CISA says it will continue to monitor Russian cyber threats

The Cybersecurity and Infrastructure Security Agency (CISA) refuted reports that changes are being made to how it approaches cyberthreats from Russia.

The Guardian newspaper wrote Friday that analysts at CISA were “verbally informed that they were not to follow or report on Russian threats,” according to an anonymous source, and that work being done on one Russia-related project “was in effect ‘nixed.’”

“CISA’s mission is to defend against all cyberthreats to U.S. Critical Infrastructure, including from Russia,” CISA said on Sunday. “There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.”

CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.

— Cybersecurity and Infrastructure Security Agency (@CISAgov) March 3, 2025

In addition to the anonymous source, The Guardian cited a “new priorities” memo that did not mention Russian cyberthreats. 

DHS spokesperson Tricia McLaughlin told Recorded Future News that the memo referenced by The Guardian “is not from the Trump Administration, which is quite inconvenient to the Guardian’s preferred narrative.” 

The story emerged on Friday around the same time as an exclusive report from Recorded Future News that Defense Secretary Pete Hegseth ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions. That order did not extend to the National Security Agency, and is reportedly temporary — though the exact duration of the order is unknown. 

In follow-up reporting, the Washington Post and New York Times said the order was apparently an effort to bring Russia to the negotiating table as President Donald Trump seeks to end the war in Ukraine. The story about the Defense Department order came after Trump and Ukrainian President Volodymyr Zelensky had a public argument about the war in the Oval Office.   

The Washington Post reported that a “private sector consultant familiar with the matter” told them that CISA has moved some cyberthreat experts onto other adversaries besides Russia, reflecting a potential shift in priorities. Trump officials have advocated for military action against Mexican cartel figures and infrastructure to stem the flow of drugs across the border, Recorded Future News reported.

Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyberthreats by a senior State Department official did not mention Russia. 

Some within the cybersecurity community raised concern that The Guardian article was being conflated by the public with the Defense Department order. 

What's funny is I know some of you understand the division of responsibilities and authorities between CYBERCOM, NSA, and CISA, but you're perfectly fine to blow things out of proportion whenever articles that fit your desired narrative appear.

— Andrew Thompson (@ImposeCost) March 3, 2025

In addition to a near-constant stream of ransomware attacks on local U.S. government bodies often claimed by cybercriminal gangs known to be based in Russia, several of the most high-profile attacks on the federal government have been attributed to Russia's Foreign Intelligence Service (SVR) and the country’s GRU military intelligence service.

There was significant backlash over the weekend from U.S. lawmakers, with members of Congress from both parties criticizing any potential change in the country’s cyber posture with respect to Russian cyberattacks.

Senate minority leader Chuck Schumer (D-NY) released a statement on Sunday accusing the Trump administration of giving Russian President Vladimir Putin a “free pass as Russia continues to launch cyber operations and ransomware attacks against critical American infrastructure, threatening our economic and national security.” 

“It is a critical strategic mistake for Donald Trump to unilaterally disarm against Putin,” Schumer said. “The best defense is always a strong offense, and that’s true for cybersecurity too.”