Several news outlets reported that the United States was putting a pause on Department of Defense cyber operations against Russia.  This edict allegedly impacts Cyber Command’s ongoing or current cyber operations.  Per reporting, the Secretary of Defense gave the directive to General Timothy Haugh, the U.S. Cyber Command (CYBERCOM) director.  However, the order does not apply to the National Security Agency’s cyber espionage activities, and traditional SIGINT mission.  Many news outlets reported the same story, although the information came from three unnamed sources, certainly calling into question the motives behind such a disclosure, and even if it is 100% true or not.  One thing that the past 12 years have shown is that the U.S. government is politically bifurcated, and individuals have been prone to support their own ideologies over the Administration in power.

A day after the story broke, the Pentagon immediately denied these allegations, putting out an official statement on the matter.  The Cybersecurity and Infrastructure Agency confirmed what the Pentagon said, citing no change in posture pursuing cyber threats from Russia.  Regardless of if this is true or just spin control, the irresponsible exposure of this temporary policy position is a familiar undertaking from government officials when they do not like the polices of an Administration, showing their willingness to expose classified or at least confidential information for their own purposes.  It would appear that the preservation of such information is on a case-by-case basis depending on where one’s moral compass points.

Therefore, it is no surprise that in the politically charged environment that the United States finds itself in that the opposing political party is immediately seizing on this alleged disclosure to push a political angle.  Lawmakers have cited a need for Secretary of Defense testimony on how this would not only impact U.S. security, but the security of U.S. allies.  The Senate Democrat leader has called the move a “strategic mistake,” and using this story to further push a weary narrative that the current Administration is soft on Russia, without having the privilege of knowing the mechanisms behind such a move, or insight into the greater objective of pursuing this avenue, if it is in fact true.  Criticism has come from other sources as well including a former NSA/CYBERCOM official who called the move “ludicrous” and admitted that he was concerned about the current president trying to “normalize” relations with Russia.  Still, this seems to be a critique born out of furthering geopolitical tensions rather than trying to resolve them.  The official even acknowledged that the president often puts out ideas to gauge reactions.

A suspension of cyber operations does not immediately equate to bowing before Russia or putting at risk the United State’s cybersecurity.  Intelligence is a non-stop endeavor, and though the United States may elect to pull back the reigns on its hunt forward operations against Russia, it can still exploit networks for intelligence gain or even create accesses for future use.  Since Haugh heads both CYBERCOM and the NSA, it is not as if the United States is standing down in tototo the Russian cyber threat.  After all, one of the reasons for the dual hatted nature is that NSA supports CYBERCOM in these types of operations, presumably by supplying intelligence and any other access that CYBERCOM operators presumably can’t attain on their own.  So while CYBERCOM allegedly would halt its planning against targets, NSA could presumably continue its cyber missions and even future attack planning, accordingly.  Nothing is truly lost.

The clamor over this story is a further testament of chasing a shiny object without understanding what it is or why it gleams the way it does.  Jason Kikta, a former CYBERCOM official who helped designed and manage national counter advanced persistent threat and counter ransomware missions, admitted on the record that it was not uncommon for the Department of Defense to briefly halt activities – including cyber operations – which could potentially sabotage important priority negotiations.  While he acknowledged that any extensive pause could have adverse effects on U.S. offensive operations in the long term, it is doubtful that the United States would stop them in perpetuity, especially given Russia’s track record of using cyberspace to further its own objectives.  However, if a pause helps end the fighting in Ukraine, then it certainly seems to be a logical and prudent move to save lives and end the threat of continued global conflict.  Besides, should negotiations fall through, offensive operations could promptly pick up where they left off.

Moreover, there is every indication that this would not limit NATO’s cyber mission, which is to first and foremost defend NATO networks.  As stated in one commentary, NATO’s intelligence sharing mission goes unchanged, and the United States is not the sole offensively cyber capable nation in the Alliance.  Any impact would no doubt be felt by Ukraine, but if the idea is to end – not perpetuate the war – then U.S.-Ukraine “hunt forward” operations would obviously have to stop.  That is not to say another capable European country couldn’t step forward with offensive cyber help.

So, it might be prudent to see what happens before projecting the worst-case scenario and conveying the message that any reduction in offensive cyber operations would be immediately consequential for the United States’ public and private sectors.  Supposedly, the Secretary of Defense ordered a risk assessment on the outcome should cyber missions cease, and how that would potentially affect active Russian cyber threats.  That seems to be a pragmatic approach especially when trying to solve global disputes that may require other concessions to be made in order to achieve a greater strategic objective.  If this cyber dial down is instrumental in ending the Ukraine conflict, the United States can take pride in two achievements: one, that its cyber operations are effective and viable in influencing a state’s behavior, and two, that Washington did what it needed to do to help end a four-year war for the purposes of global peace and stability.

How this shapes up remains to be seen as media outlets jockey to break news, often without context or understanding of the bigger picture.  But one thing is certain: the United States would not temporarily cease cyber operations against Russia without a specific goal in mind, and even that would likely come with a series of preset conditions. Media speculation without insight into the greater strategic plan only fuels paranoia which needlessly stokes fear, uncertainty, and doubt in the public. One would think that with all the reports of Russia’s penchant to sow discord during geopolitical tensions, that would be exactly the type of information dissemination a fair media would want to avoid.

Additional Resources

OODA Network on Conflicting Reports on U.S. Offensive Cyber Operations Directed at Russia

OODA Weekly Dispatch: RSA Networking, Quantum Advancements, and U.S. Offensive Cyber Ops