecurity leadership, saying, "There really become two major areas of concern that would result from the motion: increases in global cyber threats, and a lack of shared confidence in the United States' reliance as a defensive partner."
Gray also outlined three possible interpretations of the U.S. decision:
The U.S. no longer considers Russia a major cyber threat—a troubling possibility given Russia's history of cyber aggression.
The U.S. is still monitoring and countering Russian cyber activity but is softening its rhetoric for diplomatic reasons.
The U.S. is reallocating cyber resources toward other priorities, such as combatting Mexican drug cartels, which the Trump Administration has labeled as terrorist organizations.
The move also raises concerns about the cybersecurity risks posed to private sector entities, including critical infrastructure, financial institutions, and supply chains.
Jason Soroko, Senior Fellow at Sectigo, emphasized the need for companies to shore up their defenses in light of the U.S. government's shift in focus, saying, "The pause in offensive cyber operations highlights the need for companies to double down on securing their supply chains, as adversaries will likely target any vulnerabilities, regardless of the origin."
U.S. Cyber Command has been essential in countering Russian cyber threats, particularly in Ukraine. Before Russia's full-scale invasion in 2022, Cyber Command deployed "hunt forward" teams to Kyiv to help strengthen Ukraine's cyber defenses. Scaling back these operations could leave both U.S. allies and domestic entities more vulnerable to Russian cyber aggression.
John Bambenek, President of Bambenek Consulting, sees this as a high-risk gamble. "Like any major gamble, it depends on if it pays off," Bambenek said. "For instance, if the end result months from now is significantly reduced ransomware hitting hospitals, then it will be seen as a big win. It will also depend on how long this guidance is in place."
Bambenek warns that if Russia perceives this decision as a "free hits" policy rather than an opportunity for de-escalation, it could embolden their cyber operations rather than suppress them.
There is also speculation that the move is part of a broader realignment of U.S. cybersecurity efforts. With the Trump Administration increasing its focus on drug cartels and border security, Cyber Command's resources may shift toward countering transnational criminal organizations rather than nation-state adversaries like Russia.
However, cybersecurity professionals warn that this redirection of resources could create blind spots in monitoring Russian cyber activities.
"If the U.S. ceases operations and intelligence sharing regarding Russia, the opportunity for cyberattacks to succeed does indeed increase," said Gray. "Significant impediments here would result in global economic impacts that would likely result in an increase in cyber scrutiny and offensive operations."
While Cyber Command is compiling a risk assessment for Secretary Hegseth, whether this order will have lasting consequences for U.S. cybersecurity remains to be seen. If Russia refrains from escalating its cyber operations, the move could contribute to broader diplomatic efforts. However, if Russian cyberattacks increase, the U.S. may need to quickly reverse course and re-engage its offensive cyber capabilities.
For now, security experts emphasize that businesses and government agencies alike should remain vigilant. The private sector may need to be more active in monitoring and responding to Russian cyber threats, particularly if government-backed efforts are curtailed.
Follow SecureWorld News for more stories related to cybersecurity.