Defense Secretary Pete Hegseth has instructed U.S. Cyber Command to cease offensive operations against Russia, aiming to encourage negotiations between President Putin and the U.S. regarding Ukraine. This decision is part of a broader reassessment of military actions against Russia, issued prior to a tense meeting between President Trump and Ukraine’s President Zelensky. Despite ongoing cyber threats from Russia, including ransomware attacks, the halt in operations reflects a strategic gamble on diplomatic engagement. Critics note this approach may jeopardize U.S. cybersecurity efforts and could weaken alliances in Europe, potentially benefitting Russian interests.
Defense Secretary Pete Hegseth has instructed U.S. Cyber Command to cease offensive operations against Russia, as reported by a current official and two former officials familiar with the confidential directives. This decision appears to be part of a larger strategy aimed at persuading President Vladimir V. Putin of Russia to engage in discussions regarding Ukraine and establish a new rapport with the United States.
The specifics of Mr. Hegseth’s orders, which are part of a broader reassessment of all actions taken against Russia, have not been disclosed publicly. However, they were given prior to President Trump’s notable outburst in the Oval Office with President Volodymyr Zelensky of Ukraine on Friday.
The exact parameters and duration of the Defense Department’s directive remain unclear, as the distinction between offensive and defensive cyber operations is often ambiguous.
Nevertheless, maintaining access to key Russian networks for espionage is vital for comprehending Mr. Putin’s motives as negotiations commence, and for monitoring the discourse within Russia regarding the terms to demand and possible concessions.
Former officials noted that it is typical for civilian leadership to order pauses in military operations during delicate diplomatic discussions, to prevent any disruptions. Still, for President Trump and Mr. Hegseth, the withdrawal from offensive cyber operations against Russian objectives represents a significant risk.
This effectively relies on Mr. Putin to respond by reducing what many have termed the “shadow war” being waged against the United States and its traditional European allies. Leading European nations continue to assert their unwavering support for Ukraine, despite Mr. Trump’s attempts to frame himself as a neutral mediator, occasionally aligning himself openly with Mr. Putin.
U.S. officials have indicated that Russia persistently seeks to infiltrate U.S. networks, even during the initial weeks of the Trump administration. However, this is merely a facet of a more extensive Russian strategy.
Over the past year, the frequency of ransomware attacks affecting American hospitals, infrastructure, and urban areas has surged, many originating from Russia, classified by intelligence officials as largely criminal acts tolerated or overlooked by Russian intelligence entities.
Sabotage initiatives in Europe—such as alleged Russian attempts to sever communications cables, unexplained explosions, and assassination schemes directed at key figures, including executives from Germany’s largest arms manufacturer—have increased significantly in the past year. The United States has played a crucial role in assisting European countries in defending against these threats, often through clandestine cyber operations, but that cooperation may now be at risk.
Many of these initiatives are spearheaded by Britain’s Government Communications Headquarters—the renowned intelligence agency that deciphered the Enigma codes during World War II—and, to a certain degree, by Canada. It is possible that they will continue their operations while the United States shifts focus toward China, its most advanced adversary in the digital realm.
Reports from U.S. intelligence agencies during the Biden administration indicate that Russia engaged in a vigorous influence campaign during the last presidential election cycle. In recent electoral periods, U.S. Cyber Command has undertaken covert operations to disrupt or limit these influence attempts.
However, the Trump administration has already initiated the rollback of initiatives by the F.B.I. and other agencies aimed at alerting the public about Russian propaganda, and the Pentagon’s command would, at least for the moment, suspend any further Cyber Command activities intended to counter future Russian influence operations.
Secretary of State Marco Rubio on Sunday emphasized the importance of pressing Russia to initiate negotiations over Ukraine, all the while acknowledging uncertainty regarding Mr. Putin’s willingness to finalize a deal.
“You’re not going to bring them to the table if you’re calling them names, if you’re being antagonistic,” Mr. Rubio stated on ABC’s “This Week.” “That’s just the president’s instincts from years and years and years of putting together deals as someone who’s in business.”
While Mr. Rubio was not directly questioned about the halt to offensive cyber operations, he became defensive when pressed about the decision to ease pressure on Moscow, even to the extent of omitting language from a United Nations resolution that labeled Russia as the aggressor in the Ukraine conflict. The vast majority of the United States’ traditional allies voted against the resolution, resulting in the Trump administration aligning itself with Russia, North Korea, Iran, Belarus, and a few other authoritarian regimes.
“If this was a Democrat doing this, everyone would be saying, well, he’s on his way to the Nobel Peace Prize,” Mr. Rubio remarked. “This is absurd. We are trying to end a war. You cannot end a war unless both sides come to the table, starting with the Russians, and that is the president’s point. We must do whatever we can to attempt to bring them to the table to determine if it’s even feasible.”
The directive from Mr. Hegseth was initially reported by The Record, a cybersecurity journal from Recorded Future, which monitors cyber activities. The Pentagon and U.S. Cyber Command chose not to comment publicly, but a senior defense official, opting to remain unnamed, stated that Mr. Hegseth considers the safety of military personnel, including in cyber operations, to be his “no greater priority.”
As the Trump administration prepared for its inauguration, outgoing Biden administration officials urged Mr. Trump’s appointees to maintain pressure on Russia, including continuing to provide arms to Ukraine and countering the GRU and SVR, two Russian intelligence agencies responsible for several of the most aggressive cyberattacks and espionage operations.
They provided detailed briefings to Trump officials about alleged Russian intentions to sabotage undersea communication cables and the U.S. effort last year to convey a message to Mr. Putin regarding the repercussions of any attempts to place explosives on cargo planes that could result in an aviation disaster. American intelligence agencies assessed that Russia’s ultimate aim was to send those packages to the United States.
During Mr. Trump’s first term, American cyber operations targeting Russia were, if anything, intensified. The National Security Agency established a “Russia Small Group” in response to Russian interference in the 2017 election.
Mr. Trump authorized Cyber Command to pursue offensive cyber operations without needing direct presidential consent through a classified document known as National Security Presidential Memorandum 13.
One of these operations involved an escalated initiative to probe Russia’s electrical power grid, first revealed by The New York Times and likely intended as a warning to Russia against interfering with U.S. critical infrastructure. Mr. Trump condemned that reporting as “a virtual act of Treason,” but his former aides later indicated he was troubled that the disclosure could impact his rapport with Mr. Putin.