The Trump administration has taken a significant turn in its cybersecurity strategy, raising alarms among experts and analysts. Abandoning the well-established liberal international order, the US is no longer positioning itself as the global guardian of an open, rules-based system. Instead, it now operates as a great power with narrower self-interests, particularly those influenced by China's cyberattacks. This shift comes on the heels of recent incidents indicating that the United States is no longer portraying Russia as a primary cybersecurity threat.
Historically, the United States has assessed Russia, China, and Iran as leading sources of cyber threats. However, two recent developments suggest a departure from this stance concerning Russia. One such incident involves a memo from the Cybersecurity and Infrastructure Security Agency (CISA), which outlines new priorities for the agency. Notably absent from these priorities is any mention of Russian threats, despite Russia being considered one of the biggest adversaries of the US alongside China.
“For a quarter century Putin’s Russia pushed an autocratic agenda in the UN cybersecurity negotiations, while engaging in nonstop cyberattacks and information operations around the world, and the US and other democracies pushed back,” William Drake, director of international studies at the Columbia Institute for Tele-Information in Columbia Business School.
The decision to downplay the Russian cyber threat appears to reflect warming relations between President Donald Trump and Russian President Vladimir Putin. This shift has been established behind closed doors and is not entirely unexpected, considering recent US actions. For instance, the US voted alongside Russia against an EU-Ukrainian resolution condemning Russia on the anniversary of its invasion of Ukraine.
“There are thousands of US government employees and military working daily on the massive threat Russia poses as possibly the most significant nation state threat actor," a person who previously worked on US Joint Task Forces operating at elevated classification levels to track and combat Russian cyber threats.
Despite prior assessments labeling Russia as a substantial threat to US national security and critical infrastructure, recent directives have redirected focus away from Russia. Analysts at CISA have been instructed not to follow or report on Russian threats, a significant departure from previous practices where Russian activities were a main focus for the agency.
“It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia and it’s delusional to think this will turn Russia and the FSB (the Russian security agency) into our friends,” James Lewis, a veteran cyber expert formerly of the Center for Strategic and International Studies think tank in Washington.
The implications of this policy shift could be severe. Experts warn that neglecting the Russian threat might leave the US vulnerable to hacking attacks. Russia has demonstrated capability in targeting critical infrastructure and industrial control systems within the US and allied nations. The annual threat assessment by US intelligence agencies has long highlighted these risks.
“Russia and China are our biggest adversaries. With all the cuts being made to different agencies, a lot of cyber security personnel have been fired. Our systems are not going to be protected, and our adversaries know this,” a person familiar with the matter who spoke to the Guardian on the condition of anonymity.
This strategic pivot could embolden Russian state-sponsored hacker teams dedicated to damaging US government interests or conducting information theft. These teams aim to maintain persistent access to American computer systems, posing ongoing threats to national security.
“There are dozens of discrete Russia state-sponsored hacker teams dedicated to either producing damage to US government, infrastructure, and commercial interests or conducting information theft with a key goal of maintaining persistent access to computer systems,” a person who previously worked on US Joint Task Forces operating at elevated classification levels to track and combat Russian cyber threats.
The changes in US policy are not entirely surprising given President Trump's overtures toward amending relations with Moscow. However, this adaptation raises questions about America's ability to defend its critical infrastructure against potential Russian cyber incursions.
“But now the Trump administration has abandoned the liberal international order… [and] the US is no longer a global power trying to maintain an open and rules-based international system, it’s just a great power with narrower self-interests that happen to be impacted by China’s cyberattacks.” William Drake, director of international studies at the Columbia Institute for Tele-Information in Columbia Business School.