Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia?
Two blockbuster stories published on Friday that appear to confirm what many Americans suspected would occur under the Trump administration – that the new regime is going to be softer on Russia than previous administrations, particularly with regard to the threat that Russia poses in cyber...
www.zetter-zeroday.com
“… Cyber Command is a military unit under the Department of Defense and conducts both offensive and defensive cyber activity outside the U.S. This includes hunt-forward operations (assisting Ukraine and other nations in finding malicious activity on their networks, for example), conducting "effects" operations (cyber attacks that degrade, destroy or disrupt an adversary's electronic systems) and taking down infrastructure used for malicious purposes against the U.S. or its partners.
CISA, on the other hand, is entirely domestic and defensive in its mission. Its job is to help defend the federal government's civilian networks (the National Security Agency helps defend military networks) and it helps the owners of critical infrastructure – most of which is privately owned in the U.S. – defend these networks by conducting risk assessments, providing information about vulnerabilities and patching guidance, and assisting with incident response after a breach when needed.
Therefore, telling Cyber Command to stand down on Russia is very different from telling CISA to stand down, though the policy directives described in each story could potentially have similar effects in weakening U.S. security.
… Two days after the Guardian story published, however, CISA denied the report in a
post published on X and in a statement given to reporters. "CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia," the agency wrote on X Sunday evening. "There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security."
Additionally, DHS spokesperson Tricia McLaughlin told reporters that “CISA remains committed to addressing all cyberthreats to U.S. critical infrastructure, including from Russia. There has been no change in our posture or priority on this front.”
… Jason Kikta, a former Cyber Command official, told me on Friday that halting offensive cyber operations and information operations against a country during negotiations with that country is normal. "Not exactly standard, but common enough," he said.
The U.S. would want to halt cyber operations against Russia during negotiations to avoid "pissing off the other side," he noted, but the halt would be temporary.
The Record said that Cyber Command had begun compiling a report for the secretary of defense that lists all "ongoing actions or missions" halted as a result of his stand-down order and that also details what potential threats still emanate from Russia. It would make sense for an incoming defense secretary to want to understand what operations are currently being conducted against Russia if the U.S. is preparing to enter negotiations with it.
The secretary might want to halt all operations during negotiations with Russia or just halt ones that Russia would be more likely to trigger anger from Russia if detected.
[A less charitable reading of this, however, would be that the Trump administration is looking to collect information on U.S. cyber offensive operations against Russia in order to share that information with Russia – especially operations that may be helping Ukraine in its war with Russia. But there is currently no evidence that this is the aim.] …”