In late February, Secretary of Defense Pete Hegseth instructed the U.S. Cyber Command (USCYBERCOM) to halt offensive cyber operations against Russia. Although the Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) pledged to continue defending U.S. critical infrastructure from Russian threats, reports surfaced by March 2 that CISA analysts have been verbally ordered to pause monitoring and reporting on Russian cyber activities, and even abandon a project relating to Russia.
However, by March 3, a CISA spokesperson denied the agency’s shift in cybersecurity priorities and affirmed that it will continue to monitor Russian threats. The Pentagon also issued a similar denial regarding the pause of offensive USCYBERCOM operations against Russia. There have been no reports to date on the National Security Agency pausing its offensive operations against Russia.
These confusing developments match the Trump administration’s pattern of frequent policy flip-flops, lack of transparency, and a tendency to gaslight the press. So far, major news agencies, such as The Guardian, BBC, New York Times, and the Associated Press have stood by their reports on the pause in offensive cyber operations against Russia, raising further questions regarding the current U.S. cybersecurity posture. To err on the side of caution, this article will describe the reported pause as a “potential pause.”
Given the Trump administration’s favorable stance toward Russia, it is useful to contemplate the broader geopolitical fallout of a potential pause in U.S. offensive cyber operations against Russia. Ordering a pause on offensive cyber operations against Russia would align with Trump’s Russia-friendly stance. In recent weeks, Trump has placed significant pressure on Ukraine for an immediate ceasefire and halted military aid to the country, thereby conforming U.S. actions to Russian interests and led many to question Trump’s motives.
Russia remains a persistent global cybersecurity threat. In January 2025 alone, Russian hackers have attacked Kazakh diplomatic entities, Italian government websites, and Ukraine’s cyber infrastructure. Moreover, Russian information operations have been successful in influencing U.S. public opinion and, arguably, electoral outcomes. In fact, Trump’s own statements and actions show that he has been influenced by Russian disinformation operations, as he has frequently aligned his worldviews with official Russian narratives and promoted these viewpoints from the bully pulpit since his first term in office. This demonstrates the effectiveness of Russian information operations, conducted primarily through the cyberspace, which have influenced not only ordinary Americans, but also the chief executive.
Considering the United States’ vast capabilities and resources for conducting offensive cyber operations against Russia, a potential pause on USCYBERCOM’s plans represents a major win for Moscow and raises concerns regarding the U.S. ability to protect itself in cyberspace.
Cyber operations against Russia and other U.S. adversaries constitute a continuous war, largely hidden from the public. The sudden halt of offensive operations against Russia could disrupt planned operations, leaving U.S. secrets and critical infrastructure more vulnerable to Russian attacks. Freed from having to deal with U.S. persistent engagements, Russia could reallocate personnel and resources to scale up attacks on the United States and its allies. Without close monitoring of Russian activities, intelligence gaps will grow, diminishing U.S. cybersecurity personnel’s capabilities over time. Furthermore, the order may tie the hands of USCYBERCOM, limiting it to a purely defensive role and restricting its ability to conduct preemptive strikes. Morale within these agencies might decline and frustrations will grow.
USCYBERCOM’s assistance programs to European and Ukrainian allies defending against Russia are going to be affected, possibly leading to battlefield setbacks for Ukraine, which recently lost U.S. military aid and intelligence support. As Russia initiates an offensive on Kursk starting March 8, cyber operations are going to play a crucial role in supporting kinetic military engagements, as they did during the 2024 Ukrainian Kursk Offensive. Although Ukraine’s highly capable cyber force has put up a tenacious resistance against its Russian adversary, assistance from allies will always be a force multiplier.
While Russia is certainly the biggest winner of a potential U.S. offensive operations pause, other U.S. adversaries, mainly China, may also capitalize on this development. Like their Russian counterparts, Chinese hackers are highly active. In December 2024, Chinese hackers achieved a significant breach of a third-party cybersecurity service provider to the U.S. Treasury Department, gaining access to important documents relating to the departmental leadership. Other than the U.S., Chinese hackers have made Taiwan a primary target, gathering critical intelligence that could aid a future Chinese invasion of the Island. Recent U.S. charges against the Silk Typhoon hacking group further highlighted China’s prowess in conducting offensive cyber operations against U.S. organizations.
Although a potential pause on operations against Russia would likely lead to USCYBERCOM and CISA reallocating resources to counter China, the transition will take time, and its success is not guaranteed. The removal of pressure on Russia, a key ally of Beijing, further complicates the situation. While the United States changes its focus, Russia may accelerate its cyber offensives, distracting U.S. planners from operations against China. Taking advantage of the disruption in U.S. operations during the transition period, China could launch a preemptive strike against U.S. information networks to slow the reorientation of U.S. capabilities against China.
While not highly probable, Russian cybercriminals, no longer facing U.S. attacks, may find themselves in China’s employment and work to advance Chinese interests from Russian soil, where they would face diminished U.S. pressure. Exploiting the mass firings, flagging morale, and growing uncertainty among U.S. security professionals, Russia and China may even find sympathizers to assist their attacks against critical U.S. infrastructure. In fact, Russian and Chinese intelligence agencies have already taken the initiative to recruit disillusioned federal employees, who have been embittered by the constant fear of losing their livelihood.
A possible suspension of U.S. cyber operations against Russia has few – if any – benefits for the United States and will embolden U.S. adversaries seeking to steal confidential information and target critical infrastructure. For Russia and China, the United States’ changing posture presents a perfect opportunity to advance their objectives. A U.S. retreat in the cyber realm will encourage adversarial cybercriminals and state-sponsored hackers to go on the offensive – against not only the U.S., but also its allies and other vulnerable countries – inciting more global disorder. Beyond cyber operations, the consequences of potential stand-down orders will likely enhance the effectiveness of Russian and Chinese information operations aimed at shaping U.S. public opinion, potentially strengthening their influence in U.S. politics and pushing U.S. leaders toward self-destructive decisions with worldwide geopolitical fallout.