Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
Defense Secretary Pete Hegseth last week ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, according to three people familiar with the matter.
Hegseth gave the instruction to Cyber Command chief Gen. Timothy Haugh, who then informed the organization's outgoing director of operations, Marine Corps Maj. Gen. Ryan Heritage, of the new guidance, according to these people, who spoke on the condition of anonymity because of the matter’s sensitivity.
The order does not apply to the National Security Agency, which Haugh also leads, or its signals intelligence work targeting Russia, the sources said.
While the full scope of Hegseth’s directive to the command remains unclear, it is more evidence of the White House’s efforts to normalize ties with Moscow after the U.S. and international allies worked to isolate the Kremlin over its 2022 invasion of Ukraine.
President Donald Trump has made a series of false statements and demands that align him with Russian President Vladimir Putin, including blaming Ukraine for the war and calling the country’s leader a dictator.
Trump and Ukrainian President Volodymyr Zelensky met in Washington on Friday to sign a deal that would give the U.S. access to Ukraine’s mineral resources. However, the deal did not happen following an Oval Office shouting match between the two leaders.
The exact duration of Hegseth’s order is unknown, though the command has been told the guidance will last for the foreseeable future, according to sources.
Heritage, who is expected to retire soon, knows all of the command’s mission packages and whether they are in a planning or execution stage. He would be responsible for contacting the relevant entities and telling them to hold off. That task likely extends to the 16th Air Force (Air Forces Cyber), the outfit responsible for planning and conducting digital operations across U.S. European Command.
The sources said Cyber Command itself has begun compiling a “risk assessment” for Hegseth, a report that acknowledges the organization received his order, lists what ongoing actions or missions were halted as a result of the decision and details what potential threats still emanate from Russia.
The implications of Hegesth’s guidance on the command’s personnel is uncertain. If it applies to its digital warriors focused on Russia, the decision would only affect hundreds of people, including members of the roughly 2,000 strong Cyber National Mission Force and the Cyber Mission Force. That is collectively made up of 5,800 personnel taken from the armed services and divided into teams that conduct offensive and defensive operations in cyberspace. It is believed a quarter of the offensive units are focused on Russia.
However, if the guidance extends to areas like intelligence and analysis or capabilities development, the number of those impacted by the edict grows significantly. The command boasts around 2,000 to 3,000 employees, not counting service components and NSA personnel working there. The organizations share a campus at Fort Meade, Maryland.
Hegseth’s instruction comes at a time when Cyber Command is struggling to staff up to target Mexican drug cartels, eight of which the administration formally labeled as terrorist groups. Trump officials have advocated for military action against cartel figures and infrastructure to stem the flow of drugs across the border.
A command spokesperson deferred a request for comment to the Pentagon.
In a statement, a senior Defense official said, “Due to operational security concerns, we do not comment nor discuss cyber intelligence, plans, or operations. There is no greater priority to Secretary Hegseth than the safety of the Warfighter in all operations, to include the cyber domain.”
Effects on Ukraine?
Outside of internal challenges, the order could derail some of the command’s most high-profile missions involving a top U.S. digital adversary, including in Ukraine.
The command sent “hunt forward” teams to Kyiv in the run-up to the Kremlin’s assault to harden its digital defenses. It has since paid close attention to how Moscow uses its digital capabilities, especially for intelligence purposes.
Russia is also a bastion for cybercrime, with state-linked and criminal ransomware actors striking targets around the globe. The command has become a key player in countering the malicious activity.
In addition, the stand-down order could expose private sector entities in the U.S. and around the world to greater risk if the command is not keeping Moscow’s intelligence and military services, which both feature notorious hacker groups, at bay.
Late last year Microsoft found Russia’s Foreign Intelligence Service (SVR) had targeted government employees and others in dozens of countries to gain access to their devices and systems.
Updated 5:27pm EST with a comment from a senior Defense official.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.