And every other kind of attack.
Cui Bono?
The Trump administration has publicly and privately signaled that it does not believe Russia represents a cyber threat against US national security or critical infrastructure, marking a radical departure from longstanding intelligence assessments.
The shift in policy could make the US vulnerable to hacking attacks by Russia, experts warned, and appeared to reflect the warming of relations between Donald Trump and Russia’s president, Vladimir Putin.
Two recent incidents indicate the US is no longer characterizing Russia as a cybersecurity threat.
Liesyl Franz, deputy assistant secretary for international cybersecurity at the state department, said in a speech last week before a United Nations working group on cybersecurity that the US was concerned by threats perpetrated by some states but only named China and Iran, with no mention of Russia in her remarks. Franz also did not mention the Russia-based LockBit ransomware group, which the US has previously said is the most prolific ransomware group in the world and has been called out in UN forums in the past. The treasury last year said LockBit operates on a ransomeware-as-service model, in which the group licenses its ransomware software to criminals in exchange for a portion of the paid ransoms.
In contrast to Franz’s statement, representatives for US allies in the European Union and the UK focused their remarks on the threat posed by Moscow, with the UK pointing out that Russia was using offensive and malicious cyber-attacks against Ukraine alongside its illegal invasion.
“It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia and it’s delusional to think this will turn Russia and the FSB [the Russian security agency] into our friends,” said James Lewis, a veteran cyber expert formerly of the Center for Strategic and International Studies think tank in Washington. “They hate the US and are still mad about losing the cold war. Pretending otherwise won’t change this.”
The US policy change has also been established behind closed doors.
A recent memo at the Cybersecurity and Infrastructure Security Agency (Cisa) set out new priorities for the agency, which is part of the Department of Homeland Security and monitors cyber threats against US critical infrastructure. The new directive set out priorities that included China and protecting local systems. It did not mention Russia.
A person familiar with the matter who spoke to the Guardian on the condition of anonymity said analysts at the agency were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency.
The person said work that was being done on something “Russia-related” was in effect “nixed”.
“Russia and China are our biggest adversaries. With all the cuts being made to different agencies, a lot of cybersecurity personnel have been fired. Our systems are not going to be protected and our adversaries know this,” the person said.
The person added: “People are saying Russia is winning. Putin is on the inside now.”
The New York Times has separately reported that the Trump administration has also reassigned officials at Cisa who were focused on safeguarding elections from cyber-attacks and other attempts to disrupt voting.
Another person who previously worked on US joint task forces operating at elevated classification levels to track and combat Russian cyber threats said the development was “truly shocking”.
“There are thousands of US government employees and military working daily on the massive threat Russia poses as possibly the most significant nation state threat actor. Not to diminish the significance of China, Iran or North Korea, but Russia is at least on par with China as the most significant cyber threat,” the person said.
The person added:“There are dozens of discrete Russia state-sponsored hacker teams dedicated to either producing damage to US government, infrastructure and commercial interests or conducting information theft with a key goal of maintaining persistent access to computer systems.”
- The Justice Department last year unsealed charges against four Russian hackers over cyberattacks, including one on a breach of business systems at the Wolf Creek Nuclear Operating Corporation in Burlington, Kan.
- U.S. nuclear regulators have suffered cyberattacks. An internal investigation at the Nuclear Regulatory Commission (NRC) found the agency had been hacked three times between 2010 and 2013. The landmark SolarWinds hack led to compromised systems at the Department of Energy and its National Nuclear Security Administration (NNSA) in 2020. In 2005, hackers made off with information about 1,500 NNSA employees.
- Perhaps the most recent incident, aside from the targeting of national laboratories, came last summer when Russian hackers mounted an “unprecedented,” “major” attack on the website of Ukrainian state nuclear operator Energoatom, the company said. A top Ukrainian official had said earlier in the Russian war that its nuclear power stations were “well protected.”
Trump needs Russia to help him maintain the green shoots of his dictatorship. The United Oblasts of West Russia. https://bylinetimes.com/2025/02/21/donald-trump-was-recruited-by-the-kgb-under-codename-krasnov-claims-former-soviet-spy-chief/