The Pentagon just hit pause on U.S. cyber strikes against Russia, and the cybersecurity world isn’t happy.
Defense Secretary Pete Hegseth’s directive to U.S. Cyber Command froze offensive operations, leaving some experts wondering: Is this a high-stakes strategic chess move or a glaring security risk?
Some cybersecurity pros said they see trouble ahead.
“This isn’t just another policy shift — it’s a potential game-changer,” wrote Johnathan Lightfoot, cybersecurity consultant and president of Symbiont. He warned that the move could “embolden Russian ransomware groups” and weaken deterrence.
Others, like Oscar Wijsman, international lead of AI and data science with the Netherlands Police, aren’t mincing words: “Russia is a bastion for cybercrime.”
He argued that without U.S. pressure, Moscow-backed hackers will have free-rein to target the private sector.
The real-world risk of halting US offensive ops against Russia
For cybersecurity teams, this isn’t just a Washington power move — it’s a shift that could hit networks hard. Sources said Cyber Command halted digital countermeasures. With a quarter of its offensive teams normally focused on Russia, that means fewer disruptions to state-backed hackers, cybercriminal syndicates and disinformation campaigns.
More concerning: Analysts with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) were reportedly told to stop tracking Russian threats altogether. One source told The Guardian: “Putin is on the inside now.”
Meanwhile, Microsoft and others warn that Russian intelligence units are escalating attacks on government agencies worldwide.
Jason Kikta, a former Cyber Command official, warned that halting offensive operations against Russia could have lasting consequences for U.S. cyber capabilities.
“If a planning pause was also directed, that could cause offensive options to become stale and therefore nonviable,” he told CNN.
Cyber operations require constant access and updates — without them, the U.S. risks losing its foothold in Russian networks, potentially weakening its ability to track and counter cyber threats.
Meanwhile, a senior U.S. defense official defended the decision, framing it as a risk-management move rather than a retreat.
“Due to operational security concerns, we do not comment nor discuss cyber intelligence, plans, or operations,” the official told NBC News. “There’s no greater priority to Secretary Hegseth than the safety of the warfighter in all operations, to include the cyber domain.”
The statement suggested the stand-down may be part of a broader strategy shift, prioritizing diplomatic maneuvering over immediate cyber deterrence. The move is seen to align with Trump’s broader effort to build goodwill with Moscow as his administration seeks to broker a negotiated settlement in Ukraine, potentially using the cyber stand-down as a diplomatic concession to encourage Russian cooperation.
Is Cyber Command stand-down a high-stakes diplomatic gamble?
John Bambenek, president at Bambenek Consulting, said like any major gamble, it depends on if it pays off. If the end result months from now is significantly reduced ransomware hitting hospitals, then the industry will view it as a big win, he said.
“It will also depend on how long this guidance is in place,” said Bambenek. “The good news is that it’s pretty immediate to rescind and go back to the status quo. Right now, it really depends on whether Russia views this as a ‘free hits’ policy, or they use it for diplomatic rapprochement.”
Bambenek added that if the Hegseth directive remains in place and Russia’s attack behavior doesn’t change — or gets worse — then absolutely, commercial security vendors will need to pick up the slack here and, at least in the United States. “There’s a great deal of civilian APT researchers, so we have the talent and tools to do so, even if not ideal.”
Morgan Wright, a senior fellow at the Center for Digital Government, said the move by Hegseth is only an olive branch that entices Russia into a negotiating position. Wright added that the difference between a kinetic response and cyber is the difference between moving soldiers and munitions as opposed to a few clicks of the keyboard.
“Cyber can be rapidly restarted,” said Wright. “That being said, this was not done without the express authority of President Trump. This could also be a pressure tactic against [Ukranian] President [Volodymyr] Zelensky to modify his behavior and push for peace. The best Ukraine could hope for is a stalemate, but they might quickly lose that if Russia keeps pouring more soldiers and resources into Ukraine. Secretary Hegseth’s directive is likely one of several gambits the USA is using to create the conditions for an initial cease-fire.”
History shows that the nation's cyber strategy matters
U.S. cyber strategy has always been about deterrence. During the Obama years, officials secretly authorized planting cyber weapons in Russian infrastructure, pre-positioned for potential retaliation. That capability took years to develop. If it’s now abandoned, experts said the U.S. risks losing its foothold inside Russian networks — weakening intelligence and leaving critical infrastructure more exposed.
Kikta, the former Cyber Command official, spelled it out to CNN: “If a planning pause was also directed, that could cause offensive options to become stale and therefore nonviable.” In short: once access is lost, it’s tough to regain.
While Cyber Command was ordered to stand down, other government agencies may still engage in offensive cyber operations under different authorities.
The NSA’s Tailored Access Operations (TAO) unit conducts cyber-espionage and could continue penetrating Russian networks for intelligence gathering, which can sometimes include disruptive actions.
The CIA’s Center for Cyber Intelligence (CCI) has the capability to launch covert cyber operations against foreign adversaries, often under broader national security directives.
Additionally, law enforcement agencies like the FBI, working with international partners, may still take action against Russian cybercriminal groups through botnet takedowns, infrastructure seizures and targeted arrests.
What the cyber pros say on stand-down of offensive operations
For chief information security officers (CISOs) and cybersecurity teams, this means two things: brace for impact and recalibrate defenses.
Without active deterrence, U.S. critical infrastructure and private companies could face more aggressive cyber threats, so security teams should review incident response plans, threat intel feeds, and offensive security postures.
Trey Ford, CISO at Bugcrowd, said pausing any operation, by definition, is an interruption to efforts with mountains of energy, investment and human capital flow halted. Ford explained that reconnaissance and operational monitoring is a continuous effort, where missed changes can have varying levels of impact to the mission.
“Changes in targets, shifts in infrastructure, or loss of access could lead to discovery or disruption of infrastructure,” said Ford. “Any cessation of [computer network attack] CNA and [computer network exploitation] CNE efforts is to be expected while diplomatic efforts are underway in the public sphere, and the hope is that those paused attack and exploitation efforts will be mirrored by our Russian counterparts.”
He added that all public and private sector defensive and monitoring capabilities will be operating at full speed. “We will all watch closely for shifts from our counterparts,” he said.
The White House has yet to clarify whether this stand-down is temporary or a broader policy shift.
