Trump administration retreats in fight against Russian cyber threats

The Trump administration has publicly and privately signaled that it does not believe Russia represents a cyber threat against US national security or critical infrastructure, marking a radical departure from longstanding intelligence assessments.

The shift in policy could make the US vulnerable to hacking attacks by Russia, experts warned, and appeared to reflect the warming of relations between Donald Trump and Russia’s president, Vladimir Putin.

Two recent incidents indicate the US is no longer characterizing Russia as a cyber security threat.

Liesyl Franz, deputy assistant secretary for international cybersecurity at the state department, said in a speech last week before a United Nations working group on cyber security that the US was concerned by threats perpetrated by some states but only named China and Iran, with no mention of Russia in her remarks. Franz also did not mention the Russia-based LockBit ransomware group, which the US has previously said is the most prolific ransomware group in the world and has been called out in UN forums in the past. The treasury last year said LockBit operates on a ransomeware-as-service model, in which the group licenses its ransomware software to criminals in exchange for a portion of the paid ransoms.

In contrast to Franz’s statement, representatives for US allies in the European Union and the UK focused their remarks on the threat posed by Moscow, with the UK pointing out that Russia was using offensive and malicious cyber attacks against Ukraine alongside its illegal invasion.

“It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia and it’s delusional to think this will turn Russia and the FSB (the Russian security agency) into our friends,” said James Lewis, a veteran cyber expert formerly of the Center for Strategic and International Studies think tank in Washington. “They hate the US and are still mad about losing the cold war. Pretending otherwise won’t change this.”

The US policy change has also been established behind closed doors.

A recent memo at the Cybersecurity and Infrastructure Security Agency (Cisa) set out new priorities for the agency, which is part of the Department of Homeland Security and monitors cyber threats against US critical infrastructure. The new directive set out priorities that included China and protecting local systems. It did not mention Russia.

A person familiar with the matter who spoke to the Guardian on the condition of anonymity said analysts at the agency were verbally informed that they were not to follow or report on Russian threats, even though this had previously been a main focus for the agency.

The person said work that was being done on something “Russia-related” was in effect “nixed”.

“Russia and China are our biggest adversaries. With all the cuts being made to different agencies, a lot of cyber security personnel have been fired. Our systems are not going to be protected and our adversaries know this,” the person said.

The person added: “People are saying Russia is winning. Putin is on the inside now.”

The New York Times has separately reported that the Trump administration has also reassigned officials at Cisa who were focused on safeguarding elections from cyberattacks and other attempts to disrupt voting.

Another person who previously worked on US Joint Task Forces operating at elevated classification levels to track and combat Russian cyber threats said the development was “truly shocking”.

“There are thousands of US government employees and military working daily on the massive threat Russia poses as possibly the most significant nation state threat actor. Not to diminish the significance of China, Iran, or North Korea, but Russia is at least on par with China as the most significant cyber threat,” the person said.

The person added:“There are dozens of discrete Russia state-sponsored hacker teams dedicated to either producing damage to US government, infrastructure, and commercial interests or conducting information theft with a key goal of maintaining persistent access to computer systems.”

Cisa and the State Department did not respond to the Guardian’s requests for comment.

The change is not entirely surprising, given that the Trump administration has made it clear that it is seeking to make amends with Moscow. Earlier this week at the United Nations, the US voted with Russia against an EU-Ukrainian resolution that condemned Russia on the third anniversary of Russia’s invasion of Ukraine.

“The US has long assessed Russia, China and Iran as leaders in cyberthreats. To see a US representative in an international setting erase Russia’s role altogether comes as a bit of a shock – though consistent with the sudden US alignment with Russia and its satellites on the global stage,” said Scott Horton, an American lawyer who previously worked in Moscow and advised Russian human rights advocates.

The US has long warned that Russia posed a cyber threat to US infrastructure, including in the annual threat assessment published by US intelligence agencies last year. The report stated that Russia posed an “enduring global cyber threat” even as it has prioritized cyber operations against Ukraine. Moscow, the report concluded, “views cyber disruptions as a foreign policy lever to shape other countries’ decisions and continuously refines and employs its espionage, influence and attack capabilities against a variety of targets”. Russia was able to target critical infrastructure, industrial control systems, in the US and in allied and partner countries.

Few lawmakers have previously been as outspoken on the issue as Marco Rubio when he was still a Florida senator. In 2020, as chairman of the Senate intelligence committee, Rubio – who now serves as Trump’s secretary of state – said the US would retaliate for a massive and ongoing cyberattack that had compromised companies and federal agencies, including the energy department’s National Nuclear Security Administration. At the time he said the attacks were “consistent with Russian cyber operations”.

But there was no sign of that kind of rebuke from Franz, who now reports to Rubio at the state department. The change in language at the recent UN speech was not only remarkable for omitting Russia and LockBit, said Valentin Weber, senior research fellow at the German Council on Foreign Relations, but also for leaving out any mention of allies and partners.

“For a quarter century Putin’s Russia pushed an autocratic agenda in the UN cybersecurity negotiations, while engaging in nonstop cyberattacks and information operations around the world, and the US and other democracies pushed back,” said William Drake, director of international studies at the Columbia Institute for Tele-Information in Columbia Business School. “But now the Trump administration has abandoned the liberal international order… [and] the US is no longer a global power trying to maintain an open and rules-based international system, it’s just a great power with narrower self-interests that happen to be impacted by China’s cyberattacks.”

Do you have a tip on this story? Please message us on Signal at +1 646 886 8761