Hobbling US Cyber Command unduly sacrifices national security
Plus, the challenges with halting offensive cyber operations
Update 3/11/25 — Kim Zetter did some great work following this story, including once the DoD denied reports that US Cyber Command cyber operations were suspended against Russia. While the DoD continues to deny the reporting, the Washington Post stands by it, with the caveat that the order was to stand down on any cyber actions BELOW the level of “use of force”, and that in some way that would not put national security at risk.
Here’s the problem - as we talk about below, cyber operations are useful for things like espionage (below the use of force), which can be especially valuable for negotiations. Cyber operations are also not point in time - it can take a lot of time and tending to preposition, which is below the level of use of force. Scrapping that activity is a huge waste and will affect national security. Everything we discuss below remains relevant.
Much of the US military operates under joint operations, which integrate personnel from multiple branches to ensure the military apparatus is maximally aligned, coordinated, and effective when achieving various objectives. US Cyber Command is one such unified combatant command - it integrates personnel across all military branches. This is very valuable and part of why the US is so effective when it comes to offensive cyber operations: coordination and timing are two of the most important factors in success.
US Cyber Command also operates under a dual-hat arrangement with the NSA. They share facilities and personnel, and align on operational goals. Case in point, the leadership for both:
Who is the director of the NSA? General Timothy D Haugh.
Who is the Commander of US Cyber Command? General Timothy D Haugh.
If US Cyber Command gets an order to stop operations, it affects far more than just one group... it affects the ones it is integrated with as well. Orders that affect the one affect many, which can threaten the stability of the US intelligence apparatus. This leads us to this week’s big news.
What happened: US Defense Secretary Pete Hegseth told US Cyber Command to stop offensive cyber operations towards Russia. This is a downright shocking turn of events, as Russia is one of the biggest threats and rivals to the US in the cyber domain. According to data on cyber operations from the Council on Foreign Relations, over 15% of cyberattacks attributed to Russia targeted the US government or military between 2020 to 2024.
Take note: This directive was reportedly initiated prior to the White House meeting with President Zelenskyy, which was widely accepted as a disaster. Still, the most likely explanation for the pause is to aid in negotiations with Russia over the potential end to the war in Ukraine. However, this is a poor bargaining chip to cash in for three reasons:
Halting offensive cyber operations is no trivial task. During an offensive cyber operation, it often takes months of effort to find a way into a target and establish a foothold, known as prepositioning. That's before they even execute an attack. Further, maintaining that access, especially covertly, requires active effort and tending. Burning those assets is not only foolish, it’s also a massive waste of human and financial resources that will take a long time to recover.
Espionage helps with diplomacy. One of the most common goals of offensive cyber operations in the US (and any country, really) is espionage. Espionage has many uses, including diplomatic ones — a nation that understands a rivals intent, needs, and goals has better negotiating power. Stopping our military apparatus from collecting information relevant to what Russia’s goals are, how it plans to approach negotiations, and where its current weaknesses are leaves us blind diplomatically during negotiations.
Cyber offense and defense are irrevocably intertwined. US Cyber Command is both an offensive and defensive organization, and it follows the principles of Defend Forward and Persistent Engagement. For example, defending forward can mean actively disrupting adversaries before an attack occurs, which is considered an offensive cyber capability, but done for defensive reasons. Another example is intelligence gathering, which is core to a strong defense, but often happens through offensive operations. Stopping US Cyber Command from offensive operations against one of its biggest rivals directly contradicts the principles by which it operates defensively to protect Americans.
The question that remains unanswered is this: how does stopping offensive cyber operations against Russia help US interests?
It doesn't. It cannot better position the US to negotiate a peace deal between Russia and Ukraine.
Even if it could, blocking a key part of the US military intelligence apparatus to negotiate an end to a war - especially the war of another sovereign nation - is an undue sacrifice to US national security. It prevents the US from gathering valuable intelligence to identify potential attacks from enemy nations. It prevents the US from shutting down cyberattacks from enemy nations before the attack affects US infrastructure. It does nothing but put American lives at risk.
I want to hear your perspective!
⬇️⬇️⬇️ Share a comment with me below. ⬇️⬇️⬇️
This is such a huge concession and a terrible move politically. It opens the administration up to a ton of criticism and I’m surprised democrats are not jumping on this as sign of weakness.